Resubmissions
07-07-2023 19:28
230707-x6vx7aah77 1009-05-2023 07:16
230509-h34zcsgf4w 827-03-2023 11:00
230327-m3yjssdb46 1025-03-2023 07:43
230325-jkn1vsdh4z 825-02-2023 11:28
230225-nldnqsda92 1025-02-2023 11:28
230225-nk69nada89 125-02-2023 11:24
230225-nh4qrada83 1015-01-2023 04:46
230115-fd3c5aab55 1006-12-2022 18:59
221206-xm59taea79 10Analysis
-
max time kernel
618s -
max time network
726s -
platform
windows7_x64 -
resource
win7-20221111-de -
resource tags
arch:x64arch:x86image:win7-20221111-delocale:de-deos:windows7-x64systemwindows -
submitted
15-01-2023 04:46
Static task
static1
Behavioral task
behavioral1
Sample
fucker script.exe
Resource
win10-20220812-de
Behavioral task
behavioral2
Sample
fucker script.exe
Resource
win7-20221111-de
Behavioral task
behavioral3
Sample
fucker script.exe
Resource
win10v2004-20221111-de
General
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 10916 6632 CLVIEW.EXE 180 -
Modifies Installed Components in the registry 2 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Loads dropped DLL 1 IoCs
pid Process 15572 Setup.exe -
Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook OUTLOOK.EXE Key queried \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 OUTLOOK.EXE Key queried \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 OUTLOOK.EXE -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\desktop.ini explorer.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\desktop.ini explorer.exe -
Program crash 3 IoCs
pid pid_target Process procid_target 4312 1624 WerFault.exe 30 17208 16152 WerFault.exe 580 16724 17360 WerFault.exe 601 -
Drops file in System32 directory 14 IoCs
description ioc Process File created C:\Windows\SysWOW64\PerfStringBackup.TMP OUTLOOK.EXE File created C:\Windows\system32\perfc007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc009.dat OUTLOOK.EXE File created C:\Windows\system32\perfh009.dat OUTLOOK.EXE File created C:\Windows\system32\perfh007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfh010.dat OUTLOOK.EXE File created C:\Windows\system32\perfh011.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00A.dat OUTLOOK.EXE File created C:\Windows\system32\perfh00A.dat OUTLOOK.EXE File created C:\Windows\system32\perfh00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfc010.dat OUTLOOK.EXE File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI OUTLOOK.EXE File created C:\Windows\system32\perfc011.dat OUTLOOK.EXE -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File opened for modification C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File created C:\Windows\inf\Outlook\0009\outlperf.ini OUTLOOK.EXE File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico explorer.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString explorer.exe -
Enumerates system info in registry 2 TTPs 26 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Width = "267" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Path = "C:\\Users\\Admin\\Favorites\\Links\\Web Slice Gallery.url" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayMask = "4" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\FeedUrl = "http://go.microsoft.com/fwlink/?LinkId=121315" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Path = "C:\\Users\\Admin\\Favorites\\Links\\Web Slice Gallery.url" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksExplorer iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayName = "Web Slice Gallery" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Handler = "{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F610EBB1-9497-11ED-B90E-D2E0EF22EC63} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main helppane.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\ErrorState = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Path = "C:\\Users\\Admin\\Favorites\\Links\\Web Slice Gallery.url" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayName iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayName = "Web Slice Gallery" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Width = "264" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\DisplayMask = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler = "{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler = "{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler = "{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E0D70B1-9498-11ED-B90E-D2E0EF22EC63} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path = "C:\\Users\\Admin\\Favorites\\Links\\Suggested Sites.url" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl = "https://ieonline.microsoft.com/#ieslice" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler = "{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}" iexplore.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\"" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "50" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 14001f4225481e03947bc34db131e946b44c8dd50000 explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_Classes\Local Settings explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294967295" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0 = 4c003100000000006b55378d100041646d696e00380008000400efbe6b55837c6b55378d2a00000031000000000003000000000000000000000000000000410064006d0069006e00000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff CLVIEW.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000f00000000000000000000000 explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "675" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "625" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0\0 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0\0\0\NodeSlot = "4" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open" EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0 = 52003100000000006b554a8c1020526f616d696e67003c0008000400efbe6b55837c6b554a8c2a000000ec01000000000200000000000000000000000000000052006f0061006d0069006e006700000016000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system" EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "75" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 iexplore.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 EXCEL.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 64 IoCs
pid Process 2020 OUTLOOK.EXE 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 2524 vlc.exe 2800 vlc.exe 2996 vlc.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 3720 vlc.exe 3796 vlc.exe 3280 vlc.exe 3748 vlc.exe 4224 vlc.exe 4292 vlc.exe 4884 vlc.exe 4808 vlc.exe 4964 vlc.exe 3188 vlc.exe 4432 vlc.exe 4528 vlc.exe 3780 vlc.exe 2136 vlc.exe 5184 vlc.exe 5500 vlc.exe 5492 vlc.exe 6016 vlc.exe 6104 vlc.exe 2764 vlc.exe 6600 vlc.exe 6700 vlc.exe 6896 vlc.exe 6924 vlc.exe 7120 vlc.exe 7616 vlc.exe 7844 vlc.exe 8888 vlc.exe 9100 vlc.exe 9200 vlc.exe 10068 vlc.exe 6204 vlc.exe 10632 vlc.exe 10848 vlc.exe 7192 vlc.exe 8520 vlc.exe 3244 vlc.exe 12156 vlc.exe 12268 vlc.exe 5728 vlc.exe 12216 vlc.exe 12356 vlc.exe 12348 vlc.exe 12832 vlc.exe 12932 vlc.exe 12964 vlc.exe 1004 vlc.exe 1792 vlc.exe 1044 vlc.exe 10196 vlc.exe 3952 vlc.exe 8840 vlc.exe 13588 vlc.exe 13596 vlc.exe -
Suspicious behavior: EnumeratesProcesses 23 IoCs
pid Process 2072 chrome.exe 1248 chrome.exe 1248 chrome.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1248 chrome.exe 1248 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 64 IoCs
