636a0299845d9cdf2ce257789aba7c264df8a58dc7cceb48f5ca5c15f30d9114

Analysis

max time kernel
78s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

1006B
MD5

06582722149faa7e1f31bf74a6ab7b48
SHA1

8bfab804d6ec1fdc88749c9c8e71ad556a5ba7a9
SHA256

636a0299845d9cdf2ce257789aba7c264df8a58dc7cceb48f5ca5c15f30d9114
SHA512

2cf0880ad0744d68d645fa19d37cb54aa04b0fc9070be53605b5a32535882bceab1664f5bb2708d395e01f6e4f48cb45ac5b81cf788b519c014deeffe41303fa

Score

10^/10

execution

Malware Config

Extracted

Language

xlm4.0

Source

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 19 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "4221711824"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31113259"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630155049194877"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	AcroRd32.exe
Key created	\Registry\User\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\NotificationData	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	WScript.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	WScript.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a000000ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AcroRd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	WScript.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	WScript.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	AcroRd32.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3064	EXCEL.EXE
1432	vlc.exe
3416	vlc.exe
7156	vlc.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3416	vlc.exe
1432	vlc.exe
7156	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
3416	vlc.exe
1432	vlc.exe
3416	vlc.exe
1432	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
1432	vlc.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
3416	vlc.exe
1432	vlc.exe
3416	vlc.exe
1432	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe
3416	vlc.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
3064	EXCEL.EXE
3064	EXCEL.EXE
3064	EXCEL.EXE
3064	EXCEL.EXE
920	AcroRd32.exe
4044	EXCEL.EXE
920	AcroRd32.exe
4476	AcroRd32.exe
4044	EXCEL.EXE
2264	OpenWith.exe
920	AcroRd32.exe
1432	vlc.exe
920	AcroRd32.exe
3416	vlc.exe
4548	OpenWith.exe
704	OpenWith.exe
4044	EXCEL.EXE
4044	EXCEL.EXE
1804	EXCEL.EXE
1804	EXCEL.EXE
920	AcroRd32.exe
920	AcroRd32.exe
1804	EXCEL.EXE
1804	EXCEL.EXE
6020	EXCEL.EXE
6020	EXCEL.EXE
920	AcroRd32.exe
6020	EXCEL.EXE
6020	EXCEL.EXE
6972	EXCEL.EXE
6972	EXCEL.EXE
7156	vlc.exe
920	AcroRd32.exe
920	AcroRd32.exe
6972	EXCEL.EXE
6972	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2968	3124	WScript.exe	82
PID 3124 wrote to memory of 2968	3124	WScript.exe	82
PID 5016 wrote to memory of 1160	5016	chrome.exe	94
PID 5016 wrote to memory of 1160	5016	chrome.exe	94
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 3588	5016	chrome.exe	97
PID 5016 wrote to memory of 4560	5016	chrome.exe	98
PID 5016 wrote to memory of 4560	5016	chrome.exe	98
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99
PID 5016 wrote to memory of 1128	5016	chrome.exe	99

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
  2⤵
  - Modifies registry class
  PID:2968
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
    3⤵
    - Modifies registry class
    PID:5108
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
      4⤵
      Modifies registry class
      PID:4476
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        5⤵
        Modifies registry class
        
        PID:6632
      - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        6⤵
        
        PID:3808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        7⤵
        
        PID:7592
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        8⤵
        
        PID:2292
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        9⤵
        
        PID:7972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        10⤵
        
        PID:6208
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        11⤵
        
        PID:8900
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        12⤵
        
        PID:4768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        13⤵
        
        PID:8768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        14⤵
        
        PID:4348
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        15⤵
        
        PID:7136
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        16⤵
        
        PID:7856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        17⤵
        
        PID:1712
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        18⤵
        
        PID:8568
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        19⤵
        
        PID:2464
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        20⤵
        
        PID:7696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        21⤵
        
        PID:1472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        22⤵
        
        PID:9900
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        23⤵
        
        PID:8388
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        24⤵
        
        PID:10080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
        25⤵
        
        PID:568

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:4044

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\AssertRequest.gif
1⤵
- Modifies Internet Explorer settings
PID:2232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:920
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4604
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6E28C5B4E18C8042A6234EB4AC877735 --mojo-platform-channel-handle=1676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5252
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=447517B90AF0E2084926E1CC4822BA25 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=447517B90AF0E2084926E1CC4822BA25 --renderer-client-id=2 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DD41AD9F86EBBE9A974521A6A9E833D3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DD41AD9F86EBBE9A974521A6A9E833D3 --renderer-client-id=4 --mojo-platform-channel-handle=2276 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11FAD28E0D52C87A8321A61CD00D0399 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6404
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D89B63182E4B313F421856F2EBBD936E --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6788
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C07B70312C2F186028CD38B07A316658 --mojo-platform-channel-handle=2728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:568

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4476

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92574ab58,0x7ff92574ab68,0x7ff92574ab78
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1920 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:6544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:8
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4420 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4384 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4540 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5356 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 --field-trial-handle=2312,i,13292215039704438292,12597629134226081543,131072 /prefetch:2
  2⤵
  PID:6600

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RedoExpand.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:704

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RedoExpand.mpeg"
1⤵
PID:4684

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2308

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5840

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:6020

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:6972

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\AssertRequest.gif
1⤵
- Modifies Internet Explorer settings
PID:7028

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\ResolveClear.js"
1⤵
PID:7112

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\AssertRequest.gif
1⤵
- Modifies Internet Explorer settings
PID:7152

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RedoExpand.mpeg"
1⤵
PID:7156

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResolveClear.js"
1⤵
PID:6140

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RedoExpand.mpeg"
1⤵
PID:2184

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveExpand.jpe"
1⤵
PID:7052

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowWrite.sql"
1⤵
PID:6184

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResolveClear.js"
1⤵
PID:5628

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallBackup.docm"
1⤵
PID:5412

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveExpand.jpe"
1⤵
PID:6444

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallOptimize.mht"
1⤵
PID:6468

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowWrite.sql"
1⤵
PID:6760

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveHide.vsd"
1⤵
PID:5816

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopUnpublish.sql"
1⤵
PID:6480

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoInstall.xlt"
1⤵
PID:5176

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\AssertRequest.gif
1⤵
- Modifies Internet Explorer settings
PID:5768

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoUpdate.emz"
1⤵
PID:5640

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "::{645FF040-5081-101B-9F08-00AA002F954E}"
1⤵
PID:2752

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\VLC media player.lnk"
1⤵
PID:6100

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AssertRequest.gif"
1⤵
PID:6792

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallBackup.docm"
1⤵
PID:6300

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallOptimize.mht"
1⤵
PID:6588

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveHide.vsd"
1⤵
PID:6780

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopUnpublish.sql"
1⤵
PID:6628

