52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56

max time kernel
1110s
max time network
1206s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fucker script.exe
Size

104KB
MD5

db0655efbe0dbdef1df06207f5cb5b5b
SHA1

a8d48d5c0042ce359178d018c0873e8a7c2f27e8
SHA256

52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
SHA512

5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
SSDEEP

1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

Score

6^/10

collection

Malware Config

Signatures

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	OUTLOOK.EXE
Key queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	OUTLOOK.EXE

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3577EBD1-5ED5-11ED-9ECC-C253C434FFA8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Docked = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D869381-5ED6-11ED-9ECC-C253C434FFA8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Docked = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LinksExplorer\LinksType = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03C926C1-5ED6-11ED-9ECC-C253C434FFA8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	helppane.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000000000000200000001000000ffffffff	helppane.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 = 14001f44471a0359723fa74489c55595fe6b30ee0000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\MRUListEx = 00000000ffffffff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\MRUListEx = ffffffff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	helppane.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000000000000200000001000000ffffffff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0400000003000000000000000200000001000000ffffffff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = 00000000ffffffff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0 = 6a003100000000002155f56b10004d4943524f537e310000520008000400efbe2155f56b2155f56b2a0000002c3e00000000040000000000000000000000000000004d006900630072006f0073006f0066007400200057006500620073006900740065007300000018000000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\NodeSlot = "5"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings	helppane.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	helppane.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0 = 200000001a00eebbfe230000100061f77717ad688a4d87bd30b759fa33dd00000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 64 IoCs

pid	Process
1976	OUTLOOK.EXE
1384	vlc.exe
1152	vlc.exe
2484	vlc.exe
2584	vlc.exe
2928	vlc.exe
2092	vlc.exe
3528	vlc.exe
3652	vlc.exe
4000	vlc.exe
4332	vlc.exe
4416	vlc.exe
4644	vlc.exe
4832	vlc.exe
3748	vlc.exe
4120	vlc.exe
4264	vlc.exe
4288	vlc.exe
4296	vlc.exe
3644	vlc.exe
5252	vlc.exe
5704	vlc.exe
5860	vlc.exe
6044	vlc.exe
6052	vlc.exe
6028	vlc.exe
6060	vlc.exe
5552	vlc.exe
5528	vlc.exe
6316	vlc.exe
6328	vlc.exe
6644	vlc.exe
1020	vlc.exe
6300	vlc.exe
6960	vlc.exe
2984	vlc.exe
7196	vlc.exe
7220	vlc.exe
7320	vlc.exe
7652	vlc.exe
7820	vlc.exe
7312	vlc.exe
7904	vlc.exe
6908	vlc.exe
7504	vlc.exe
5748	vlc.exe
6428	vlc.exe
8852	vlc.exe
8840	vlc.exe
9652	vlc.exe
9616	vlc.exe
10128	vlc.exe
4460	vlc.exe
5504	vlc.exe
9624	vlc.exe
10532	vlc.exe
10280	vlc.exe
10884	vlc.exe
9508	vlc.exe
4864	vlc.exe
12044	vlc.exe
8496	vlc.exe
11776	vlc.exe
13148	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
696	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 64 IoCs