pid Process 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 2524 vlc.exe 2800 vlc.exe 2996 vlc.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 3720 vlc.exe 3796 vlc.exe 3280 vlc.exe 3748 vlc.exe 4224 vlc.exe 4292 vlc.exe 4884 vlc.exe 4964 vlc.exe 4808 vlc.exe 3188 vlc.exe 4432 vlc.exe 4528 vlc.exe 5184 vlc.exe 2136 vlc.exe 3780 vlc.exe 5500 vlc.exe 5492 vlc.exe 6016 vlc.exe 6104 vlc.exe 2764 vlc.exe 6600 vlc.exe 1808 iexplore.exe 6700 vlc.exe 6924 vlc.exe 6896 vlc.exe 7120 vlc.exe 892 explorer.exe 7616 vlc.exe 7844 vlc.exe 8888 vlc.exe 9100 vlc.exe 9200 vlc.exe 10068 vlc.exe 6204 vlc.exe 10632 vlc.exe 10848 vlc.exe 8520 vlc.exe 3244 vlc.exe 7192 vlc.exe 12268 vlc.exe 12156 vlc.exe 5728 vlc.exe 12216 vlc.exe 10916 CLVIEW.EXE 4324 rundll32.exe 12348 vlc.exe 12356 vlc.exe 12832 vlc.exe 12932 vlc.exe 12964 vlc.exe 1004 vlc.exe 1792 vlc.exe 1044 vlc.exe 10196 vlc.exe 3952 vlc.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 5388 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5388 AUDIODG.EXE Token: 33 5388 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5388 AUDIODG.EXE Token: SeTakeOwnershipPrivilege 5876 helppane.exe Token: SeTakeOwnershipPrivilege 5876 helppane.exe Token: SeTakeOwnershipPrivilege 5876 helppane.exe Token: SeTakeOwnershipPrivilege 5876 helppane.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe Token: SeShutdownPrivilege 892 explorer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1808 iexplore.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 1248 chrome.exe 2524 vlc.exe 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 2524 vlc.exe 2800 vlc.exe 2800 vlc.exe 504 vlc.exe 1640 vlc.exe 1796 vlc.exe 2524 vlc.exe 1624 iexplore.exe 2996 vlc.exe 2996 vlc.exe 2800 vlc.exe 2996 vlc.exe 3328 vlc.exe 3476 vlc.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 3564 vlc.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 3720 vlc.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 2524 vlc.exe 1796 vlc.exe 1640 vlc.exe 504 vlc.exe 2524 vlc.exe 2800 vlc.exe 2800 vlc.exe 2996 vlc.exe 2996 vlc.exe 3328 vlc.exe 3476 vlc.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 3564 vlc.exe 3720 vlc.exe 3720 vlc.exe 3796 vlc.exe 3796 vlc.exe 3280 vlc.exe 3280 vlc.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe 1248 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1808 iexplore.exe 1808 iexplore.exe 1840 IEXPLORE.EXE 1840 IEXPLORE.EXE 1796 vlc.exe 1640 vlc.exe 1624 iexplore.exe 1624 iexplore.exe 504 vlc.exe 2020 OUTLOOK.EXE 2524 vlc.exe 2020 OUTLOOK.EXE 2020 OUTLOOK.EXE 2020 OUTLOOK.EXE 2800 vlc.exe 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2996 vlc.exe 1608 IEXPLORE.EXE 1608 IEXPLORE.EXE 1808 iexplore.exe 1808 iexplore.exe 3328 vlc.exe 3476 vlc.exe 3564 vlc.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 3720 vlc.exe 3796 vlc.exe 3424 IEXPLORE.EXE 3424 IEXPLORE.EXE 1840 IEXPLORE.EXE 1840 IEXPLORE.EXE 1840 IEXPLORE.EXE 1840 IEXPLORE.EXE 3280 vlc.exe 1808 iexplore.exe 1808 iexplore.exe 3748 vlc.exe 4224 vlc.exe 4292 vlc.exe 3344 IEXPLORE.EXE 3344 IEXPLORE.EXE 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 1808 iexplore.exe 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE 4884 vlc.exe 4808 vlc.exe 4964 vlc.exe 3188 vlc.exe 1808 iexplore.exe 1808 iexplore.exe 4432 vlc.exe 4528 vlc.exe 4720 IEXPLORE.EXE 4720 IEXPLORE.EXE 1808 iexplore.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1808 wrote to memory of 1840 1808 iexplore.exe 32 PID 1808 wrote to memory of 1840 1808 iexplore.exe 32 PID 1808 wrote to memory of 1840 1808 iexplore.exe 32 PID 1808 wrote to memory of 1840 1808 iexplore.exe 32 PID 1248 wrote to memory of 1176 1248 chrome.exe 36 PID 1248 wrote to memory of 1176 1248 chrome.exe 36 PID 1248 wrote to memory of 1176 1248 chrome.exe 36 PID 1624 wrote to memory of 1608 1624 iexplore.exe 39 PID 1624 wrote to memory of 1608 1624 iexplore.exe 39 PID 1624 wrote to memory of 1608 1624 iexplore.exe 39 PID 1624 wrote to memory of 1608 1624 iexplore.exe 39 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2064 1248 chrome.exe 40 PID 1248 wrote to memory of 2072 1248 chrome.exe 41 PID 1248 wrote to memory of 2072 1248 chrome.exe 41 PID 1248 wrote to memory of 2072 1248 chrome.exe 41 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 PID 1248 wrote to memory of 2180 1248 chrome.exe 42 -
outlook_win_path 1 IoCs
description ioc Process Key queried \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook OUTLOOK.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\fucker script.exe"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"1⤵PID:784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:340993 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1840
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:930817 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:2308
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:2896901 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:3424
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:3879941 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3344
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:1913875 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:4616
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:1913881 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:4720
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275491 /prefetch:22⤵PID:4336
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:13644806 /prefetch:22⤵PID:5732
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:2503720 /prefetch:22⤵PID:5352
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275501 /prefetch:22⤵
- Modifies Internet Explorer settings
PID:5860
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:11875343 /prefetch:22⤵PID:3216
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:7746577 /prefetch:22⤵PID:7024
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:26817539 /prefetch:22⤵PID:3212
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:2503773 /prefetch:22⤵PID:7456
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:3159211 /prefetch:22⤵PID:7464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1608
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1624 -s 17202⤵
- Program crash
PID:4312
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1796
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1492
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵
- Accesses Microsoft Outlook profiles
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- outlook_win_path
PID:2020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f702⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1072 /prefetch:22⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1692 /prefetch:82⤵PID:2180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:12⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:12⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1072 /prefetch:22⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:82⤵PID:3184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3572 /prefetch:82⤵PID:3876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:82⤵PID:3884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:12⤵PID:3756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:82⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1760 /prefetch:82⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4112 /prefetch:82⤵PID:6196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 /prefetch:82⤵PID:6204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:12⤵PID:6328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:82⤵PID:7228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4808 /prefetch:82⤵PID:7252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:82⤵PID:7260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5076 /prefetch:82⤵PID:7380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4828 /prefetch:82⤵PID:9176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4788 /prefetch:82⤵PID:9168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:82⤵PID:8928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4912 /prefetch:82⤵PID:6792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 /prefetch:82⤵PID:9064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:82⤵PID:9964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=988 /prefetch:82⤵PID:13288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:82⤵PID:13296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:82⤵PID:14676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4628 /prefetch:82⤵PID:13656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4616 /prefetch:82⤵PID:15528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:82⤵PID:15540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:82⤵PID:15500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:82⤵PID:15504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5100 /prefetch:82⤵PID:15500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4864 /prefetch:82⤵PID:9264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4380 /prefetch:82⤵PID:15780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 /prefetch:82⤵PID:15792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=840,18341683955626495860,13221375229057995472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4900 /prefetch:82⤵PID:984
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1640
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:504
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2192
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2412
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2440
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:2492
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:2516
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2524
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2588
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2800
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:2940
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2996
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3016
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2720
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:2884
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3024
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 11⤵PID:3132
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3288
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:3344
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3372
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3432
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3440
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3476
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3564
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:3652
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:3780
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3796
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3280
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 11⤵PID:3324
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵PID:3704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f702⤵PID:3900
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3184
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3880
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3924
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3748
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3900
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3628
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:4124
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:4188
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4224
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4292
-
C:\Windows\system32\SndVol.exeSndVol.exe -f 32375786 205321⤵PID:4392
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 11⤵PID:4428
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵PID:4472
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4520
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:4544
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:4584
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4676
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4724
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4808
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4796
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4884
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:4932
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4964
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:5028
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:5096
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3188
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3940
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4196
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:4324
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4432
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4528
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:5036
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"1⤵PID:5108
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe" "C:\Windows\system32\timedate.cpl",1⤵PID:5024
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Windows\system32\timedate.cpl",2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:4880
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 11⤵PID:4924
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:2028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:3248
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:3132
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:3260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:3980
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:3780
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:2136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:1480
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5184
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x6541⤵
- Suspicious use of AdjustPrivilegeToken
PID:5388
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:5448
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5492
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5500
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:5548
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:5568
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:5752
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6016
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:6048
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:2460
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:2120
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:5316
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:4104
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:5284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:5652
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:5888
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
PID:5876
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"1⤵PID:6024
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵PID:1988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f702⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"1⤵PID:5616
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:2764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵PID:5340
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6600
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"1⤵PID:6620
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6700
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6896
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6924
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7120
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:6632 -
C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE"C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE" "EXCEL" "Microsoft Excel"2⤵