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoInstall.xlt"
1⤵
PID:6568

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoUpdate.emz"
1⤵
PID:6052

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\VLC media player.lnk"
1⤵
PID:6788

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AssertRequest.gif"
1⤵
PID:6756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6392

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7156

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:392

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:1680

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RedoExpand.mpeg"
1⤵
PID:2184

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:7128

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:7104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:5220

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:1692

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
- Modifies Internet Explorer settings
PID:6328

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:3724

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UninstallBackup.docm" /o ""
1⤵
PID:7004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6076

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
PID:6344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3052

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
PID:4756

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallOptimize.mht
1⤵
PID:1028

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UndoUpdate.emz
1⤵
PID:7116

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\AssertRequest.gif
1⤵
PID:6452

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UninstallBackup.docm
1⤵
PID:5676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:7696

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:7984

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
PID:7128

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
PID:5920

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:7728

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
1⤵
PID:8112
- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
  "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
  2⤵
  PID:8068
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
    3⤵
    PID:8652
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
      "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      /updateInstalled /background
      4⤵
      PID:5920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3320

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
1⤵
PID:7776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Ha+aaruBbAOIHchBZSQHUZAeh+x+drgHASATRgyiFUHMHSARIidbEOACHFCEFesq+VH+AEBBRoONTAHHHYBHiUUHAOAIXDOVHSFGVIAASBAMDNBERHHFHCMSQZDUAESfRSRHHTSe+ydfEMAUFRA+EisebmhOOHEZbf+FHAUHVBRxbOEANHAEBh+UHHAXbAHObUAHRBHf&FORM=IE8SRC
1⤵
PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xb0,0x104,0x108,0xe8,0x10c,0x7ff908c63cb8,0x7ff908c63cc8,0x7ff908c63cd8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:7240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:7672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:8324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:8744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2406631412150478546,9453542671890666868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:5252

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2728
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UninstallBackup.docm" /o ""
  2⤵
  PID:4344
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UninstallBackup.docm" /o ""
  2⤵
  PID:7900
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\UninstallBackup.docm" /o ""
  2⤵
  PID:6304
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SelectRestore.docx" /o ""
  2⤵
  PID:7324
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SelectRestore.docx" /o ""
  2⤵
  PID:8324

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:6608

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:6988

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4364

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
PID:4736

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:8440

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:1032

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:9188

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:5872

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:2832

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:6796

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:5336

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:5836

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:6096

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:5252

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:8612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7300

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:9944

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9428

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:9972

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:10104

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:7520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6bb8d7e9f45d66a42f380b4dc50798be

SHA1
05cb7b3465653f23ef496619dcb3e700315a0005

SHA256
fc3c9f84733694f421f0e14cf73f527693b104b478d3897b2b757de6a5d92c59

SHA512
186a70c32e9adf5442ff7bd0d54b88a92bb42f999fae16c853c1f1ac13e6917f76e547603c1e15a4f682b8e7bbee87c72a16fb050f6892a06b056e88213ac9f6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
f2a25cd7072434fc740d44d0ae190c55

SHA1
ebde56ba48cd49aa39dba3837a711f047ba41565

SHA256
f2e77a089ae2e588405705c1031fac67e9a04a2fcf3ab2c06dfc54d43218814b

SHA512
b98f6d6e10bb64a287e60773e91288f39c163fc28f6ce846104c4add85ad411871ec8823666892aafd7c5b757bb1c155f40c21bc675b5de57c180fe1215d87a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9dfe1183dcfc60c4d8af84e03b47ecbe

SHA1
c7084413154d81a8c010b5cf05900616f022c9d4

SHA256
67f586d8d62edb9a8daa2be02b179e905bf75d434e931dbaa0d59cecaa9aeea6

SHA512
3ca0958d6b24cf6a86297ddd4f1197411ca122ee12e2c25268e0fec66614bca79cb792ecc83360a9c683b8517c8103e4a884f3175bfac0143e110bfdeafa308f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df19d7744b6048493a526c7caf1626c8

SHA1
41b75e1e389b83d9dbece623781c6ed7f2d08f50

SHA256
a64c6374ee4a7c8551da2aaa75b9dfdd470e50104b959915903ed138430f36cb

SHA512
c2d0dbe8a3d62221d81a635e0f718f6d147707bf2fdce3f01aa74a8c97f14fa29234a69ec468fb2421877a0ccad5d89c565cd6e536395d69a0a44d445f49feb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
26dfcb5e2d63079f160904ff52fe71a2

SHA1
dc775a12bdd5338029c1dfe5d9827fb9c9a9b1ad

SHA256
eac0edc0d5c9215d422012279684a516e58f2e39ec3fd9f63f887163f78e36ac

SHA512
e5be22041a5e36689f86d2f57e4c3fbde88706dddba455817ce8c4f3ed340be7eeb86d4cb0bc60820cbed86d5c3ccbbcdf0827f1e118dec6d22f8a1c2665a825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
382a19be81cfdbb92ee703319c75b526

SHA1
267ac1597304e5a1d4e17d9124a2d67e65474559

SHA256
612ffc185b9e7b4e84b6e51e0447a4a70f37cf796998f303befc5e9113874f17

SHA512
43bd2cc13e7b9555cc56b15ca8e20ca416176078b3afbb3e8acab7e00f47d0e7607e9ae22eeedd96ee8e790577fece516e895baf3469bbde9a7fbeaa2c914067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
576cfca6e92777a88d2e5d6cac19cbcd

SHA1
4c936c59da24562c5c7d49ea8ffbc1cfaf31ba66

SHA256
e0ca30229759440cafb794d0b0922cb6b26d05c951b97d56ed79ef4c4f2206a1

SHA512
47d68b1968bc97c88ce74837f8d6e0554cfcf2851dab3fbec63c873ab1c551ae49cbec1492581043a9acaf99a2ebb6f1683ea573ed9dea0db513fec56436f04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7714562e85f909a1ea542d7a16579884

SHA1
71078ae6c09a32f3f5cd66833e1149e77f63117f

SHA256
0d70fbe448863467765cbbc22548867d39b3a26f08c730286a3d64cb3865ff1d

SHA512
e0f52444f565ec0dd81c81017d53d801f0af1f639ad2bce680d66fefcca07335ceaa3c65f890fb19d49b7620c79d9b1d683bdabcb89d8007be39de6d6b06dc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9c8c336f096b188398e314aa6dc517f

SHA1
58d9ebe1fdb072a070be3d5f99473297b86657c4

SHA256
307c2a9dd822986f88e6ca8a85117732e1ae6fc00159e047b07977370f88ce8a

SHA512
59a55b3a0d7aff70cb454cac984b0a073b1d5b967c82a7ecbee6e703a61d0c02d8d100ccde5a93e55bb517a989d04ccfc47d58f63d00beee5ba3e8df313d1a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d117f0a515eb328d176044faff94c386

