Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kodiak Hub Procurement Ltd Project portfolio 2025.docx.doc

Overview

General Information

Sample name:Kodiak Hub Procurement Ltd Project portfolio 2025.docx.doc
Analysis ID:1595937
MD5:3e80952cd95eab2fb68521115f2eacff
SHA1:ad0f84f9846a0ae52d0401d9c9a2e015a7e371b5
SHA256:093e8f9bb629b61a5c8bcf53f87226481c2c1b85288242f8f086cea89551d324
Tags:docuser-TeamDreier
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
Document exploit detected (process start blacklist hit)
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Sigma detected: Legitimate Application Dropped Archive
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected WebBrowserPassView password recovery tool
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Execution From GUID Like Folder Names
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w11x64_office
  • WINWORD.EXE (PID: 7428 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: A9F0EC89897AC6C878D217DFB64CA752)
    • unarchiver.exe (PID: 3304 cmdline: "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 6868 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 3044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • cmd.exe (PID: 5868 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe" MD5: 7B2C2B671D3F48A01B334A0070DEC0BD)
        • conhost.exe (PID: 5288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
        • The key responsibilities Doc .exe (PID: 6420 cmdline: "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe" MD5: 180894D8274364D48640A3A89D951C33)
          • cmd.exe (PID: 6948 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 2776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
              • Conhost.exe (PID: 9184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6908 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 4796 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 3972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6332 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 3624 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6312 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6672 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 6748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 7004 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 1336 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 6336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6176 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6372 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 4364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6440 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6168 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 6612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6276 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 7056 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 7112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 7196 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 4956 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 3092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 7632 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6156 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 5732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 6284 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6116 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 7416 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6344 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 7220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 7940 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 7368 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8072 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 7508 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 5552 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 7776 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 4108 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8080 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 2112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8240 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 6056 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 2696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 1756 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 3932 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 4904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8384 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 7580 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8400 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8248 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8424 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
            • Conhost.exe (PID: 8292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • cmd.exe (PID: 8312 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8572 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8376 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8692 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8476 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8632 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8536 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8740 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8640 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8764 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8656 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 8796 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8728 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 9076 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8836 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 9056 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 8944 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 8976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 3656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
              • Conhost.exe (PID: 9424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
                • Conhost.exe (PID: 9592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
                • Conhost.exe (PID: 2216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • cmd.exe (PID: 9048 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 9088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Chrom.exe (PID: 9212 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)
          • cmd.exe (PID: 9136 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 9180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • cmd.exe (PID: 4224 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" " MD5: 428CEC6B0034E0F183EB5BAE887BE480)
            • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 8676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
              • Conhost.exe (PID: 3488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 4480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 1948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 10184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 9148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 3540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 9124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 2820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 3696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 5528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 4880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 2236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • Conhost.exe (PID: 10216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 1248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 3696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 8504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 8640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 6672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 2480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
          • Conhost.exe (PID: 9860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
    • unarchiver.exe (PID: 9192 cmdline: "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 1380 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 3244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
    C:\Windows\System32\Chrom.exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
      C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun\The key responsibilities Doc .exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000003E.00000002.13464519175.000000000044F000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
          00000021.00000000.13194057357.000000000044F000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
            00000043.00000000.13242431814.000000000044F000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
              0000003B.00000002.13440224933.000000000044F000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                00000057.00000002.13501902455.000000000044F000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                  Click to see the 71 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  12.2.The key responsibilities Doc .exe.19e63d568c8.3.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                    59.2.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                      74.0.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                        67.0.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                          104.2.Chrom.exe.400000.0.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                            Click to see the 62 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Legitimate Application Dropped Archive
                            Source: File createdAuthor: frack113, Florian Roth: Data: EventID: 11, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 7428, TargetFilename: C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip
                            Sigma detected: New RUN Key Pointing to Suspicious Folder
                            Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe, ProcessId: 6420, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Application
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe, ProcessId: 6420, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Application
                            Sigma detected: Suspicious Execution From GUID Like Folder Names
                            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip", CommandLine: "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip", CommandLine|base64offset|contains: , Image: C:\Windows\System32\unarchiver.exe, NewProcessName: C:\Windows\System32\unarchiver.exe, OriginalFileName: C:\Windows\System32\unarchiver.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, ParentProcessId: 7428, ParentProcessName: WINWORD.EXE, ProcessCommandLine: "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip", ProcessId: 3304, ProcessName: unarchiver.exe