- Process spawned unexpected child process
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:10916 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122883⤵PID:15120
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:892 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:7408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:7604 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7604 CREDAT:275457 /prefetch:23⤵PID:7252
-
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7632
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:7652 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7652 CREDAT:275457 /prefetch:23⤵PID:7304
-
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:7740 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7740 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
PID:7280
-
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7720
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:7804
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7844
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:7928 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7928 CREDAT:275457 /prefetch:23⤵PID:7540
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:8100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8100 CREDAT:275457 /prefetch:23⤵PID:7408
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8108
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8376
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8680
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:8792
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:8824
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:8888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:8924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:8948
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9004
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9100
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:8328
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:3560
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:8924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:8972
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:9200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:9176 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9176 CREDAT:275457 /prefetch:23⤵PID:5296
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:9168
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9168 CREDAT:275457 /prefetch:23⤵PID:4788
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:9212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:8696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8696 CREDAT:275457 /prefetch:23⤵PID:8812
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:3784 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:275457 /prefetch:23⤵PID:5612
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:9332
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:9412 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9412 CREDAT:275457 /prefetch:23⤵PID:9944
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:9812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:9828
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9856
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9880
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:10016
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10068
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:10104
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:9316
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9324
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:9352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:9660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:9660 CREDAT:275457 /prefetch:23⤵PID:10236
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9420
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6204
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:10064
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:10224
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10632
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:10820
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:10836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:10864 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:10864 CREDAT:275457 /prefetch:23⤵PID:11248
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:11008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:11028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:11080
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:11036
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:2388
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10848
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:10832
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:11032
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:11136
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:11240 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11240 CREDAT:275457 /prefetch:23⤵PID:5912
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:11244 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11244 CREDAT:275457 /prefetch:23⤵PID:8548
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:8520
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8528
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7192
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:2356 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:23⤵PID:11392
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:3244
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:11048
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:3316
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11080
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:1992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:11300
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:11580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:11596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:11648
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:11692
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:11816
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12156
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:12236
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:12260
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:11300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11300 CREDAT:275457 /prefetch:23⤵PID:1076
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:4320
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:9536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,1440182896540607684,10816489314419871500,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:23⤵PID:12164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,1440182896540607684,10816489314419871500,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:83⤵PID:12152
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5728
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9740
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:11820
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12216
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12224
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:11668
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11676
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:10100
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:7380
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:1616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:1992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:23⤵PID:9556
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9492