SHA1
5da3ba0574724876a7af822b565b89ab4237f083

SHA256
cb5a3c7c0b581ef254c95552174d89a1445640206a29601bcd6596604d2acb71

SHA512
50b0f0059f426b2e33eb1534d2342fd0f3d894f533f0cad79042c87f4d3a6ec0bf223fee93b5b69272e9eae94879a674e5a723173715d56ac5b97f3c65024b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0608455ca731ebed6b33c101e1bff00a

SHA1
2121b2966c579fd7a750359802b7a057fb7934a7

SHA256
fe9970bf38e0934c2e2aa4dc94de6ce67e18ea522b422301e34e05fbb1d00ccd

SHA512
dba6dc6fe5706261b795b9074d72f912a6cda64383571cffb2ace3ab34ba02411b53713e9e57d09a772882ff36d814b5999b5c74aba182df0dc4c3e14932c40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4410af8edcbdf4695f080a51657473f8

SHA1
634c5f570f8e22e70d068b523deed745c102b662

SHA256
09540fa5f87646bff01ee8a704cfa4fe830a8f76f4f40fb864f31e6c142f4505

SHA512
52ae281fb3f22bb58261d0d1702400196fd5db0bbc5e81be219a096e91fd01a6e5793f9b0f45f82e6e38a4fcc084ca042780f65bbc88df715513fdb501a2d989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
05c044450db14380068e3a33aaf89eb1

SHA1
9f1b08575da7ae5279c6bc169ee751430ef64e67

SHA256
478a6cf15ae17d548e3b8cdccdc07f726eecae437b07e435e9f49cd78021e355

SHA512
753edcc2e987940f638cef865b7003fee203ec2037c2f1412a6792f108339810effd4a40660427d35a0574a24fc318b0005744e507cb149783eb16e53b42401e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
42f3604f2a5d3010e11d00418905afa3

SHA1
4b6a5734a9d8f00591027f5d4ff6d9e1c667b308

SHA256
40541fb067ca86d8b05e818d38a8a2f2529b37fdc3dab05c57808a55c45a4e94

SHA512
9e11b87f5891da2c599bab145fcbda846fe0a81f3fd359382881d5b95890751151fc9789e1e3a5b81d17a74f6ca83a4533f02e0e18fc6021faeccd2772a333f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
a746e5924203c4de8a10a49b80ce37d4

SHA1
5af660070f37c026ed1ca1b62b725a7aa26a23f1

SHA256
d8efbd63c1ed5e15ab2321c73e9ec1b22bd8f885a87691a537fcfaf1cacd7581

SHA512
5d4345ff59dfa595ea6b68c56fed4f272ddb484339cc8c84760483a9763c14951d7bcc311be7a7fc4d7dbb676a305df3075b565e55bab52f5358551e90274908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
b294b07966c7e7bc029fad0705fe8904

SHA1
70f708a7af039ee41570613dd73ff8172e36fde4

SHA256
69f4c182704cac9eb2154cf7c805dbb3cbec6ad66967b3b21b7b1eebd242acff

SHA512
504a86f3be6408061b880658bccae1eff4d198d2fbd5585bb1ed271de7e3242474b05711c92ef6ca006d72559d1697a6755f9b406fa806f93af0883e1df2a391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
42ac81fdce5aa527b3653c2922f1f97a

SHA1
40db5ded1bef891890451f53cbed12920596e955

SHA256
9c772bfb18718d63735e1e1aaf0428ebef1406843c7bf87600b0858557d9983a

SHA512
812f87e70e2f5b802d6ad271417780ea5bda8f9f306d68497a029dc9c36bb0fd0b7d7d5153be464fecf50cab05fb500762e5ad679d4afbb8441c83de92c0048b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
718B

MD5
fb3ff77e1bf1f01229bed9906c657c76

SHA1
dd826b8e011e64c2bdec8f97c0b3e6e67964ca89

SHA256
d0ede17f2f7c9c521475550e41b649d1082e48206d60a83e4895c5db02a55760

SHA512
d6e219dcbcb288d5bb5b6fdcbe7e5500ee22c8036e6be188b0938b10852bf9ba5a6370fb3f0870f20133670e08a2f51fa938947d139c53657c10e7c02821dc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
245b4e0126f30b1acdedb70604568451

SHA1
24ce00c6f7a270924b2c9294517e3d9cdbe460f5

SHA256
aaf57a6f8aa2b4f5a193e06b4da7939f35bb5875dc711cac884821dd641e9c06

SHA512
ac454395a022b70a39f14507f5aa455ff542c9f6f1ea5fd12cf0d90f983b95d869ab89355625eebb8182bb3d3dc1eede09f749975b7bcc5a83ec66ee14fa2e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5dc01ec58ce050c2196c6320ba6110d7

SHA1
3848e7e85b9b67246b27151a62c87e0b2377b2ab

SHA256
a0c09bdb4c5479944bc62626a924c4f5e495ba3b471dc1baf62dd79503b08da8

SHA512
6a092da2a27f5b88d4d45a8599ded040c97d40af2d9d608b95b681b9f0e2f95baf288b9f64dbc97ca0214ae301b7dc1e1bd4a8fff8f84347a1ff6f6e96f51bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9dccc5d3824a2668cd22a285810d2e5a

SHA1
6345139a42ec098fb484740aba7feb18172ac512

SHA256
e6f0a7aca94ffd24f9720ec0a1106de734bb51c62ad9569a7a38b1ef9304dee8

SHA512
262a2df4580fadd1da61a09ec5c6fb8ffa8763856764c0e3f01e969066318e6b300e22bf60cfb0a1153d187a8971e85d3ce2292e2476bcd42559744e5998b737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f36bc7ade057c512503e842c9757538

SHA1
ad75f31104dbaeb39764e3a04824fe926075d7ed

SHA256
836ea196e415f93efe6b03018d312f18599558424723620fabd083ab5a28b33d

SHA512
336fbff204c8fc035adb19a6cd88331dbfef301a4e4606c8cbfc7850da5d3ad97378b1abada17fe8dd23d2356abf31625eb5be29a8655a6c6b6e9aa4fed362fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
4a2d1bce72a2b9fd169441a0a6790335

SHA1
844b1e193652821613c15b8140c2962b3f58edc4

SHA256
079904214b01ed8f0de94e1820c198452b6d78157ee2e3c08b852a0e5faf377f

SHA512
bfdaf48aa5b2b05e08eb1e9f0ef7dfb4ff628635da25bcff6fb78ea92374d981e81a844e8337ef02297d322fb699122c404abaf38ae59e7646373e3ebfe3af41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a5bdd.TMP