                            Suricata Signatures

                            No Suricata rule has matched

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: https://login.live.coAvira URL Cloud: Label: malware
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun\The key responsibilities Doc .exeReversingLabs: Detection: 47%
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeReversingLabs: Detection: 47%
                            Source: C:\Windows\System32\Chrom.exeReversingLabs: Detection: 80%
                            Multi AV Scanner detection for submitted file
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docReversingLabs: Detection: 47%
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docVirustotal: Detection: 36%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun\The key responsibilities Doc .exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeJoe Sandbox ML: detected
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00407687 GetProcAddress,FreeLibrary,CryptUnprotectData,CryptUnprotectData,19_2_00407687

                            Phishing

                            barindex
                            AI detected landing page (webpage, office document or email)
                            Source: Screenshot id: 10Joe Sandbox AI: Page contains button: 'Open' Source: 'Screenshot id: 10'
                            Source: Screenshot id: 10Joe Sandbox AI: Screenshot id: 10 contains prominent button: 'open'
                            Source: Screenshot id: 11Joe Sandbox AI: Page contains button: 'Open' Source: 'Screenshot id: 11'
                            Source: Screenshot id: 11Joe Sandbox AI: Screenshot id: 11 contains prominent button: 'open'
                            Source: Screenshot id: 12Joe Sandbox AI: Page contains button: 'Open' Source: 'Screenshot id: 12'
                            Source: Screenshot id: 12Joe Sandbox AI: Screenshot id: 12 contains prominent button: 'open'
                            Source: Screenshot id: 7Joe Sandbox AI: Page contains button: 'Open' Source: 'Screenshot id: 7'
                            Source: Screenshot id: 7Joe Sandbox AI: Screenshot id: 7 contains prominent button: 'open'
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
                            Source: Binary string: C:\Users\GO TECH COMPUTERS\source\repos\Browser\obj\Debug\Browser.pdb source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe.105.dr, The key responsibilities Doc .exe.8.dr
                            Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000002.13381544513.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000000.13193416050.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000000.13194057357.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000002.13304461129.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000002.13510122546.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000000.13195909333.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000000.13207792567.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000002.13412258530.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000002.13388936632.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000000.13209020725.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002F.00000000.13213106009.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002F.00000002.13430143829.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000033.00000002.13392932110.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000033.00000000.13212063103.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000036.00000000.13216851196.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000036.00000002.13457893428.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000039.00000000.13228211993.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000039.00000002.13703742860.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000003B.00000002.13440224933.000000000044F000.00000002.000
                            Source: Binary string: C:\Users\GO TECH COMPUTERS\source\repos\Browser\obj\Debug\Browser.pdb" source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe.105.dr, The key responsibilities Doc .exe.8.dr
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040B477 FindFirstFileW,FindNextFileW,19_2_0040B477