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12364
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12356
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12348
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12408
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12428
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12648
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12676
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:12728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12728 CREDAT:275457 /prefetch:23⤵PID:13172
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:12760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:12772
-
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12820
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12832
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12844
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12920
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12932
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:12964
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:13016
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13040
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:12516 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:12516 CREDAT:275457 /prefetch:23⤵PID:13248
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1792
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2560
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:23⤵PID:3296
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12668
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1044
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:9536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:12976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:10812
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7448
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:10196
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9044
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:12324
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:2512
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11196
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:6804
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:6300
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:5928
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:3952
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
PID:8840
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:13332
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:13360
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:13384
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:13488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:13504
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:13552
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
PID:13588
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
PID:13596
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:13704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:13768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:13844 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:13844 CREDAT:275457 /prefetch:23⤵PID:14116
-
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:13836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:13936 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:13936 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
PID:14288
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13996
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14056
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:14080
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14216
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:13396
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:10084 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:10084 CREDAT:275457 /prefetch:23⤵PID:13724
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13544
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:13584
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13556
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:6592
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:14092
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:9064
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:13640
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:6764
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:10676
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:12492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:12396
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:696
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:7596
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7596 CREDAT:275457 /prefetch:23⤵PID:11368
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12396
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:13196
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12536
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:3224
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:14416
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14440
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:14496
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:14540
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:14564
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14692
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14748
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:14808
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:14876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:14908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:14908 CREDAT:275457 /prefetch:23⤵PID:15128
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:15036
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:15036 CREDAT:275457 /prefetch:23⤵PID:3408
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:15228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:15256
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:15268
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
PID:14360 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:14360 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
PID:14500
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:10508
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:10440
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:10376
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:10368
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:9020
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:10324
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:9864
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13124
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:14400
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:14608
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:13980
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:15064
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:15064 CREDAT:275457 /prefetch:23⤵PID:13860
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13196
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:2632
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13992
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13976
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:11136
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:14816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:15368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:15380
-
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:15640
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:15648
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15716