pid	Process
1152	vlc.exe
1384	vlc.exe
2484	vlc.exe
2584	vlc.exe
2928	vlc.exe
2092	vlc.exe
3528	vlc.exe
3652	vlc.exe
4000	vlc.exe
4332	vlc.exe
4416	vlc.exe
4644	vlc.exe
4832	vlc.exe
3748	vlc.exe
4120	vlc.exe
4264	vlc.exe
4288	vlc.exe
4296	vlc.exe
3644	vlc.exe
5252	vlc.exe
5704	vlc.exe
5860	vlc.exe
6044	vlc.exe
6060	vlc.exe
6028	vlc.exe
6052	vlc.exe
5528	vlc.exe
5552	vlc.exe
6316	vlc.exe
6328	vlc.exe
1196	iexplore.exe
6644	vlc.exe
1020	vlc.exe
6300	vlc.exe
6960	vlc.exe
2984	vlc.exe
7196	vlc.exe
7220	vlc.exe
7320	vlc.exe
7652	vlc.exe
7820	vlc.exe
7312	vlc.exe
7904	vlc.exe
3952	rundll32.exe
6908	vlc.exe
7504	vlc.exe
5748	vlc.exe
6428	vlc.exe
8840	vlc.exe
8852	vlc.exe
9616	vlc.exe
9652	vlc.exe
10128	vlc.exe
4460	vlc.exe
9624	vlc.exe
5504	vlc.exe
10532	vlc.exe
10280	vlc.exe
10884	vlc.exe
9508	vlc.exe
4864	vlc.exe
12044	vlc.exe
8496	vlc.exe
11776	vlc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: 33	3808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3808	AUDIODG.EXE
Token: 33	3808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3808	AUDIODG.EXE
Token: SeTakeOwnershipPrivilege	4548	helppane.exe
Token: SeTakeOwnershipPrivilege	4548	helppane.exe
Token: SeTakeOwnershipPrivilege	4548	helppane.exe
Token: SeTakeOwnershipPrivilege	4548	helppane.exe
Token: 33	11536	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	11536	AUDIODG.EXE
Token: 33	11536	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	11536	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1196	iexplore.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1384	vlc.exe
1152	vlc.exe
2484	vlc.exe
1384	vlc.exe
2584	vlc.exe
1152	vlc.exe
2484	vlc.exe
2584	vlc.exe
1196	iexplore.exe
856	iexplore.exe
2928	vlc.exe
2928	vlc.exe
1384	vlc.exe
1152	vlc.exe
2584	vlc.exe
2484	vlc.exe
2928	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
880	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
3528	vlc.exe
3528	vlc.exe
3528	vlc.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1384	vlc.exe
1152	vlc.exe
2484	vlc.exe
1384	vlc.exe
2584	vlc.exe
1152	vlc.exe
2484	vlc.exe
2584	vlc.exe
2928	vlc.exe
2928	vlc.exe
2092	vlc.exe
2092	vlc.exe
3528	vlc.exe
3528	vlc.exe
3652	vlc.exe
3652	vlc.exe
4000	vlc.exe
4000	vlc.exe
4332	vlc.exe
4332	vlc.exe
4416	vlc.exe
4416	vlc.exe
4644	vlc.exe
4644	vlc.exe
4832	vlc.exe
4832	vlc.exe
3748	vlc.exe
3748	vlc.exe
4120	vlc.exe
4120	vlc.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
916	IEXPLORE.EXE
916	IEXPLORE.EXE
856	iexplore.exe
856	iexplore.exe
1384	vlc.exe
1152	vlc.exe
1976	OUTLOOK.EXE
2484	vlc.exe
1976	OUTLOOK.EXE
1976	OUTLOOK.EXE
1976	OUTLOOK.EXE
2584	vlc.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
880	iexplore.exe
880	iexplore.exe
2928	vlc.exe
2092	vlc.exe
1196	iexplore.exe
1196	iexplore.exe
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
1196	iexplore.exe
1196	iexplore.exe
3148	IEXPLORE.EXE
3148	IEXPLORE.EXE
1196	iexplore.exe
1196	iexplore.exe
916	IEXPLORE.EXE
916	IEXPLORE.EXE
3528	vlc.exe
1196	iexplore.exe
1196	iexplore.exe
3676	IEXPLORE.EXE
3676	IEXPLORE.EXE
3676	IEXPLORE.EXE
3676	IEXPLORE.EXE
1196	iexplore.exe
1196	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
3652	vlc.exe
4000	vlc.exe
1196	iexplore.exe
1196	iexplore.exe
1196	iexplore.exe
4332	vlc.exe
4416	vlc.exe
3092	IEXPLORE.EXE
3092	IEXPLORE.EXE
1196	iexplore.exe
1196	iexplore.exe
4644	vlc.exe
3148	IEXPLORE.EXE
3148	IEXPLORE.EXE
1196	iexplore.exe
1196	iexplore.exe
4832	vlc.exe
3092	IEXPLORE.EXE
3092	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 316	1400	chrome.exe	32
PID 1400 wrote to memory of 316	1400	chrome.exe	32
PID 1400 wrote to memory of 316	1400	chrome.exe	32
PID 1196 wrote to memory of 916	1196	iexplore.exe	33
PID 1196 wrote to memory of 916	1196	iexplore.exe	33
PID 1196 wrote to memory of 916	1196	iexplore.exe	33
PID 1196 wrote to memory of 916	1196	iexplore.exe	33
PID 856 wrote to memory of 1044	856	iexplore.exe	37
PID 856 wrote to memory of 1044	856	iexplore.exe	37
PID 856 wrote to memory of 1044	856	iexplore.exe	37
PID 856 wrote to memory of 1044	856	iexplore.exe	37
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 1016	1400	chrome.exe	38
PID 1400 wrote to memory of 696	1400	chrome.exe	40
PID 1400 wrote to memory of 696	1400	chrome.exe	40
PID 1400 wrote to memory of 696	1400	chrome.exe	40
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42
PID 1400 wrote to memory of 1628	1400	chrome.exe	42