Filesize
368B

MD5
cd1ac0a2e143e026c7bf0143a3ac22e4

SHA1
ebb7cd15f8244fdb14dc0ab7a6754819c3d6f59a

SHA256
7960e189a278e299596d101947e9aa761be74bc31bf723d480ea5a48eac4c5a0

SHA512
ee9432a3fce6fbe9462c2c3f319dc0fb3cdcb9268fd2a2ac1f34fcdb7f4333e32d8787a345591cd2eb215271e7920f86c53e9ce790d619f7c9e133d182f03f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1e508aad9a828ac162c1a684101f34b

SHA1
14c99dbb8d86784ca640f34a9489535e8274b330

SHA256
3f24e680b97a8e06f3fa8763d214ea151150a9075b6d23b7ed3d8c500048d2f4

SHA512
41f8091ce0a1486fc605e3630a77fe43651de62ae78204da6b1dc9921b815a913baa0d660cec3dd99e5d2f5a4f1c11c3c22b05d77cabfcdb459d9dce02fd9f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45427ca2a592f668cbbf4141bb2b8498

SHA1
981a93b8190c46ecc6f91462a7d60fe0d4c68f1a

SHA256
8fe4eab8f2269f7390bb0d1798a64b9ddb09bb562f53413f3a9d3efb0af3506a

SHA512
9c9a2a6bdcb02baf785c4a1e26f4808fa1c4c813c4823da6d890d61e7f22e87f319148b3d9aaee790547cb8f88d1b3b3632a8a6b92c908b306bd8cc5c6cb7e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
014a8e87758537a0826d9f11df5a868d

SHA1
2d15b97a5d59ff4b3f9e54e22268deeb54c27cfc

SHA256
a621c1e67204740c60d2aae51c0ccce4faae5b48bd86c88e466ba09d9c85652b

SHA512
8d6409e8cc460b97863fd2dfd5c495d4d57108a140a24522c6531a1b0787811e7d73d30ff185b2560dbcc7a4125e321f6dc4f3a69624ccde3e810e864b6b9b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0D238BE9-3642-4AF9-B58D-E9618A6ED9BE

Filesize
167KB

MD5
a2176bf4b7d942b40d7a93251cb336e2

SHA1
c4deeef51cee160bf26828dbeae507a5c74eb7cb

SHA256
678999e72e692dd0de75125bab380bbbd3b5fa85b8a57c78c6ac72d07327df00

SHA512
35bfc404358d83a3ac7ab4382647c249beaa9f3c8faee0deebd1c0e22b7dc21e28c4d3dee9465008d97697863fa23db8cbb145e29852f0286a94760cd3ae5aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
72KB

MD5
b31a3a8d3b45c5ab0f0e01b6a8e75faf

SHA1
2748bf7701d97df08ebc820161845b83b0385a35

SHA256
611c65257754f6a50f99fcf61bdb708a40cd2fcabdb01dbca383f7a4a34442bb

SHA512
bb50a4a098f317470a863858f39674f5931eafe622e60c058f7204bd65dbbf1897eaba89d7cff12f391f2bffca4b13a2be88aff5fccaee56cb825c8e58064816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
76KB

MD5
9004ee0b5b66a5bd9ca7a81fc283e379

SHA1
115273ea0c8817284e53543149ce6869eec9daaf

SHA256
c4bd95d9c2bc30b4341352b573b8dbfdf53e2f3c0248f08fadfce390b841760a

SHA512
f65820bf194da98b5cb2265a8c00ab8d990873485148feb54b258cd419c45491553f9f4f4b6f00ff838d7854ebab28e41b52badffe0cbf267c5181344d70de5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
80KB

MD5
3be35a4b78a802a97895555c90331335

SHA1
74b3719caa6f0b8a24afd1516ac9793887d9ca62

SHA256
d1df8b6f8d6ff4d664bdbfa73489d557293baa16b66ac8ddf4dd709fe9a7ee9a

SHA512
e0099b43aadfd47fbb9f6dafe8c59d493940214c533393eae155b5509087b2fa11cc7ceffd20e505acff481dcdf231c62697a097cb3467f5469a4643409a4d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
56KB

MD5
e50f7f43e78587d7dbe12017fc090475

SHA1
95776195a1edcb921ae3f2a3a5f591e0dd33eb5d

SHA256
250e7fb2e2157b6ad8ed4e495204dcf83a5c57baacb2d655e5db3d4845e23bdb

SHA512
e890695aa8d62ba08b16800003dac5d7b38fda2491987f9438fe7116a777bd296795232128d0613b3b0231366f75ffde98b971b1bf5e376cea5d9cef0362315d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
60KB

MD5
9acc383a93877c172d669d06844f5df8

SHA1
1bff44c5e8614cf190711ed64b3da34c7a9b60f0

SHA256
37ccc1dcfcda338317558aa2038cd53ee0c598d36b1f83a55406f4fc9eff018c

SHA512
28212321aa38577987ff36d4d608831f30756653b996b66de2123dad1742afc1fa9ef06c147a945b7041f9f8f0da0fae830a94f25456ac8e35cffc4a16c68e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
64KB

MD5
eac5a8816a514188177be5f4e5b6a154

SHA1
49fc4a0cf17809c855967b1b2194242e4f2fc901

SHA256
e5ba0cdaf537226e5e4bc61699b05a840aa3f40f5f05f93d00f008fa9e6d2e18

SHA512
27bff8fc59f07a351c145ea44699c00cb56036980863cdeaa10d2efce0b1e4873d144fa8e808ebcf6b0697d6819ecbe5669ae56df3bc47845f182326ac4cc758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
1879fdbc0a6fa101836aa41730fe56f7

SHA1
e050dfaf0675b0f1e21d9065e26a38015cbfc9db

SHA256
213ecc8bf19d565988de9d3977e9f81b742b18848d6af136a84dcde5bdf582f9

SHA512
2df3953ecfec1585630e8c655f398eb594118ae0c7b4b9265c156f10b30794f7a944fd9f2d76adaafd1cb1a1b8065a84537e65d8d96d1c59b3be2720f6fe149f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
68KB

MD5
70beb2acea0c971bb0df8730100467b7

SHA1
808c5473ec1169fb39ce297462b19e69b56cabe5

SHA256
3f9df00c1e1a41c950a6bf55e47adc59c88f75673fd9b312012b7381f3bdfe3a

SHA512
c0a311049573b3589b68e698d666ef3e374b17247be6d00ca161ec8e2ea8decbc0dc90e353baa30646cf05d94c270c1923c9e866b4df6000e78559b15b647e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