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\unarchiver.exe
                            Source: Chrom.exe, 00000013.00000003.13401980577.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13419990956.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354275153.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000013.00000003.13401980577.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13419990956.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354275153.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000063.00000003.13614309051.0000000000A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login. equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000063.00000003.13614309051.0000000000A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login. equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000062.00000003.13516358988.0000000002230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login.[]( equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000062.00000003.13516358988.0000000002230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login.[]( equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000068.00000003.13516577498.0000000002150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginL equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000068.00000003.13516577498.0000000002150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginL equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000057.00000003.13499702342.0000000002110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logino equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000057.00000003.13499702342.0000000002110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logino equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 0000003B.00000003.13409574489.00000000020C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login~ equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 0000003B.00000003.13409574489.00000000020C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //C:\Users\user\Downloads\Reader_en_install.exe/160ms-gamingoverlay:///file:///C:/Users/user/Downloads/autoit-v3-setup.zipms-gamingoverlay://kglcheck/https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIhttps://fpt.live.com/https://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login~ equals www.yahoo.com (Yahoo)
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                            Source: Chrom.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000013.00000003.13403054767.0000000002211000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13421536120.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354383060.00000000020B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000013.00000003.13403054767.0000000002211000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13421536120.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354383060.00000000020B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000063.00000003.13614430109.0000000000A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login. equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000063.00000003.13614430109.0000000000A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login. equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000062.00000003.13516684042.0000000002231000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login.[]( equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000062.00000003.13516684042.0000000002231000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login.[]( equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000068.00000003.13516900712.0000000002151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginL equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000068.00000003.13516900712.0000000002151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginL equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 00000057.00000003.13499865166.0000000002111000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logino equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 00000057.00000003.13499865166.0000000002111000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logino equals www.yahoo.com (Yahoo)
                            Source: Chrom.exe, 0000003B.00000003.13414068004.00000000020C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login~ equals www.facebook.com (Facebook)
                            Source: Chrom.exe, 0000003B.00000003.13414068004.00000000020C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=1033&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=True&session_id=f79511e86c1f4ab69498b2fb7f2923a5&id=6444f2ea-8677-2cb9-1627-be4beb4fef18&w=8DD183FF504C35B&tkt=taBcrIH61PuCVH7eNCyH0CYjjbqLuI8XF8pleSQW5NZAAvLyGvMFy7BZ7fuqycjC%252fWis6Zy%252bQrOFPHhkA7wqf%252faPP%252bzjDo1GLjQxK4NeD1NiGvUp5tbmX3ytcnhMgigwmIbmM9dr%252bRIkJLjNlsjLeIVIXsh9nJJjj8PuE0J7wv6pGv725lCYeUykNU%252bHolTZp7luhh1QtQ%252bW9gsYMKwVjw0gmOG2dT3UOI3lGTz1cpQz279Fb3yoVHK%252fdJflEfLUAD5lkBOWXHTvofGwwN%252fKj8jzE1I7fhm3JR9piRzG9Am4xMpldFfNI0cakyOEW4Op&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33dhttps://fpt2.microsoft.com/Clear.HTMLms-settings:windowsupdate?winsettingshomems-settings:windowsupdatems-settings:keyboardres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/complete.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/welcome.htmlres://C:%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cjds1062875.tmp%5CJavaSetup8u431.exe/progress.htmlms-settings:networkms-settings:dateandtimefile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/cred.txtfile://192.168.2.1/all/UpdateScripts/allow-signin-to-office.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login~ equals www.yahoo.com (Yahoo)
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comi
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comk
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14190885198.0000019E53C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: Chrom.exe, 00000013.00000002.13409562504.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13431673268.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13356354380.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13377044126.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13375755037.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000021.00000002.13303097024.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000023.00000002.13506512917.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13406288189.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13382028308.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13421708516.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000033.00000002.13387672582.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13447878660.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000039.00000002.13702977906.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13432325807.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13458745179.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000041.00000002.13469792932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000043.00000002.13470576002.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13466392148.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000004A.00000002.13494365421.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000002.13487066030.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000051.00000002.13477981326.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000002.13381544513.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000000.13193416050.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000000.13194057357.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000002.13304461129.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000002.13510122546.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000000.13195909333.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000000.13207792567.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000002.13412258530.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000002.13388936632.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000000.13209020725.000000000044F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.nirsoft.net/
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: Chrom.exe, 00000039.00000002.13704535767.0000000000614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.
                            Source: Chrom.exe, 00000021.00000002.13309351797.0000000000620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.8F
                            Source: Chrom.exe, 00000033.00000002.13407032845.0000000000790000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13470136591.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13487604714.0000000000890000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000052.00000002.13514570808.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.com/?ses
                            Source: Chrom.exe, 00000059.00000002.13523859315.0000000000520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.com/?sesM
                            Source: Chrom.exe, 00000018.00000002.13446406455.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.com/?sesb