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE

C:\Users\Admin\AppData\Local\Temp\fucker script.exe
"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"
1⤵
PID:1328

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:340993 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:6435841 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:668677 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:1127429 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:6304779 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:9188355 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:1913899 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2096
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:10957834 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:5692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:799788 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:5636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:7156776 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:6724
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:2044979 /prefetch:2
  2⤵
  PID:6568
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:3355683 /prefetch:2
  2⤵
  PID:6248
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:3290139 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:1782908 /prefetch:2
  2⤵
  PID:7756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:210140 /prefetch:2
  2⤵
  PID:8124
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:3355712 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:8432
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:210160 /prefetch:2
  2⤵
  PID:9500
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:3552316 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:9756
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:210174 /prefetch:2
  2⤵
  PID:9600
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:2438251 /prefetch:2
  2⤵
  PID:9272
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:2372744 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:10340
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:1586342 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:930965 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:9172
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1196 CREDAT:2700450 /prefetch:2
  2⤵
  PID:13860

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:1044

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1676 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3932 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=652 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=696 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3780 /prefetch:8
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:8440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:8468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:8492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=620 /prefetch:8
  2⤵
  PID:9524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3608 /prefetch:8
  2⤵
  PID:14112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:14240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,12678388732587121549,10264343220191173257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:9104

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
- Accesses Microsoft Outlook profiles
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- outlook_win_path
PID:1976

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2908

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:1960

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:2244

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:2428

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:2472

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2484

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2556

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2548

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:2600

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2612

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:2164

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2452

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:3100

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3108

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3384

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:3460

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3528

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x54c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3808

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:3884

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" shwebsvc.dll,AddNetPlaceRunDll
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3952

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:4000
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:4036

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3140

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
1⤵
PID:3316

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3652

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe"
1⤵
PID:1088

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:4012

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4000

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3284

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3624

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe"
1⤵
PID:2564

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe"
1⤵
PID:4272

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4304

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4332

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:4352

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4584

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4596

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:4616

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:4664

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:4804

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4832

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:4900

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4912

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4940

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:4980

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:5000

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
1⤵
PID:5052

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:3892

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3748

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:3276

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4120

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4264

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4288

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:3992

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:3624

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4896

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4988

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4996

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3908

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:4020

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4728

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:4816
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:4268

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:4192

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4296

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:3644

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:5184

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:5220

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:5240

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5252

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:5280

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:5356

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:5372

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5704

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5860

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:5996

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6008

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6028

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6044

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6052

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6060

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:5616

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:5512

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:5924

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:5320

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5528

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5552

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6164

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6212

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6228

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6236

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6268

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6284

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6316

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6328

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6476

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:6488

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:6588

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:6880

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6376

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6644

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6844

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6908

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6964

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1020

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:1884

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6300

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:6892

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6960

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:2984

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7196

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7220

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7320

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:7628

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7652

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:7668

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:7704

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7820

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:8012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:8096

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:8088

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:8180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8180 CREDAT:275457 /prefetch:2
  2⤵
  PID:7940

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7312

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:7612

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3160

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7904

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6908

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:8060
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8060 CREDAT:275457 /prefetch:2
  2⤵
  PID:5340

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:4020

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:7552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:7812

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:7624
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:2688

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2324

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7504

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:4828

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
1⤵
PID:4740

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5748

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:1752

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:2800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
  2⤵
  PID:8220

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4548

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:7156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7156 CREDAT:275457 /prefetch:2
  2⤵
  PID:8320

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2960

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6428

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:3220

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:8628

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:8800

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:8812

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:8840

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:8852

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:8908

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9344

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:9380

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:9564

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:9580

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:9588

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9616

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9652

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9708

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:9720

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9780

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:10004

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:10044

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10128

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:10196

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:9228

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9352

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:2376

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4460

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9648

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:9584

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9624

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:9596
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9596 CREDAT:275457 /prefetch:2
  2⤵
  PID:10392

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5504

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:7808

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10532

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:10560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:10568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:10588

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:10604
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:10720

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:10664

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:10672

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:10680

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:10772

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:10852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:10880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:10892

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:10900

C:\Windows\system32\SndVol.exe
SndVol.exe -f 37094226 31540
1⤵
PID:11024

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:11044

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:11104

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:11112

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:11252

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10280

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
PID:8376
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:7812