Filesize
553KB

MD5
57bd9bd545af2b0f2ce14a33ca57ece9

SHA1
15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1

SHA256
a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf

SHA512
d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

Filesize
1KB

MD5
72747c27b2f2a08700ece584c576af89

SHA1
5301ca4813cd5ff2f8457635bc3c8944c1fb9f33

SHA256
6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b

SHA512
3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

Filesize
1KB

MD5
b83ac69831fd735d5f3811cc214c7c43

SHA1
5b549067fdd64dcb425b88fabe1b1ca46a9a8124

SHA256
cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185

SHA512
4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

Filesize
2KB

MD5
771bc7583fe704745a763cd3f46d75d2

SHA1
e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752

SHA256
36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d

SHA512
959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

Filesize
2KB

MD5
09773d7bb374aeec469367708fcfe442

SHA1
2bfb6905321c0c1fd35e1b1161d2a7663e5203d6

SHA256
67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2

SHA512
f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

Filesize
6KB

MD5
e01cdbbd97eebc41c63a280f65db28e9

SHA1
1c2657880dd1ea10caf86bd08312cd832a967be1

SHA256
5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f

SHA512
ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

Filesize
2KB

MD5
19876b66df75a2c358c37be528f76991

SHA1
181cab3db89f416f343bae9699bf868920240c8b

SHA256
a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425

SHA512
78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

Filesize
3KB

MD5
8347d6f79f819fcf91e0c9d3791d6861

SHA1
5591cf408f0adaa3b86a5a30b0112863ec3d6d28

SHA256
e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750

SHA512
9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

Filesize
3KB

MD5
de5ba8348a73164c66750f70f4b59663

SHA1
1d7a04b74bd36ecac2f5dae6921465fc27812fec

SHA256
a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73

SHA512
85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

Filesize
4KB

MD5
f1c75409c9a1b823e846cc746903e12c

SHA1
f0e1f0cf35369544d88d8a2785570f55f6024779

SHA256
fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6

SHA512
ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

Filesize
8KB

MD5
adbbeb01272c8d8b14977481108400d6

SHA1
1cc6868eec36764b249de193f0ce44787ba9dd45

SHA256
9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85

SHA512
c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

Filesize
2KB

MD5
57a6876000151c4303f99e9a05ab4265

SHA1
1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794

SHA256
8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4

SHA512
c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

Filesize
4KB

MD5
d03b7edafe4cb7889418f28af439c9c1

SHA1
16822a2ab6a15dda520f28472f6eeddb27f81178

SHA256
a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665

SHA512
59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

Filesize
5KB

MD5
a23c55ae34e1b8d81aa34514ea792540

SHA1
3b539dfb299d00b93525144fd2afd7dd9ba4ccbf

SHA256
3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd

SHA512
1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

Filesize
6KB

MD5
13e6baac125114e87f50c21017b9e010

SHA1
561c84f767537d71c901a23a061213cf03b27a58

SHA256
3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e

SHA512
673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

Filesize
15KB

MD5
e593676ee86a6183082112df974a4706

SHA1
c4e91440312dea1f89777c2856cb11e45d95fe55

SHA256
deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb

SHA512
11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

Filesize
783B

MD5
f4e9f958ed6436aef6d16ee6868fa657

SHA1
b14bc7aaca388f29570825010ebc17ca577b292f

SHA256
292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b

SHA512
cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

Filesize
1018B

MD5
2c7a9e323a69409f4b13b1c3244074c4

SHA1
3c77c1b013691fa3bdff5677c3a31b355d3e2205

SHA256
8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2

SHA512
087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

Filesize
1KB

MD5
552b0304f2e25a1283709ad56c4b1a85

SHA1
92a9d0d795852ec45beae1d08f8327d02de8994e

SHA256
262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535

SHA512
9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

Filesize
1KB

MD5
22e17842b11cd1cb17b24aa743a74e67

SHA1
f230cb9e5a6cb027e6561fabf11a909aa3ba0207

SHA256
9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42

SHA512
8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

Filesize
3KB

MD5
3c29933ab3beda6803c4b704fba48c53

SHA1
056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c

SHA256
3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633

SHA512
09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

Filesize
1KB

MD5
1f156044d43913efd88cad6aa6474d73

SHA1
1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26

SHA256
4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816

SHA512
df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

Filesize
2KB

MD5
09f3f8485e79f57f0a34abd5a67898ca

SHA1
e68ae5685d5442c1b7acc567dc0b1939cad5f41a

SHA256
69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3

SHA512
0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

Filesize
3KB

MD5
ed306d8b1c42995188866a80d6b761de

SHA1
eadc119bec9fad65019909e8229584cd6b7e0a2b

SHA256
7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301

SHA512
972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

Filesize
4KB

MD5
d9d00ecb4bb933cdbb0cd1b5d511dcf5

SHA1
4e41b1eda56c4ebe5534eb49e826289ebff99dd9

SHA256
85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89

SHA512
8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

Filesize
11KB

MD5
096d0e769212718b8de5237b3427aacc

SHA1
4b912a0f2192f44824057832d9bb08c1a2c76e72

SHA256
9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef

SHA512
99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

Filesize
344B

MD5
5ae2d05d894d1a55d9a1e4f593c68969

SHA1
a983584f58d68552e639601538af960a34fa1da7

SHA256
d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c

SHA512
152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

Filesize
2.3MB

MD5
c2938eb5ff932c2540a1514cc82c197c

SHA1
2d7da1c3bfa4755ba0efec5317260d239cbb51c3

SHA256
5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665

SHA512
5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

Filesize
2.9MB

MD5
9cdabfbf75fd35e615c9f85fedafce8a

SHA1
57b7fc9bf59cf09a9c19ad0ce0a159746554d682

SHA256
969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673

SHA512
348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

Filesize
4KB

MD5
7473be9c7899f2a2da99d09c596b2d6d

SHA1
0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac

SHA256
e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3

SHA512
a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

Filesize
40.2MB

MD5
fb4aa59c92c9b3263eb07e07b91568b5

SHA1
6071a3e3c4338b90d892a8416b6a92fbfe25bb67

SHA256
e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9

SHA512
60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2024-6-16.1247.8112.1.aodl

Filesize
4KB

MD5
d06dfdda113f051b4adf071d9dd945e9

SHA1
bc28202d49e3495299632b535b70b5d00f3a556b

SHA256
c18194f35865252438076cbfca6918fffcda8d7cc5e557f721a0d54bbaa7891e

SHA512
e4c0fa676fa40c2a2ea285b4d90e34c64d7f3952b1d01246211bb778281d6132ea9ef78d0139f63e7d6cdb944c9a18e9038ce0fff6ebe2e3589d3cfec93f1a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceCurrent.0729.0013.etl

Filesize
4KB

MD5
9a41560126c8354c32b75d93e8ee584c

SHA1
fbaa992beeaee5c8cc255e8e916634daf499412c

SHA256
ddea8fcb4cedb1777a890fed6f306e30deaa8c19fbfbf6bbb228de6c36b9044d

SHA512
42a85b22035fe7fe4dfd0c437f1d2a030739e5a044f6f643986c6d67d0f0334cd504f194e9ef7739c303825ca77b450d8f30191fb3a9711d07646b13232a42f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.session