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:15956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:15972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:15988
-
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:16024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16108
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:16348
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:15536
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14368
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:9192
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:13660
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:11640
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:14936
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:14316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:2836
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:15440
-
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:9340
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:13808
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15960
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15968
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:7872
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:7856
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:14988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:9620
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:15008
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:15264
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:10548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:9192
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7412
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:8880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:15656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:12772
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14348
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9184
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:7072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:1704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:6068
-
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:14556
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:15620
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:10464
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14252
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:14784
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15540
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7688
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9264
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:4360
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:15768
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:5604
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:5152
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:7072
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:16032
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:6876
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14920
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:15940
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:10956
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:9060
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:15784
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:7748
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15616
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:984
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:12308
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16368
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:13100
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:9532
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:15628
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:12496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:14200
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:3088
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:12308
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15820
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:5784
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:13100
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:11728
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:15764
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:5768
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:14528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16696
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16748
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:16904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:16928
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:16912
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:16936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,9020507000338845891,527397149450109819,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1076 /prefetch:23⤵PID:16712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,9020507000338845891,527397149450109819,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1356 /prefetch:83⤵PID:16784
-
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:17076
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:17120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:17128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:17140
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:17180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:17212
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:17224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1088,6836129200515263354,8505705870190164662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1100 /prefetch:23⤵PID:8176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1088,6836129200515263354,8505705870190164662,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1264 /prefetch:83⤵PID:11732
-
-
-
C:\Windows\ehome\ehshell.exe"C:\Windows\ehome\ehshell.exe"2⤵PID:17292
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:17376
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:16848
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16992
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:17000
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:16964
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:16728
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:17092
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:16152
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 16152 -s 6363⤵
- Program crash
PID:17208
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵PID:17124
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:16268
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16924
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:14376
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12⤵PID:5920
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:13⤵PID:14008
-
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:16724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵PID:16072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c4f50,0x7fef61c4f60,0x7fef61c4f703⤵PID:17096
-
-
-
C:\Windows\system32\calc.exe"C:\Windows\system32\calc.exe"2⤵PID:16188
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵PID:16192
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:5988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16280
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:17360
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 17360 -s 6763⤵
- Program crash
PID:16724
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵PID:6492
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe"2⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"2⤵PID:14636
-
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"2⤵PID:16832
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:5920