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:9476

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:10500

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:8936

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:10524

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:10672

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
1⤵
PID:10712

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:10652

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:10592

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:10856

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10884

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:11076

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:11048

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9432

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:6412

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:11056

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9508

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:11232

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4864

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:4736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4736 CREDAT:275457 /prefetch:2
  2⤵
  PID:7388

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:1844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
  2⤵
  PID:11320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:7720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,14757045876976647860,8691866766312903474,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  PID:11704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,14757045876976647860,8691866766312903474,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1312 /prefetch:8
  2⤵
  PID:11712

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:7388

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:5960

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:9444

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:11760

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12044

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:12104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:12140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12140 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:11416

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 1
1⤵
PID:12148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:12156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6504f50,0x7fef6504f60,0x7fef6504f70
  2⤵
  PID:12176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,12225397833090489585,4700248050097658455,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1084 /prefetch:2
  2⤵
  PID:11316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1072,12225397833090489585,4700248050097658455,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1384 /prefetch:8
  2⤵
  PID:11312

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:12168

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:11480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:11536

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:12136

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:12248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12248 CREDAT:275457 /prefetch:2
  2⤵
  PID:10856

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:10328

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:9144

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:9128

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:8496

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:9176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9176 CREDAT:275457 /prefetch:2
  2⤵
  PID:10600

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:10716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:10716 CREDAT:275457 /prefetch:2
  2⤵
  PID:8604

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:11776

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:3900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3900 CREDAT:275457 /prefetch:2
  2⤵
  PID:11724

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:11948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11948 CREDAT:275457 /prefetch:2
  2⤵
  PID:4276

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  PID:12532

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:12660

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:12680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12680 CREDAT:275457 /prefetch:2
  2⤵
  PID:12980

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:12692

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:12864

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:13116

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:13148

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:13248

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:12296

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:9396
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9396 CREDAT:275457 /prefetch:2
  2⤵
  PID:8188

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:10188

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:12668

C:\Windows\system32\calc.exe
"C:\Windows\system32\calc.exe"
1⤵
PID:10584

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:13048

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:11800

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:13304

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"
1⤵
PID:13560

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
PID:13812

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
PID:11200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11200 CREDAT:275457 /prefetch:2
  2⤵
  PID:2436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0681e6a92630d751e3b55cf89205c59a

SHA1
5a2ce21e73d38a450126915c38bac8729986c968

SHA256
5f8756a14e260554ac684e781331d833d1aed3a5fc7cbb5fbb604dd2bd7f19ae

SHA512
d3c613c6f0efdd6a23c4f289a40564ad213a0e0a132f7ba653d04e6f1111e1de0b08aedc1706801f356fc69ddadbd36829fa398e0853355443c7b5fe5a09f435

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a13bdb70c2c7017ea536a16118b940aa

SHA1
8495cf8b022b2efc25879e1003af9ef703a5f872

SHA256
7a44f3796f487647ced69ed07d14ea1df0d3fed975e78bd210d43509588768fe

SHA512
1b05d59d57334dc7e9843c3714fcf8a6e078e42dcd484dd84770ece56dee836b76f59e7b409d880887836be2fc13a7391bbc73bc845657f6f8f60185828ef9be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3d98e024e04e5afa1436d8fdca83fae

SHA1
e93d718b2e8e2a8c08eb599b2b8a292bc3c5f731

SHA256
663fbb3fe147b64ccc7fa874256196b2be5d7f6a470b0e46b9f17128fcb2ccc2

SHA512
d049fd0386ec19d1149d37e62e088bd8144be8ea718042bf733fab891c907b0c4fe5216fe185b4e17d5bc70e7f95567f75a761fb5df33a80667d1189722ba40c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8558bb0174b8d72af83f33a19b1bc10

SHA1
12b2c1e00b8b32903f5489a928d30086adbce77e

SHA256
0ebc902bf7ad6028edf6f8b5204d04530b3c0afa1aa59c3afc2323ad60eb4038

SHA512
ee748a76c8dc61771d12c41640da81f38a69e104042dbe7f6d4ab2e3680c7f82e462f7279b6ff868fea07aa5d9761d7cbf7038cccd0ec7fde458cc8b40e52775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25e903ed32915658b3a34d8b9b349dd6

SHA1
cccb2e1dcfffe7d74988fe31a2f27396b1cb0eb2

SHA256
a23dd274317d63b747392ff02bfffe04fcc13a6353b0d849f968c164d4eb93b9

SHA512
47d074e09676a780bdd3f8027e4d8cb73a04af1e510613bade7224c8826082b5ee9ba97a417c0a93c40daa2dbcbe84bda815618b388e928fce373373b12b99c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f91adfa870895576ed3f6f8f64a7d665