                            Source: Chrom.exe, 00000013.00000002.13435419243.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000013.00000003.13404137889.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000013.00000003.13401980577.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000013.00000003.13404729752.0000000002210000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13425027685.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13422573169.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13456715963.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13419990956.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13357961829.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354275153.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13376408741.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354551921.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354467901.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13405379961.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13371399539.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13370851663.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13371807020.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13364171290.00000000021F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13374043792.00000000021F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13374000780.00000000021F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13374086326.00000000021F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpt.live.com/?session_id=f79511e86c1f4ab69498b2fb7f2923a5&CustomerId=33e01921-4d64-4f8c-a055
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/main/LICENSE).
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/master/LICENSE).
                            Source: Chrom.exe, 0000002C.00000002.13401102449.0000000000710000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13464523937.0000000000694000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13451741938.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000043.00000002.13489122277.0000000000650000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.13530162125.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.co
                            Source: Chrom.exe, 00000023.00000002.13511576593.0000000000550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.cola
                            Source: Chrom.exe, 00000013.00000002.13409562504.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13431673268.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13356354380.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13377044126.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13375755037.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000021.00000002.13303097024.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000023.00000002.13506512917.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13406288189.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13382028308.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13421708516.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000033.00000002.13387672582.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13447878660.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000039.00000002.13702977906.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13432325807.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13458745179.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000041.00000002.13469792932.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000043.00000002.13470576002.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13466392148.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000004A.00000002.13494365421.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000002.13487066030.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000051.00000002.13477981326.000000000018F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                            Source: Chrom.exe, 00000068.00000002.13527903621.000000000018F000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000068.00000003.13516437044.0000000002189000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000003.13515624649.000000000217E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/C:
                            Source: Chrom.exe, 00000013.00000002.13437976076.0000000002222000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13458567249.00000000020F2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13381152460.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13407552876.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13373712941.00000000021FA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13403902194.00000000021FA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13298409498.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000002.13326825749.0000000002202000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13296913812.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13489671620.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13493700399.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000002.13515190483.00000000020B2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13436386876.0000000002202000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000003.13377569793.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000003.13378352148.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13407213005.00000000020E2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13449914168.00000000020C1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000033.00000002.13417778915.00000000022A2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13474206324.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000039.00000002.13706083572.0000000002192000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13457791619.00000000020C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
                            Source: Chrom.exe, 00000013.00000002.13437976076.0000000002222000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13458567249.00000000020F2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13381152460.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13407552876.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13373712941.00000000021FA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13403902194.00000000021FA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13298409498.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000002.13326825749.0000000002202000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13296913812.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13489671620.00000000020B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13493700399.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000002.13515190483.00000000020B2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13436386876.0000000002202000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000003.13377569793.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000003.13378352148.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13407213005.00000000020E2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13449914168.00000000020C1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000033.00000002.13417778915.00000000022A2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13474206324.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000039.00000002.13706083572.0000000002192000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13457791619.00000000020C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com//
                            Source: Chrom.exe, 0000001F.00000002.13389185733.0000000000690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oaJQ
                            Source: Chrom.exe, 00000018.00000002.13446406455.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13357961829.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13401102449.0000000000710000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13437716957.0000000000665000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13464523937.0000000000694000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000039.00000002.13704535767.0000000000614000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13451741938.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13470136591.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000041.00000002.13488616266.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000043.00000002.13489122277.0000000000650000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13487604714.0000000000890000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000002.13503191002.0000000000634000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000057.00000002.13515717241.0000000000770000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000059.00000002.13523859315.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005A.00000002.13527398572.0000000000690000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.13530162125.000000000067F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000002.13544204659.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                            Source: Chrom.exe, 00000013.00000002.13428257198.0000000000840000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13392136746.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000002.13511576593.0000000000550000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13419141832.0000000000680000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.13535284976.00000000006F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