Filesize
20KB

MD5
3a5c2d4c98807fc0e4c87cd50ba20856

SHA1
5a5b7141f824d305721ad8c9e1494896c50587d9

SHA256
14c13dca55f68f6f28aa4d014618da464de0a25671aca7c1e7f8ef6d21841063

SHA512
391441b794e9d928754bcced75161317875a819d980b40c01052c49600669d23b4d3ba2102e6ca25c2f92272e14be5aa7b91e90fa82d8f3fb05fe2f603762fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

Filesize
38B

MD5
cc04d6015cd4395c9b980b280254156e

SHA1
87b176f1330dc08d4ffabe3f7e77da4121c8e749

SHA256
884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e

SHA512
d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

Filesize
108B

MD5
e878c18de6f7cc5b7d4e27f408ed161b

SHA1
d15ec997cf266f8ce9bdcbc52d5f43a34c283a39

SHA256
29fca6b39c2b87d48ec8b7098ca0bb88045e381bb77ecd93c9959639e35cf540

SHA512
099a8e01f3ec74097733b24f66e485941270eec7984af62018cc9871bbbd8cb35d3648628bd75343b59ac52c332876e42fbd7c341fd4f4e058c47264ed214a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

Filesize
77B

MD5
b08e3bb450dd85008411954f7846d82b

SHA1
0b42d884e86da2a09c106fbb9df74253e715e79a

SHA256
6a3e044820d450e5fbf8c130d1e055eb8b7af735fecaaaec7ab122ede33841f3

SHA512
9132b85406a46bbc406092667331a2f9ca252cf099b2d872acad76d1bccb97c9c39009d778e8b82dfaee78a0eef8fbec2f36ac03c46b2633fbfda94dd9eb2c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
0dda79e04794d8eca0f1530be16ce681

SHA1
acf62ba32d9d14c4a46c579176314294775cb773

SHA256
0d54b625d53fd45cafd536e8fb44d6fa972e0dd212b94337512b240e7b3c4d2c

SHA512
dbede0b6af851865a4c02d3755f3add155cdc604459d6feddec3f4a8a5c0fcc1c44961e86467f249b916c9f1d09aceb77bf04a468dab7ad049226347078319d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0001.tmp

Filesize
18KB

MD5
187fa1e52121ee3d75dab44d65116472

SHA1
74b79670ca7006b3c308b6a8020b6637dd9817c2

SHA256
7711dfe43ce352e6298e25fd7c88ea8443c40cafff278de4e80b7f2a0a5309ed

SHA512
5dcf2b30763e18024812bb54448952150dad6b869d5597de9c7ee43b19f59faccc9ee9d1e31e15b508c70cc61a298aa5ddae873a12a6070cd94613e77b165200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GLHGKK59\update100[1].xml

Filesize
726B

MD5
53244e542ddf6d280a2b03e28f0646b7

SHA1
d9925f810a95880c92974549deead18d56f19c37

SHA256
36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d

SHA512
4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PDRW3FJG\www.bing[1].xml

Filesize
17KB

MD5
5928c138f952072680ccfd4531911797

SHA1
888bf30a6419996c66b8592ee12eec8beb951be0

SHA256
43e8001d9896d10dd678dd9d3d0a6267c8bf793b5713fb759cb3dc3431cc8ee8

SHA512
e05671dd7eb8b0850a505745cd768879b9ee2a5b65b6efe79e39ea43f5ee5a8fb2200dcd40506bbeebdb93dae130c8c423fd361f88d69de00619529ff8fd07ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7764.tmp

Filesize
35.9MB

MD5
5b16ef80abd2b4ace517c4e98f4ff551

SHA1
438806a0256e075239aa8bbec9ba3d3fb634af55

SHA256
bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009

SHA512
69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
77B

MD5
30da9955fedb8344cc2ffd240c1ff0e6

SHA1
036873349de6fd34c2ab41a4caff199af06322f0

SHA256
216503bd7fd2316cbc29554ba381d68a63fcf4cb7794d36467c2ad8927a2105c

SHA512
8c559b16a4453758cef9b6291789242e888f64f923ce664a0a4e2733a8fef4d159e287878467000453f1c8267fc29086a8400f86177adc8b72d0f9792a21297a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
0fee23da3c44cde05772f6edc93f6715

SHA1
9444e9049135bca86c6de68a02e053d73bcb4079

SHA256
cf0aba2b387e63c5dbfbbcc2e02bb570f226dec6a634f32f7839fc38f3494444

SHA512
79cff38a9836aab11c61636722c429eafc5abf98a8aae3dbba741d6bd78c98911e54cbcb4344d14871d7495b0518f64ccb526f465876c6627e0199650fae7852

Download Submit
C:\Users\Admin\Desktop\CheckpointRead.dwg

Filesize
299KB

MD5
107150bdea0ae28e3f30718c9b910f11

SHA1
d1f4e338f552a3d47a997e587623f07aca005cbf

SHA256
7adc84bc4e2209cf134a32dff3071ae53d802838724ef0232579e76d51f96e27

SHA512
6e22a4a38ec7ca2c71d29dd7ab4908ecd1cdb22dadbabf406a7303d8a324d3216ab4dd9d0e368d3116ae61ed28ced465e2726e766d96c53264eff9dddbceab20

Download Submit
C:\Users\Admin\Desktop\DismountInitialize.pub

Filesize
146KB

MD5
4e6087f811c92e6268cf967b56f81efb

SHA1
2e6ad4e5f3e24ad48db3b8e0931ca21946fa79df

SHA256
c560171198dab412fb50971e5c43ca15804aff872a7dec58e581e818ca5d91dc

SHA512
bf173273fc5752c1210f7315773c7752422a795ade93c82f1bca20c55510b2f43525eca7a4b675732ad454fd4f185d20127794d20e790ffb44b026f66fba4f81

Download Submit
C:\Users\Admin\Desktop\ExportOpen.dib

Filesize
257KB

MD5
1616ccc78c97bbcb9c8b7d4a9683a780

SHA1
287c1e22e08ec1a76699f7b5a9c3ed79de11dc23

SHA256
cb1afa20ae5004610206a102b9e13b541dd1bfbd930dc793d97b5875402daad1

SHA512
e026e668fd68fe47278ef1916a11c9ccdc932d3e38b5f739f01d39ecf91001f12e956981eaafc48f9df830ff72743042932251d3ccaf69567fcb77517042f79f

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
af5c1b77c35814d6eeeeef1d832f7b73

SHA1
ea3215378f5da90f24686c9bf48063a359f93e4c

SHA256
8758db76118d55a08a15af83256d89cc660bbfbc7b515e0d735aea196158c0f7

SHA512
07c5dd2deda4b95915e3da4aacdf2478b5f82cc08be95464a61a7579866e1fe7a77783e5b36d421af15bdb039f17a83d870b467eb97a0625705aa14652382c86