SHA1
9b2bf3238d1ba4781938f7747159cc2198f99c9c

SHA256
fd0a30bc7c94c1f900ce1a167a39cce44809166ef1995929a81b408cef1ecc96

SHA512
3447d28a4213a7e5b559c102b0f0c17d7193007372c015fef64c076d39d40fef4bfc612e69115ba89b2c6884da50ee05a5d13179a975df5ee0f7bb5d4436383c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c334af23d27ee7b507a5ef10537de804

SHA1
8d2bbbd922d7b767fe176b4aeba806670da8dfe0

SHA256
c17178576c2ffe2a2a1f5086718385f3694d077dbe4294d21b21c90781851105

SHA512
cea22abb0851809d85714b263f113174faa6a8bab377ce58ae5417cf4a0fe95d9fb5e76c977267dfbf1a55296b47da6a655a3b4b06c7c5704be27afbf1c4ac14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
153f4b7b3e93f75af6b62a3558c9ca68

SHA1
b9368e73571af266ab9791c32e5c782a185f6def

SHA256
367fcae643943e1eadd741195e969154dae9e401ddbc6564bf3b294d98224bbb

SHA512
d09fff1948f065f271c644478b006f5de69658b6c168c6c480134fe3271b4ecb05134c3496f971d3fdbbe4abf49d23a03a9c9fd40ba6fd192f95719e8b30d9be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02cc46bef31ea4e3e2a5524c808b5a75

SHA1
c86ccfdb451db1e655493cee15598849338f3634

SHA256
e14c911d413f51d893a0882b46c71c1f90571c1fd3c71a6e20b92215daf49950

SHA512
e4c9dbb87999af6d9a1cdf8b5a2efb5749107ad103020aee0a6aaee1fe379b5debce2c4c7a48df6a32aa293fe9ee90b5e8dd40f176b8cabe980ba29d6c2d5c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc44d53b2482e0f935863663df7c8b6d

SHA1
1a9f9ac75021b5a6c6e240ee891e6ebc537439a5

SHA256
fe387e96d16cd12c9131fa08e787e7a48251fb91367ef2be6f2a691b8e6d5f67

SHA512
e98d2f4b6f35f81ede2eb07374497540e6153ca07a74adc21264248842d72ea42bd3e16da6fd889c2dfb3e67825fcf1b3e1210f8b97786f719f224860cb45d27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4035e0918ad1a46a9ee6150b4648a7db

SHA1
e6f2e4714621f76b0d4f1eb0eca7f68323186a02

SHA256
8d6bb2fb594df9b1f91f4bf23c40f683973382c8a09161325fad5f7d91130e52

SHA512
1b40c1a6c0517776d305b62524b6eeb90e0fc8b386b857ce65b94003162879f2237cd9255b5c11ef9e267ee66910bb3b63dbbcabbdec6a89a387f0f78bad02f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b5f1ec2cd3246787400daf5d4fef3fb

SHA1
a68d926a1a0e66805c7c5770bf20212e2231f8c3

SHA256
8535e8d12c41fd1f15d965e9948dbc4178441908606ae3ed054974305e2d38a8

SHA512
47eea02a2b43c39c80274ead8fd2bfc68ce6a50dc102925e8ce570af51a943c377c806eb99cc8eecedca7e8a69ccdb59b789984c9f5cb518ee629f1ba6edc488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9687eadaa30c4f262d700cd3a28eca3e

SHA1
718689168cf3f1ae85ef00b2a6219aa3c448c83f

SHA256
c5ac6939ca088895b3279a93ed7f549e6234507cb35a0dd3868ab10b3d6f166e

SHA512
5287acc65ec58d4e22813e65d8da902574428b53f78988dfaabc0bfad82cee46158e102ef647c2c0ebdc9f641a13140da542a048270c5ede3e881d9df3772a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9f5dc647151a3f8cbdae3a5645eb4b0

SHA1
be7ab4580eb23f834e5648bc38eef36224277af9

SHA256
f6ad72b9bd423e692c3ffb3d29166524e529ca569f5cef8b74955a79f2e20ee6

SHA512
c675ee7fb6df2c2d3f396f2056957b1378300d4dcd2ffc6ba30ac016fab10a54a68ce262f45a8272562eb64a94183c20df5ea58a5e1a5fff4d4aaf717f3a7147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2801c006f8d3b521fe54a28f885eb85a