-
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE"2⤵PID:1780
-
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\system32\shell32.dll,Options_RunDLL 12⤵PID:17288
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵PID:10248
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:16176
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:9092
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:11044
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:11160
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding1⤵
- Loads dropped DLL
PID:15572
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x8781⤵PID:12736
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize1KB
MD594311c9651da386ca1111e029afe8c3b
SHA1f845462f3aeea7059d74598aa32f6fa42a3303aa
SHA2561376e802205a3b45bc555f2519804c7492ef5394af89ba0465573d8355a0b3b4
SHA512081ca37ed9b8ee3c67b7ee2fa1024bf66bae59ccc7cc4e73d26b1fb78d2637d10f3e067bddad2a31b86fbe5f89ab423cf8b115a91b8f66325af5963b4f1750d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
Filesize471B
MD507e30f6992fb7b8b45e5b6594c6705f9
SHA1169d1f51a8567f9353263c461d5b8707ee8766f7
SHA256f560535aeac4449a74efaecf4b52a218c8b749ecdfd2a155517660f260edf723
SHA5127074c63cc55a6a82f023c2c1338ee43433041139d3c4355da2059053f27bf7253bc464274b4f5a3ca377b7bba0684dadd602683e37fb646dbda42dfed11fb626
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD5ffcbd93b1b2d9160b95c519b4534face
SHA14cd3a939c5f3a3fcaf6bc4c23f6c0c3ff74f0021
SHA256ffc88db8d780e34a368852dd5fd85376893375e04fe87c35302c92973e2c77c4
SHA5124f3093405293c6e5ef0f825600dec4858173834a72c06e36e281e23eaca9d8b5163b9655601943554b8469726557af781dfa8cd27dd70bae549cd479a2781519
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize446B
MD569da5f39b2d683f217165da14098463d
SHA1c059887caaf11b971a659d5445f137dc8ce045f5
SHA2561e8725d5b0662f218e0bf52e060997ec761a2852ec1980c034b56d676b932785
SHA512ffaf59166bc4f7752d407b46f16a33d60984da3af0abca68108215b35e7d3b938e3f73870c8b752cef55b0c9fe6049ed4fc20515b4c2f12e50a7a46c9cb15bf2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
Filesize400B
MD5bd8b4b07f3a956fd12263d513b2fac3b
SHA1e598db321b8f0a3390dfee32b179e07a7ea7c8c9
SHA25637965e488959f1890bc2f2f4d805ea34ac52cc01d4e6c5e82bdd5291c180a8b4
SHA51260a11b5e16ea4a1adf65972ec12a08fff437f0e2bfe5b19119f7a2ab5ca81ef7bbc35737f5ea336d7fed28360b4f01c2c92f57da260c60fe84e20577f09b2373
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3300860a7376ff530574c7d3b047a0f
SHA1db47236a7ef807150c59026e667b497e20d3105c
SHA2564658cb9146fd70f71e7d5414809257689621c030ada80c9955aba12b1f78d4b5
SHA5128fc5f40ef80215ec3877ad8bc530bfec230ce460645c2e0bef38a65076c3777353d5fa7a40513e5509692056017fce0cf1bfb7386f8483e24d7ed794877a88dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e19b7bdc8d5171e172fe041cf4994c8c
SHA17efc714206498258b7adf81c49f9bf755ce91ee6
SHA256076fc7cff7b0abb9469d9eabc9d0f8f8f99f0ba52258a837d81bd8ba526043a5
SHA51252db4e21f3f1681bd335fa3b34b746b3607a7f54f8c14c6edc2ab7df620d8934fa2dd7c0e15faacf322dcacd54bdcc624a47e8e9cacaea4f3c7271e10bdca27e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0f1c9f3ebed01638aa3eb30158d431e
SHA1ef8c2d06a49908f0cb3bcc37ac7434bf50777216
SHA256ebe3b4e56dec5006e72480c444bd09daacfb7730582c34663625021b3f842701
SHA5126e722bff8103573360529050d8947c3b01f8f63e742cc267922295dbf57442812b6333eae97a767c41125d21f13f62acdd0dcb6537847f3db783f0053ca9ee85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5abc15fa893ad67999f393a9341c261ae
SHA16d3a0d9376e7396eb9798e33a25c6c5a06241921
SHA256c2de8f6923ae094389ed4e2e56dd79ed5434ec1fa33e18ace7eb7e32f6d6433b
SHA5126bfb2dbed59f08b98f0130d6528977401a60c245b11b80143af25e58a3680132b6d71ba9fb1b001f7966aa20494db49b2b284efdad7fa822befedb191cf61a5f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0c5422a7d7c976c0b87120c7a3998d4
SHA186eab6afdd5651503781880ebc34e08f2f865928
SHA256a148db1c70c62c23fbeab19093657e10cc86a1d6f974e4a82bee43d12b6a8857
SHA512ebc9827c1398cdb7f42b004c00b8ddf8b9a77cc50930f2b8e47153bfb79cc570a4d8b8ac2bab0649c13e8936e09bd5a2a99ea02c686dc48d6779de3a22f90853
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a09d9a042d722e7ea541ec27d11f24d
SHA1b8a2f53cea171c3d09cf0f88462452657bc8f78b
SHA256b7566b92bab641c8ab32f17d7f1e739d8f9782d86647c43fcda53fa9137eee22
SHA512251c3572c96fe6c575086113530f3c4151b448e0712d6ea2f91bfe0336a78b4c881766398e150edff0c870ed0d0e06632c606af1e3741a3568ca2679990a28d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bc68fd779496aa2ff486bb04a0990ea
SHA16322470f0389bc28488005228e8a13494ba32251
SHA25658346d2ae8c43c4b671dd511fa7026b14a398e52a3b0407924e180afb49d8f24
SHA5122d625cb9f29ef76795241b6a91a54d5c6ba28ed422c4de1f1e9568ccf683e99a266b21e71aafa9bd1cca9addbba0daf12b55c14944c47a67da0236f26ecff4a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b2d996b784cbed1e5b8c5c602abfce3
SHA18f72acac3dd114dbcef0650c61e703f2b83bb0b9
SHA2568837177bca4dfaea977d8e2b1d3ca6998cfe12f674e8f077dcb17e0e3b0b69c3
SHA51256371c1546cea46cce403d2b667c89b660b71b38b2f458b346c07f7d39f576e7764c8058a12ba6972f0672ca9a0bf1a4f97dce0d0a312d3ee50f7dec96cd8bac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5909397eee5c5fac1f62acbeaa344e30f
SHA1515224d95c3a25e5fca415b55317d144725521f7
SHA25623c406ea5f32613c464ff82670db3790f1f2f25c14d84301f9e93ebb71947df7
SHA5120526f831a6fbf52a9fde0b05f43a9ace823764199a6497afccb1cce51fb1f024beec51415f34c34e541e58c043b70f2bb174e683b18ed6aa992f5882464ed13b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b15f1245734dccf90d02bd5389cc912
SHA1c20745fef16a5be3b6e3bb97c546f3c500dec6c8
SHA25672a816050d81e5ffb4a85825136511db64d978fe120eead6893ddb40d434ac53
SHA5126f21d678155107401365be6f01ad18e14a7ae6588cc414ea1fd5008f649160451b5b16aafb0a9eaf48a60a2d6d08a4d58398d74b9ed77424b9894c62f52d5a96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5274fafb1c9408334d718553e4700ce7b
SHA1306e9b06e3577cb8e54d24eeac226548d5cf9d23
SHA2564a34e59d38ee57d80167e8b468f7ffdfb0d91a7e9170f521b0c83064c28efd89
SHA512a7d50d14909935337e1acfa9d12df1ed2a6a283542d0b878572ff42ebc57dab5b877c54ff8a180f935c6b848c1bd0b1f70f0d3bd8434f133361c32190254f434
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516aa5e8e584b73d6dd82b1afbaaa6a06
SHA122bc614406fe0e8ae0483906431b1c83cd7821f6
SHA2562c3e5158a0335327f9b98198769f1acda22c0363c019d7053b0052e78fda74b9
SHA5120f32d03ebe73cda25009ff6514051e20cb675c80e95c103d2bbf7285a8be09d1d41f6b0177e56cbd9ac5ba6e734a930b5e5d2eb6247c8eb6061868d3fb08493a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51782f4f296443ec67b51331b209bef52
SHA1aa87fea8762149a8caf810609d0979c356640a1e
SHA256a272e908b0e109208dbba231cc620e1100a0f1e47fafa79f18609d2dbc5f5c96
SHA512c5af0a3cf492f96fbf6513482358a5c1479e8f4f43dd716073763d3712148408487bdd8a2ac047b6cb6ee706853c916a330a74092027e9af061b8b594aa3a4b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc84525d21a4f11096c97ffff7cf0db9
SHA167ac61fb6131fb93a88e7431f0c84494b1fb821b
SHA2568134e45678af10a1517ede80fbfca39b4fde0ee29dd9588c531e27fb60761d3e
SHA5123a2c73fa4ba44a1a909f0be62f720747f7703f0099c2a43d2290bf6c7f881649f640ffde25178e31b1b63b1cc1d9bd9a22805310d05f37292e95c9e9ef5e1337
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7c607ebea3af855203c2923f5172543
SHA1742763a9eda43d093e84fca906784ceb6f73154a
SHA2568d8f9a6b97f9627b8f90b058d794709dc96d93e88a170649bd302fd31b8f0c7e
SHA51205428cf3671b4b7401c73f3b06fdb754247beb5ce1765446098a696ede0f73e9e71036f4b96966dfb9fc2af3af0df3b4b1038f1c96c595b18efc176efcfd4d1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506efbc97b511429451b33754aece3ee5
SHA16dc32181626a003fe04764964965b29a1213f0f8
SHA25628dc0cea45101abada683b858be495f27f95fd91950b27d24285828c52930cfd
SHA5120626fdec2d2e42f63e2e7eb9c0d9033de0917f493db730c4cb8b2a67911224d96db99f155154bb55d85599117f01ad3ad00a0602d300f4711f9f540aa99bad77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b983cf305c2d2b0666db59b4b03373d4