                            Source: Chrom.exe, 00000013.00000003.13403054767.0000000002211000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13421536120.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354383060.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13371062182.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13373712941.00000000021F1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13298409498.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13493700399.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000003.13401261316.00000000021F1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000003.13378352148.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000003.13412814495.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000033.00000003.13384115235.0000000002291000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000003.13437687698.00000000020B1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000039.00000003.13701680140.0000000002181000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000003.13414068004.00000000020C1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000003.13449703892.0000000002261000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000041.00000003.13460788254.0000000000901000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000043.00000003.13450890163.0000000000921000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000049.00000003.13458142796.00000000022C1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000004A.00000003.13473215463.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000003.13473980264.0000000002171000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000051.00000003.13469252804.0000000002301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfh
                            Source: Chrom.exe, 00000018.00000002.13446406455.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13419141832.0000000000680000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13437716957.0000000000665000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13470136591.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13487604714.0000000000890000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000002.13503191002.0000000000634000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000057.00000002.13515717241.0000000000770000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000059.00000002.13523859315.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005A.00000002.13527398572.0000000000690000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000002.13544204659.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                            Source: Chrom.exe, 00000033.00000002.13407032845.0000000000790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_lo
                            Source: Chrom.exe, 00000013.00000002.13428257198.0000000000840000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.13446406455.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000002.13357961829.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13392136746.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13389185733.0000000000690000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000002.13309351797.0000000000620000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002B.00000002.13419141832.0000000000680000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002C.00000002.13401102449.0000000000710000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.13437716957.0000000000665000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000036.00000002.13464523937.0000000000694000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003B.00000002.13451741938.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000003E.00000002.13470136591.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000041.00000002.13488616266.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000043.00000002.13489122277.0000000000650000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000049.00000002.13487604714.0000000000890000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000004C.00000002.13503191002.0000000000634000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000051.00000002.13500143966.0000000000790000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000052.00000002.13514570808.0000000000820000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000057.00000002.13515717241.0000000000770000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000059.00000002.13523859315.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005A.00000002.13527398572.0000000000690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                            Source: Chrom.exe, 00000013.00000002.13428257198.0000000000840000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.13392136746.000000000065A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.13535284976.00000000006F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oautx
                            Source: Chrom.exeString found in binary or memory: https://login.yahoo.com/config/login
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14195795694.0000019E6E102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL)
                            Source: Chrom.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                            Source: chp5DDA.tmp.81.dr, chp4D21.tmp.54.dr, chp64B0.tmp.82.dr, chp6992.tmp.99.dr, chp4AA0.tmp.65.dr, chp369B.tmp.19.dr, chp651D.tmp.89.dr, chp3EB9.tmp.43.dr, chp369C.tmp.28.dr, chp5639.tmp.57.dr, chp4EF5.tmp.62.dr, chp367C.tmp.25.dr, chp3B00.tmp.24.dr, chp63D5.tmp.87.dr, chp5733.tmp.76.dr, chp47F1.tmp.47.dr, chp3D90.tmp.51.dr, chp6471.tmp.90.dr, chp68F6.tmp.91.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0041138D OpenClipboard,GetLastError,DeleteFileW,19_2_0041138D
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00409E39 EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,19_2_00409E39
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00409EA1 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,19_2_00409EA1
                            Source: Chrom.exeProcess created: 63
                            Source: Conhost.exeProcess created: 81
                            Source: conhost.exeProcess created: 41
                            Source: cmd.exeProcess created: 73
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,19_2_0040BAE3
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile created: C:\Windows\System32\Chrom.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile created: C:\Windows\System32\windown.batJump to behavior
                            Source: C:\Windows\System32\Chrom.exeFile created: C:\Windows\SysWOW64\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeCode function: 12_2_00007FFCC6C0753612_2_00007FFCC6C07536
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeCode function: 12_2_00007FFCC6C0872912_2_00007FFCC6C08729
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044A03019_2_0044A030
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040612B19_2_0040612B
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0043E13D19_2_0043E13D
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044B18819_2_0044B188
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044227319_2_00442273
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044D38019_2_0044D380
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044A5F019_2_0044A5F0
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004125F619_2_004125F6
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004065BF19_2_004065BF
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004086CB19_2_004086CB
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004066BC19_2_004066BC
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044D76019_2_0044D760
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00405A4019_2_00405A40
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00449A4019_2_00449A40
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00405AB119_2_00405AB1
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00405B2219_2_00405B22
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044ABC019_2_0044ABC0
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00405BB319_2_00405BB3
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00417C6019_2_00417C60
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044CC7019_2_0044CC70
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00418CC919_2_00418CC9
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044CDFB19_2_0044CDFB
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044CDA019_2_0044CDA0
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044AE2019_2_0044AE20
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00415E3E19_2_00415E3E
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00437F3B19_2_00437F3B
                            Source: C:\Windows\System32\Chrom.exeCode function: String function: 0044DDB0 appears 33 times
                            Source: C:\Windows\System32\Chrom.exeCode function: String function: 004186B6 appears 58 times
                            Source: C:\Windows\System32\Chrom.exeCode function: String function: 004188FE appears 88 times
                            Source: C:\Windows\System32\Chrom.exeCode function: String function: 00418555 appears 34 times
                            Source: classification engineClassification label: mal96.troj.spyw.expl.evad.winDOC@833/32@0/0
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0041A225 GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,19_2_0041A225
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0041A6AF GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,19_2_0041A6AF
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00415799 CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,CloseHandle,free,Process32NextW,CloseHandle,19_2_00415799
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00416A46 FindResourceW,SizeofResource,LoadResource,LockResource,19_2_00416A46
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$diak Hub Procurement Ltd Project portfolio 2025.docx.docJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3044:120:WilError_03