SHA1
71eb2119db938d298a6df27844d4ebff3684ec77

SHA256
bf0db629ea82787b923079b93ea952e916dda4d8b0089f0d45178eaa0b9a2a69

SHA512
3aef0ad02fa0b12799d1c57ba5492449975bca595d3121e2f4a1da34e05462d3404f601d08ddf470a8dfc7ff7356c6e7f660495a8e57643c51c7535b1fb395d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14c560636254f3c5a6fc8acc266f919d

SHA1
d94a1ef09f0600115fd262a2fd5c5be4f47d77fd

SHA256
5838b397a6b7c5d855b4b564b5291d0f93ed198847113b5dce26955e376941d8

SHA512
2957760f47822dbc1724beb09e14e95af1323e906cdffca31d61c5662c3bcebecb5435bdfcdd79943c9906718220cb7865cff1d36096672dc07fca1382eb1d5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e29cdaa5f95ff0577a395672d17e20db

SHA1
5e455019d38f137eb638a30c5780c010db5db2ed

SHA256
af02634870bced303b47001acf3d29e71a691fb573292672e79fb8680c0efd29

SHA512
a863ad1232e41eb2688149a52bd8cd1480e58a6c4431c4e90a187be7b6a6a06ff970c7a86032082bc58f4407532a48bead7cf750283759d0d6ed890091a39447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c59f395992b6446c7fc2c5950feecdaa

SHA1
c17e7e0ad2c32d36ca073b6033d382e144d18848

SHA256
75e1e1792bd4621518721afe3206f39c4d349b0fb64686d7957eff12664f16a2

SHA512
4c572b025c6c183f9d7e7d5e881672883d7e739f7d3118d70d78cc05ca954878e4acf2e47f461a813136fa7fb57156a8aa50e35a2cd9efa2db06e90f09970e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
486e89f84ca433465c304afe7ae25a87

SHA1
7d1c30fd7c29131a9f069cf2efdc25e91506cd66

SHA256
8e0a3ad27c052f1ba06ebf19d1d5d9f44811d4c12b06a92381c690187f9ff45b

SHA512
f4a2f83664b9b057ef4a9e02dcddf3741ff0cd87092b62b5407d2b5e067d55a4dd82f9118c0d2f3533548e0938180d869ace1594d4576f24c3d954dc10347386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aca98ce15a698077c101253168f82257

SHA1
3a1451e996f03501d507a784c9ad11af73c809e1

SHA256
22177cf063da59f4488111b2e56d96581b76fb4863a660dddf951f121ac08178

SHA512
2876aad923cbcf3df51f17b875ddfd79e8278f46dee870d73aac7a3fe1e62e844d7ee3b6fd5c8346c42dd493b962d902639a3123795eb79a56fee9f7939714eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
542848fe7a9b82ed6243eb3d6c8f52a8

SHA1
705ab0ca6d619aa2ce7ce95ea67043d1779bcea1

SHA256
4548cdb1620c4565e2bf9fab56096aacc09c39205f7871505732c2e87e914bc5

SHA512
7aa1852d6889bb39a96a19de11c4841c61c4938d0b0ca556548e5ac526dfc42cf1926acc69ff1c795bedf6e54da26085357c71c7ed70dfd414b022783d2ac6de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c622c144977e146ae4394e293e95b062

SHA1
ed5a6b8cfe567b5380de7f1e6eb7586332affe75

SHA256
267a1bcc0457bb4d8a04bfc601bb13941db229ecaaa6d4529194fbc380c0af12

SHA512
819aa6ae75e9efd7aebd72a544320bc46a7ca9de225933c0860fe0ba850f02fd154cb141f6b39ffe0dfcc9e2688438db482b7c83a0e99f0665cd4df5042b504b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2edfad75adedabcebb116c0a9929306

SHA1
2172dceb918f19c22f6ac48306c724f8b4b18158

SHA256
ced3dcc0d1aa5b6cb35c0f58e9109240ec92dcba8c4d4302b0b1368a0e5f57b2

SHA512
138c8f08b83644f2d18e64794ac2de6e7e4116a853d1a81ed65f5e3b4feef518e20037764752636eee0b1c322a42f4a23c3869492cd1a64a56e03f11c4aa1bcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9c431eb570e87222e9b2a70f93f817d

SHA1
91a5c9071a69fef0f7cf26326d3dddb33ed0fb54

SHA256
742cc4e2b92f526fdd238c1e183358572396111ab7f39dfc8899f6d86e8e2b1f

SHA512
fbae712bf393b0c69fab195aa2e74b79a3188642d0d945170bf78808d6275f74fc222dc9e8355571efd205ff5e5ba875685d6a31441c2197a95144e922fc91b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d048ee5290afdb0cc1f36b61c2e14218