SHA10c78ad8c92ab18665c21b17d292d253d77243981
SHA256b2dac4dbba937af7ac84b95ea947e4c0edb0cb9b15e5e8c8658361b46413bdc0
SHA5122cf4747ff4a1902ff34dafc76cb8a9a0568919f12ebb1a2233acd9c89596e88353134a6c7c21361e4039c7b7e3320d29deba574f4761134be63a35a3001883b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d31a0ff030158792bebe25e1f7edce93
SHA1fc7e5990c1090952505c4c6bd01c0c3eea6c5d34
SHA256fbfec20dbd0f7d63a2f03f34aaf6b972165613923a6acad0ae904537339a1339
SHA5129bb28ed5190d6031b4fc70ed64267917d6be6fbc274338bc80aa2598c7c9c20f342032f370c960f9b0f0bf9cbc4f7d25106ff570c678325f2a8987575ba92855
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ada1720689bafd638ca51d5922648c35
SHA12224e8ffae4288271b47bfef05a45710bdd151a9
SHA2565ff3b47006139af51652a7be5a98bf627ee8c39f7525845523edf63236c4a8c5
SHA51275a5d5f77475d2c55cdea29376ed3fcb647080c6df02ddae062d5270bddda31d8703eb76dcec3b9724a61b0cdf7a2a1e0ce7c60861ab109ebaff612706137adf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a342c5fe0ddf5a7bf41112e31f66ce1f
SHA1b0200133cf05c3384d2f8d83ecb7ea43bfd70218
SHA256e6b699ba3a0feffd5ba37ffd45213b0d68fd6c5ef8ee5e94a9d7a3071279d05c
SHA512722371fb7a36964af1fdde468cc4c28826053479546c4371e588c3b8caba3099674269f7206491815a967ea594db69c6e18765856d2d7184c6e84ababa112104
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f1c1760f29351e2082dbd717e9d8719
SHA1f34bb7f8291511301de4fbbdd88e68d28928bf65
SHA256d13a363d9cc572bfb73ec29ae7d1663c2d94e018ecb0ab7fdec89ed4b0a45af4
SHA512f7b6c9d02fcf317d2fc1d9ad09d99d694f82a6cb7bc3618efb20b99e4d49f45ad658d7ffed40cf29ab8dd0a2a20355ccf474cd1aa5eb2a6763ebd7f0189d7b6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506954d7f729c991bf2747db58f194a76
SHA111d694d5e8328c4318369c32cdf9f63ecee7fba7
SHA256d1acad884b27d0c7e192ffe4122c26de1ba13c1cb7abf18328e884f0eca233aa
SHA5128d8b295aabcafb5ca58e26f9d54ea047895b2208664aa36149f4e86d426d3cdbb30f18614c95367c5995d6dc736fb3be99d101cf104ffbf1d3c492cd9822b3d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5519a0b25d27353bf2f6137e34675643e
SHA15d684d8722fc55212fa5ed0370aa072afcb761af
SHA25616859e24275da3d397cff97c30424b129a9ff2afb497a4abe84f0b94d939af78
SHA512c4b3ef0b32e49b8aae0cd5f56f7626e7cf0bb06eba809ed6bc8ede6e7b76ca77833776c4904613acb504bf242f6290071cdd0bd66719eb4d56fed01c74943aa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e53573b16fe48f1bedb6b6c38b7b270
SHA13cf3d219b6f467a58692e54696a24752e96bd134
SHA2569199f8b95919af51752e0777d695553ce56c37a5b28fc0b9d8c9a7d3af6f149a
SHA512c22f677b70371a9b6b5aae8f9b5ee53e67cf41fc124023519cf6b63fe525107cb7a026c1d1a80804d935d2210708ed5409cd305966a870f0f14abad03f4706d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52825d5e976e217f08386912e00b4ebac
SHA11d0386c6a6b36d1770061006b7e62b08c332f24d
SHA256b898a88da3450eaf8121794eef9c4d47a22a97ecec6d579caf653b83d874e794
SHA5125313c08744c799453b5f8d73adfd2a33e29d18c55411ff2dfe96d23f6e508ed267598bf9305034f859a56c76a4483307a67647c966a8f65165ba172bfb8f8390
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522d9d36122ea66648b60bfb9628494e2
SHA145ea8b6934c65a3fe8625ff2690665f179549dd4
SHA2567fe1ef377ca1234e79f06611a476d2d9220b49595a38d510270779bec5a596cf
SHA5124856766794fda15c480573191b885c03d359e476ad246045ed21d931364270da4353baf8de23cb846bc9d8272cd004e416d5d5e77223fccb9283fa909c4a6077
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a61a5119fcc287cffeba6390a81022ea
SHA103b944bdcc3e1d39c085f1743cceddd19737904e
SHA256bd558423b9ee520b43d529f9859769dda7c55ae2f0227c1bc93a8f8533f87519
SHA512f1d15d661da11d0dafa071a87266701b49e09b0c7f6277616614d69d57ee0cb2d8f463f035011818c4b23cfdee529276bc923732ece5eea4a0261700a7216ccf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5569d9d5cad2979c3f4453c9ef8c07bef
SHA12a66d1c629a18dfd57a04b2bab8500d1365f38c5
SHA25641cbc2946f3fdd1333b6b09588deead1a38cd0670917228d743d5582f33ee977
SHA5126af9ef06ddae462bce36f90adb4297616b8dfc8933250ca22979a48d455d514deef5b238f97b5382573a49c4781e03a647b4b2c2888001a1b8320259a4045590
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize430B
MD5cdd434a3c670ed5012a60e8eebce12fb
SHA1dafe9e3a58ac60c2066b2a633d042d9f1d30bd58
SHA2564c16026647e7a89a5a7d58409e01d1911a74ecc71aecd3e443cc2c7af81c396c
SHA51249972e910b0d862193e5ed411822d1a6aa34305d90e5c11f8d6f1fd784b2ec851d704ae4377359e84eebd87e75323ca55b0e52e38d1bd1457c917ab9093993bb
-
Filesize
40B
MD56af6ce211c2ab59fccfacb95b2a2ac48
SHA11d384947dcac567774034a8c0354fe10f1eb3b31
SHA256db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4
SHA5128c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec
-
Filesize
40B
MD56af6ce211c2ab59fccfacb95b2a2ac48
SHA11d384947dcac567774034a8c0354fe10f1eb3b31
SHA256db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4
SHA5128c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec
-
Filesize
40B
MD56af6ce211c2ab59fccfacb95b2a2ac48
SHA11d384947dcac567774034a8c0354fe10f1eb3b31
SHA256db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4
SHA5128c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec
-
Filesize
40B
MD56af6ce211c2ab59fccfacb95b2a2ac48
SHA11d384947dcac567774034a8c0354fe10f1eb3b31
SHA256db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4
SHA5128c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5F4D831-9497-11ED-B90E-D2E0EF22EC63}.dat
Filesize5KB
MD5153b6c8b8f465b45ffe42cb8f2ed5d3c
SHA1bc5e47ae1e63a7682a688636c7210dc6bfa3c772
SHA25664f158da0c2a3ee16811958fe12ac30f0bf5f7125e99dfeb13fcc0b52fa66219
SHA512c288d109b20b4db39b6a1de7632f092df6226f7ef49be0da2c86695f9dc0382d15a103ba50185f09d5dc4825cef293c7c204cda8a146a49cb05d24a211db8581
-
Filesize
4KB
MD599ae478fecbb39481807add1e683aa37
SHA1e0483c22faf8e890b239cb3ccb1de69b0befae7c
SHA256c74b762dc3ec1c879edd4e8365c0b8a73be29e0191b3fca64eeb7c915fb8c792
SHA512bf61a43a74dc5edd5844402cf7b16c94e4688bd3d96e58eb57914bdd37b218834c49a12830a3dee36d4652ced4b24845c7ec1fd7e9d82c7ecefc69e157e12d77
-
Filesize
5KB
MD59e786551aea2e7fc414484ba10d5435d
SHA181750376dce0c4a91704835c9767eebcc3801839
SHA256ef8a4ce77447ebda89d6fad6b6dba3778bc1bffca758fc22b409efb3149f0a28
SHA512a0c538e469ee032fac98d5d3f043faf5a08929dc6343d1edd67729c3b700175279061f56b08c30909907c60aaac262defc55b05f059ef6f102126927204ff9f1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF53UGF7\owa[1].htm
Filesize38KB
MD508a601c603e2a1bd336b53d718310db0
SHA19d1971a69a24e8cdd8db0cbf898173066a8bc664
SHA256d6dbb68b4c39ff3902b235cbe502fb84209cebcfc5eb80b7b98dca82e9852361
SHA5128a4c9e801c18cecd6eeac64aeb39b1f76c7313ff12f181ffab1e4de45d94e1f8fe594ba16dbd45329108e4455ca1d186dfacb66bbef38dd5fd56b63d7f545b23
-
Filesize
109B
MD572366204dc091b1f55f61917f898b13b
SHA1dc2bb4bd3fddfc3b4fa0ecec094ec0843512a368
SHA256729c85395ede62aba1d4d0ae396d6473c9e58bd0e4cf206ea3f2af0212b2319c
SHA512c3503ac683e60ead9f5924fa26a629c41ca657f3f112e5957862a2712a76459ea947eba1b057c52e00fcacd10b7d2809bcb4b2ada372c53afe91124ca71274cb
-
Filesize
107B
MD59efd666d7f52a761fc9ae880b37c2c8d
SHA1793638bf35b1ba0972935d0ca83e1b1709a02560
SHA25644f8ae4db2e7532e69aad9f993a80b29ce2b1f63bbcd9883549c7f700756a8d4
SHA5122e7727168b45201b3f0db2313ab2028f6ac89a460ad31f1c188e4a713a5890c5539c28de98ed5169f72e059361291050dc118d2eb4c9a40700070eed78530fcc
-
Filesize
601B
MD59f3d3bc15625973635ccab1c48e7aca9
SHA16c358ffb33d9011bc8bbc61ae9cb2356775845c6
SHA256c5eb2d045ebf41757b3bb8a7ac8f9c8940f13c8ec1f03c6c5f41c024e4ade476
SHA5129caac311eda858c37aaadf1eb71bbbf5fadb846253c437336521d2e30036431ca05711a79320fb2c1e21fd8278224fdff45089fc6ee3732e6db77a60f76f28c7
-
Filesize
601B
MD523421596382dc27a7808356bb75c3bae
SHA1a83bc4f739123c0d9ee91b454946375a055a1761
SHA25624af55e9e716cfe1002a90f3ee604075eeabc17797bada9392d6cb57d7c268ff
SHA51291060be2fe6cb2a1ef2bb87f4b920b1f6d69f1e2fbdbf661a75f1399b569c2e6dbb672101d004b151963377273d7d77539574721d9039a48554ba1adcb739a06