Download Submit
C:\Users\Admin\Desktop\PublishClose.mpg

Filesize
202KB

MD5
d2439d8fe787768f05c826189c1e790f

SHA1
11a10f6c890e949adbfc99dbcd3cbf60cceae583

SHA256
284d23e8aa535ddf75e8e8b8d738fbd48072b676ad0a18052cb3c1f389ba975b

SHA512
23d9ab5749f0a9e29d292e13db3e35d24fb934ddc73998056ec0a69113ea999ab88ca220828f9aa448c3976a4d92a5c1c142ba044edd86500f97c7345474feed

Download Submit
C:\Users\Admin\Desktop\RedoExpand.mpeg

Filesize
327KB

MD5
3cfa689e0f1ca783c151a0e2410f73c8

SHA1
f08dcfaf2a376b6f9d6091fe7247ac1ec20ea39e

SHA256
833bbdda43dd83b1631f29184661d5cb4247fa6a82c53e723deeed3f8f068570

SHA512
ac2971c59fc68c36f7f5ba27a19b3aaa61845ba6014034ccb48988416745c92ad12919ecd9b7bb132f7d732027bd8b1a5d38605c7e40e1a98b03def9e5f5bcd8

Download Submit
C:\Users\Admin\Desktop\ResizeResume.gif

Filesize
341KB

MD5
a0a0278116c5bce62917b731437809d0

SHA1
202cfcf3ac3b206f954355c5c57030b46b60fd36

SHA256
510f209afe1a67888c53ef591d7fe2dc0498b8f5263fef22e4fcc3d94fa12c79

SHA512
17e76ccfebd80f4ffd9dc41411fa44107d2d12c39fbb8478276a06d3411362f845dae0783702b7b45d18d3ffc6c9541e9a14e4f8034f4b838b1136602b8b3f6c

Download Submit
C:\Users\Admin\Desktop\ResolveClear.js

Filesize
160KB

MD5
3e75c687fe1569c482be6b57d7df5a84

SHA1
85f0b6c09fb2913b5e1eb6522436c31128be2bb4

SHA256
697ae9c8a124f3ed865d3240f2f94c2d2ef27c8af18565f70b2c8209279d2dfa

SHA512
383aeed3cee76c4e66d10523957c44a3358ec2dfbb506dac42694941804b045160ac66e5d8dccd4221112278abd4e180244df82bcbf1d969cbf170bf9846cfd4

Download Submit
C:\Users\Admin\Desktop\ResumeStart.ps1xml

Filesize
285KB

MD5
a38dd0a3276e2de7480d025976f56a0f

SHA1
5696067c068ec2b306a82d5514ca5ca3658081e3

SHA256
77c66bcc942ce000c79b27be9aef7ef478bb125de5a82a8aa50340d3db886dcd

SHA512
64093c9c946008e4cc32e908e9256a57130473c161d572fad4f2a748cdcd8e98ec6463c63ac26dfa829f48f3074bb4314f9b4dcd38f2537bf63b46711e72d58d

Download Submit
C:\Users\Admin\Desktop\ShowWrite.sql

Filesize
215KB

MD5
75ed6e740d2dd020c0b088fbb990ed67

SHA1
24b042a839bae3f2feae45e9b4e7340a04723b8a

SHA256
eb10398dc0185f9a01dea1f086b695265139af0c77ddde1ccdc3c909dd172139

SHA512
297334cd6e1788a95fd5226d6d4f135b90c0f7d96d176ab6ac960c84174964c9bc236b8574523708e7cd5eca60fc92ec9ab723de5f146da899b4b250185e752c

Download Submit
C:\Users\Admin\Desktop\StopUnpublish.sql

Filesize
571KB

MD5
732e5ec9b6af70589d25e6e044e321f0

SHA1
5bc910e4b36ca78fcba41e20cc7cb2b044e823d8

SHA256
a0f0da1d15b11746ff778959edaacf44794cb49f2fad2459fae63bd8ae33c14b

SHA512
60ca10ca8acdcf70efce92c851baee3422a4fb33150db2aaf5b0e95c4c372a66e0490336f48689fd5d227d32d2da54eed50d82044db13abd3732d4005393e294

Download Submit
C:\Users\Admin\Desktop\UndoInstall.xlt

Filesize
410KB

MD5
68f8671b5829d89ec32665ca31949a52

SHA1
9889e81dfdff75324240e1845e9448962529e081

SHA256
caf9d16df0d5c9a43eaa878a4ac816ff999cd0a38f91b47fae35c638a049fc30

SHA512
8c55333b027aedf29b43b7a52923a5d1a231ec518be5aa1e5677b07d4d0e102b4fa48d885e7c46f4975150d34e6f88819d71eaf2df34c7a82c52a53161b35062

Download Submit
C:\Users\Admin\Desktop\UninstallOpen.xml

Filesize
243KB

MD5
063cd96b844f87b0cf96129fb4f999e2

SHA1
572739da572abc9175eb6b6cf4d2ff836127fd16

SHA256
35b3a3eb11a4ede457df19ae9261c498bbce06664418ca63bf7b215666dd9bde

SHA512
da15d50795af8d3937a8968a371a2f3a58a2dc45a67a31418d2c94ac98c3c3db18b9d16934b2615dddf9e6d5c418a60f5b6c9ad618e903c3e176992bab8ea9fa

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
dbbb48581b5c501726b3bad2836438ee

SHA1
a70c540fb4cd032f0b96e37ece2c37cbcabb280e

SHA256
d07854f5407d138bfff2b6aba75517c145bc7ba29a80d1a3027ce58100414db8

SHA512
0fee5acddadd35cb112cbe5c03fb90ac7a8c2b042f2763df1af0e074c207c327d4b4be5dffd8b3c3d165b76c81d2bc76cd9e426f18fe12064ce713cdeb5dea02

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
764d61d6149c74509ac052bce13a8cb9

SHA1
c05980d9f29a81e5bd41f9f9beafb472cabe290d

SHA256
0976781da2dcc128e9d20bd36f0f27a9e7a0f0501a75343c31df94fda9787167

SHA512
7de7e218d057beecaedecd31792527b0861dc75ec56beca31f2fc7fa0afe66e30266c72fb9970c594e5c0d828a7b466ea0888c7aa1207b5ae54a63e84f5ec144

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
4cd34b30bc1a3ecef9c607bb5e9b76f7

SHA1
62def9e95b5b5eca9aae408cdb978bbd504bad8a

SHA256
dea8959e5b6eb3b51c7ae0e4b704de50abde290c74f1a9849917e86c52eedc58

SHA512
c57b222d4395d91ff2e7c26fdcf8e3e36af20053bfdd09b71f88e0429fcb7ca596c0cbfad461bed5e3e4e125163cc3015f1bcf1630280bfd780697a7527fc029

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
5a211730bce9e9f8b299f306a9a0b053