SHA1
183755e504fad09f4581b2d0f752f4d0347280aa

SHA256
55e56e5e4a1a796dba715d5d74be3c8e4f8cf40148e17d4ebe4f89081887b63b

SHA512
68dfb4ab240924bb5e706a30d9ffb9224338e39028134b218830a189838e383e578d3d9d0b3e983dccd786b4099b68b978533b135e09921560afdf02821da954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b14fdba68fff45d213401cded08cf7d3

SHA1
842cc122815961ca0a460ea66ad33f24fb75e85a

SHA256
6e12eef2e3d2a01cdb3e987559db952a31d68fd91ca2c993f03d919aba319b75

SHA512
62daffc5902feeee1f05b196d265e7d36dca850014872f7f6f5c9fe3a1083da35bbf8008cf0fd8e0efbbed532edaf01e1123fcd83364da22ca3ce09c6d0edfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fc80069047253d14d66fd16a255ad052

SHA1
8d3e6dce271e7ba912de2210f45a660471545c18

SHA256
38a76ddc389cf166479defcfd4317d44780584376d13350aaab69a6b5e96c693

SHA512
4e64e4d6d9c0a457ea95de1bbb204ec91d35e9bf1f3c027c954c575ed9be2e0cbdeea633f8f3eec8c235c27c9f99ed5aa502058037ce569279fc5de46900f93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fc80069047253d14d66fd16a255ad052

SHA1
8d3e6dce271e7ba912de2210f45a660471545c18

SHA256
38a76ddc389cf166479defcfd4317d44780584376d13350aaab69a6b5e96c693

SHA512
4e64e4d6d9c0a457ea95de1bbb204ec91d35e9bf1f3c027c954c575ed9be2e0cbdeea633f8f3eec8c235c27c9f99ed5aa502058037ce569279fc5de46900f93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3577EBD1-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
19KB

MD5
c33765636baa13e0f3c67c6aa726a775

SHA1
f3b336a0d4b2bf031257d08c097d2a295455635e

SHA256
32b754dc35260f5eb92db12a1c5cf7e1f51712bfeda9b09b40403a9c7aa1e127

SHA512
5fb6cb7d1efe38e4e526be2b7669377877e86386ef689656ca9b00f8698619447abeebfd7f8c2ae11f491f830239705876411473433d0b8c4a89a80deb4aaa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3577EBD1-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
6KB

MD5
707fba784d4bfc4e928473110f24459e

SHA1
13cf7285ad38a5afb611b30a621b77f2f673fff1

SHA256
1ba0f60e77f6877a318fc6c3c47677cdce8fd139e2af4e32d46ac7b03a6aebac

SHA512
500e8b5ff4408362ce6cc62f5bdc367fe3177e5e7317342230262b232759cf49cacf9c88149d9269ed39608253b6f74410df5fafc6e9b47c3922697558e17081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{364D54A1-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
4KB

MD5
cfe69a9e4ef4904f10dec06e09a2c2ba

SHA1
3351514ee1f3d2553e8a1c9d06c62f4290426986

SHA256
0ad47621ec332fd0989b8b634753f6b58aa350ca048136eb12beb0682d3c7b54

SHA512
5a3ef32a4147de035617843e6c7be83fb3931968721eb3b2e8e0325c81ec177a7dc46944b44e924419940f946cc41bfaa80c92d47cffb32e8801e02afe80ef94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92E95A89-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
3KB

MD5
9af7478f7043f204471574b8a7a3ad9b

SHA1
f03f8de1ac8da516e102bbb7a51e3da0b11821f6

SHA256
d97c788da313404d7526f6b328e26caabe662c03c797dc255cc7b8de947def63

SHA512
20cfcdc088b25c1af80ecfdd31814e1db45af118bcd22e520e9dfb0a988c3d2ab3f9401abd48b181a5aee60cc79fd144e716956b9ee6bd3a124bd7d5820944c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93963C59-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
4KB

MD5
eadddb0b58bbbe1490bf2710140a2b3d

SHA1
d17e716925fb225ce26e870ac095b3e1e4d72ec3

SHA256
d8fb1ba0be660e8d4153064eb3c06bf14d42340ebe2cd7b80a9a5032e669b35b

SHA512
bd9e7cb67dcf39be8724bead893cda47d6cb2026f49668dd1ed2ab8eb7de22203221593898c6b65a2ddc0030b08a72b45624fd9c92969deceeba6fe61bcf9882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93963C59-5ED5-11ED-9ECC-C253C434FFA8}.dat

Filesize
5KB

MD5
ed02f2e73ef805a7c622f5459be8e282

SHA1
dec64b60b7bd0a3ca409088021d16c0fffb45c3e

SHA256
5d66a250f2f3a5ae1c19f1dc246c9eb441b54eaa4709ac22bc5d40d9492ab236

SHA512
a175b59d158d99444d03f085649fa7fc94344c72b8970c3335b96dab6a26684ca9f97cdff446d1ad59fdee8cfdfa67736d279d1ac85d5930011958e245b29792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

Filesize
4KB

MD5
c7a9aa7bbe954443f853a12f59eb13eb

SHA1
a54a416a7a12aa958ea4e3a61c733a0090a8e2dc

SHA256
b33789449610b76b38aaa5d55f868da4c9127daf78aa276e8f9e32a52c3c7622

SHA512
32cbec1f2c85e5f9a68c0fd75adf8ad40e65c216ca3d08a7f864028509f19a31d439f5119c7907c180d1cbe4c5351a44abd4fd8ec2269fc17404b96285e8210c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0L8B44WL.txt

Filesize
603B

MD5
f2ee957c7cb966d5b766eb2dd2be876b

SHA1
e5f761c3a335dd3de747b06f8cacf4377d610c4b

SHA256
80acd2a429f0eb9cefe21592dae19c692f8473c24f1759784fc2f88306ef26f2

SHA512
0ac6c965533f6726b813f26e5c98b3e7279fd6539927ad8a0576f33c7fdf28bc103a29a3d11260bf71de763396d0ad31bf602a3ed20066a3acb18aa712acc108

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IZTAY339.txt

Filesize
420B

MD5
a8325a79adadbfb16d658a64596cdef5

SHA1
1c0e1fdec00b1fcfe0cea9a585405fddc0f5498c

SHA256
5d7e9c327bac1db89ccdf0e6edf181d496ac14d8777dd6e3a28e0a6212682bb4

SHA512
61e4bc96496525c31198b8e0937806009b7f2ee35c4ff2d2d73beaab4e2c70625047cc8340cc659b50b1fc286693632ade78b7dc0a9e2bd8de1cbf964049014e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ND8B8U82.txt

Filesize
420B

MD5
9d70bd1c3cf21a8921c0f2b072469ea6

SHA1
f5fe246798c7704c440f740fd8342a1f2ba4c79c

SHA256
172e8f0f216d862a7eb7fc8a4865cb516a29fb75eed2e1a7d444a04c8a3c803d

SHA512
a354c7c0aa8cd897aa164c4ab20bbc6b9b583764da350d6cf843b541ab755423c7aecee1640a3533e53a12714bf72ff565704f684848d7856b4cb8e378c45ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SODLMAT6.txt

Filesize
172B

MD5
69e9b8d9e1437bbb766632b17357a11a

SHA1
4b8fad5f69175e31d983d5f589ce7c9dfbaac4ac

SHA256
c5ef776f63cd9ee6131d5b3bad9f5e0b5d9f188c0cf2650c0f60299b9ce5157d

SHA512
17a17ef42161df89e18bc17bb2956fa6d58d51e6a96a60cee1eeae6b6f37309ee37c6b0b97cf574211887e11564fc08e9b6994b472ca3f196b2e69313120eb76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X89HX392.txt

Filesize
420B

MD5
b287ee1b393768a00520504ba203c54a

SHA1
bb5882a1d3293e4891409c6d5ff47e8b3ac64934

SHA256
4a5c6c6b8900b162dfe102e32cc144501a4ec974365929c80d4e94c78085569d

SHA512
a871b15a651a976223ee5c5c963f346a1e98d37881cf2e9978ea84ed6fb804975fd917ff3beac299c0bdd3ce27886034e96209efbe929ca3acd96925531d86cf

Download Submit
memory/560-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download
memory/1976-64-0x0000000069FF1000-0x0000000069FF4000-memory.dmp

Filesize
12KB

Download
memory/1976-57-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1976-63-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1976-59-0x000000007319D000-0x00000000731A8000-memory.dmp

Filesize
44KB

Download
memory/1976-55-0x00000000721B1000-0x00000000721B3000-memory.dmp

Filesize
8KB

Download
memory/1976-95-0x000000007319D000-0x00000000731A8000-memory.dmp

Filesize
44KB

Download