SHA1
ff229d529e744c2005b57c4f314b08257bdc651e

SHA256
bee7db0457a3e79c4132c7662302168faf63316771aa31cb38fe93c9b6bd2769

SHA512
f6e43f37b68542a63a2a227e8e320d6d8e4009500e75b51343dba5afd0a28681877a0352a733e595dd00ef580f7fe9bc02a7edea554b790c700286007faacd26

Download Submit
memory/1432-79-0x00007FF637040000-0x00007FF637138000-memory.dmp

Filesize
992KB

Download
memory/1432-84-0x00007FF9352E0000-0x00007FF9352F1000-memory.dmp

Filesize
68KB

Download
memory/1432-83-0x00007FF936630000-0x00007FF936647000-memory.dmp

Filesize
92KB

Download
memory/1432-81-0x00007FF923BE0000-0x00007FF923E96000-memory.dmp

Filesize
2.7MB

Download
memory/1432-87-0x00007FF928200000-0x00007FF928211000-memory.dmp

Filesize
68KB

Download
memory/1432-86-0x00007FF928220000-0x00007FF92823D000-memory.dmp

Filesize
116KB

Download
memory/1432-89-0x00007FF924170000-0x00007FF9241D7000-memory.dmp

Filesize
412KB

Download
memory/1432-85-0x00007FF9273B0000-0x00007FF9273C7000-memory.dmp

Filesize
92KB

Download
memory/1432-88-0x00007FF924560000-0x00007FF925610000-memory.dmp

Filesize
16.7MB

Download
memory/1432-82-0x00007FF9408B0000-0x00007FF9408C8000-memory.dmp

Filesize
96KB

Download
memory/1432-80-0x00007FF92F870000-0x00007FF92F8A4000-memory.dmp

Filesize
208KB

Download
memory/3064-16-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-17-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-18-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-14-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-13-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-12-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-8-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-2-0x00007FF90FBB0000-0x00007FF90FBC0000-memory.dmp

Filesize
64KB

Download
memory/3064-9-0x00007FF90D870000-0x00007FF90D880000-memory.dmp

Filesize
64KB

Download
memory/3064-414-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-10-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-6-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-7-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-5-0x00007FF90FBB0000-0x00007FF90FBC0000-memory.dmp

Filesize
64KB

Download
memory/3064-4-0x00007FF94FBC3000-0x00007FF94FBC4000-memory.dmp

Filesize
4KB

Download
memory/3064-1-0x00007FF90FBB0000-0x00007FF90FBC0000-memory.dmp

Filesize
64KB

Download
memory/3064-3-0x00007FF90FBB0000-0x00007FF90FBC0000-memory.dmp

Filesize
64KB

Download
memory/3064-15-0x00007FF90D870000-0x00007FF90D880000-memory.dmp

Filesize
64KB

Download
memory/3064-306-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3064-0-0x00007FF90FBB0000-0x00007FF90FBC0000-memory.dmp

Filesize
64KB

Download
memory/3064-11-0x00007FF94FB20000-0x00007FF94FD29000-memory.dmp

Filesize
2.0MB

Download
memory/3416-107-0x00007FF9281E0000-0x00007FF9281F1000-memory.dmp

Filesize
68KB

Download
memory/3416-113-0x00007FF9281C0000-0x00007FF9281D8000-memory.dmp

Filesize
96KB

Download
memory/3416-114-0x00007FF9242B0000-0x00007FF9242C1000-memory.dmp

Filesize
68KB

Download
memory/3416-101-0x00007FF92F870000-0x00007FF92F8A4000-memory.dmp

Filesize
208KB

Download
memory/3416-104-0x00007FF936630000-0x00007FF936647000-memory.dmp

Filesize
92KB

Download
memory/3416-105-0x00007FF9352E0000-0x00007FF9352F1000-memory.dmp

Filesize
68KB

Download
memory/3416-102-0x00007FF923BE0000-0x00007FF923E96000-memory.dmp

Filesize
2.7MB

Download
memory/3416-122-0x00007FF924170000-0x00007FF9241D7000-memory.dmp

Filesize
412KB

Download
memory/3416-120-0x00007FF924210000-0x00007FF924228000-memory.dmp

Filesize
96KB

Download
memory/3416-124-0x00007FF9240D0000-0x00007FF9240E1000-memory.dmp

Filesize
68KB

Download
memory/3416-121-0x00007FF9241E0000-0x00007FF924210000-memory.dmp

Filesize
192KB

Download
memory/3416-125-0x00007FF924070000-0x00007FF9240C7000-memory.dmp

Filesize
348KB

Download
memory/3416-126-0x00007FF923800000-0x00007FF92382C000-memory.dmp

Filesize
176KB

Download
memory/3416-108-0x00007FF928220000-0x00007FF92823D000-memory.dmp

Filesize
116KB

Download
memory/3416-123-0x00007FF9240F0000-0x00007FF92416C000-memory.dmp

Filesize
496KB

Download
memory/3416-111-0x00007FF924300000-0x00007FF924341000-memory.dmp

Filesize
260KB

Download
memory/3416-110-0x00007FF924350000-0x00007FF92455B000-memory.dmp

Filesize
2.0MB

Download
memory/3416-109-0x00007FF928200000-0x00007FF928211000-memory.dmp

Filesize
68KB

Download
memory/3416-112-0x00007FF9242D0000-0x00007FF9242F1000-memory.dmp

Filesize
132KB

Download
memory/3416-115-0x00007FF924290000-0x00007FF9242A1000-memory.dmp

Filesize
68KB

Download
memory/3416-116-0x00007FF924270000-0x00007FF924281000-memory.dmp

Filesize
68KB

Download
memory/3416-117-0x00007FF924250000-0x00007FF92426B000-memory.dmp

Filesize
108KB

Download
memory/3416-118-0x00007FF924230000-0x00007FF924241000-memory.dmp

Filesize
68KB

Download
memory/3416-95-0x00007FF637040000-0x00007FF637138000-memory.dmp

Filesize
992KB

Download
memory/3416-106-0x00007FF9273B0000-0x00007FF9273C7000-memory.dmp

Filesize
92KB

Download
memory/3416-103-0x00007FF9408B0000-0x00007FF9408C8000-memory.dmp

Filesize
96KB

Download
memory/4684-49-0x00007FF936630000-0x00007FF936647000-memory.dmp

Filesize
92KB

Download
memory/4684-50-0x00007FF9352E0000-0x00007FF9352F1000-memory.dmp

Filesize
68KB

Download
memory/4684-48-0x00007FF9408B0000-0x00007FF9408C8000-memory.dmp

Filesize
96KB

Download
memory/4684-47-0x00007FF923BE0000-0x00007FF923E96000-memory.dmp

Filesize
2.7MB

Download
memory/4684-45-0x00007FF637040000-0x00007FF637138000-memory.dmp

Filesize
992KB

Download
memory/4684-46-0x00007FF92F870000-0x00007FF92F8A4000-memory.dmp

Filesize
208KB

Download