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{B616E6F2-C24B-43D9-AF92-C1D586B7D4DC} - OProcSessId.datJump to behavior
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docOLE indicator, Word Document stream: true
                            Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docOLE document summary: title field not present or empty
                            Source: ~WRD0000.tmp.0.drOLE document summary: title field not present or empty
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\Chrom.exeSystem information queried: HandleInformation
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                            Source: Chrom.exe, 00000013.00000003.13364562083.0000000002222000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000013.00000003.13347923889.0000000002222000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13388940774.00000000020F1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13376387244.00000000020F1000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13310952890.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13329527117.00000000020C2000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13321320751.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13332187320.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13322204132.0000000002216000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13290746985.0000000002226000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000023.00000003.13323571331.00000000020D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE plus_addresses (profile_id VARCHAR PRIMARY KEY, facet VARCHAR, plus_address VARCHAR);
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                            Source: Chrom.exe, 00000013.00000003.13401870261.0000000002249000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000013.00000003.13400335077.000000000223E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13419551543.0000000002119000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.13417752817.000000000210E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13354139377.00000000020E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000019.00000003.13352587360.00000000020DE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13368251304.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.13365787643.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000002.13401565890.0000000000A99000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001F.00000003.13374131497.0000000000A99000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000021.00000003.13300466297.0000000000A39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docReversingLabs: Detection: 47%
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docVirustotal: Detection: 36%
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\unarchiver.exe "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"
                            Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\unarchiver.exe "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\unarchiver.exe "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"Jump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\System32\unarchiver.exe "C:\Windows\System32\unarchiver.exe" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: msftedit.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: dwrite.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: windows.globalization.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: globinputhost.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: dataexchange.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: twinapi.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: textinputframework.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: coreuicomponents.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: ieframe.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: cfgmgr32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: windows.system.launcher.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: msvcp110_win.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: windows.staterepositorycore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: virtdisk.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: smartscreenps.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: textshaping.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: textinputframework.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: coremessaging.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: coreuicomponents.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: textshaping.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: textinputframework.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: coremessaging.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: coreuicomponents.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: appidapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: srpapi.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: version.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: wintypes.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: pstorec.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: vaultcli.dll
                            Source: C:\Windows\System32\Chrom.exeSection loaded: dpapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
                            Source: C:\Windows\System32\Chrom.exeAutomated click: OK
                            Source: C:\Windows\System32\Chrom.exeAutomated click: OK
                            Source: C:\Windows\System32\Chrom.exeAutomated click: OK
                            Source: C:\Windows\System32\Conhost.exeAutomated click: OK
                            Source: C:\Windows\System32\Conhost.exeAutomated click: OK
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile opened: C:\Windows\SYSTEM32\MsftEdit.DLLJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
                            Source: Binary string: C:\Users\GO TECH COMPUTERS\source\repos\Browser\obj\Debug\Browser.pdb source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe.105.dr, The key responsibilities Doc .exe.8.dr
                            Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe, 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000002.13381544513.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000001F.00000000.13193416050.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000000.13194057357.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000021.00000002.13304461129.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000002.13510122546.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000023.00000000.13195909333.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000000.13207792567.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002B.00000002.13412258530.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000002.13388936632.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002C.00000000.13209020725.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002F.00000000.13213106009.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000002F.00000002.13430143829.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000033.00000002.13392932110.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000033.00000000.13212063103.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000036.00000000.13216851196.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000036.00000002.13457893428.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000039.00000000.13228211993.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 00000039.00000002.13703742860.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, Chrom.exe, 0000003B.00000002.13440224933.000000000044F000.00000002.000
                            Source: Binary string: C:\Users\GO TECH COMPUTERS\source\repos\Browser\obj\Debug\Browser.pdb" source: The key responsibilities Doc .exe, 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, The key responsibilities Doc .exe.105.dr, The key responsibilities Doc .exe.8.dr
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docInitial sample: OLE indicators vbamacros = False
                            Source: The key responsibilities Doc .exe.8.drStatic PE information: 0x82A12F66 [Mon Jun 13 18:11:50 2039 UTC]
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004053E1 LoadLibraryW,GetProcAddress,FreeLibrary,#17,MessageBoxW,19_2_004053E1
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeCode function: 12_2_00007FFCC6C01B0D push E95C48DBh; ret 12_2_00007FFCC6C01C19
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeCode function: 12_2_00007FFCC6C004A8 push ebx; iretd 12_2_00007FFCC6C0066A
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeCode function: 12_2_00007FFCC6C0063D push ebx; iretd 12_2_00007FFCC6C0066A
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_00446B75 push ecx; ret 19_2_00446B85
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044DDB0 push eax; ret 19_2_0044DDC4
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0044DDB0 push eax; ret 19_2_0044DDEC

                            Persistence and Installation Behavior

                            barindex
                            Drops executables to the windows directory (C:\Windows) and starts them
                            Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\Chrom.exe
                            Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun\The key responsibilities Doc .exeJump to dropped file
                            Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile created: C:\Windows\System32\Chrom.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeFile created: C:\Windows\System32\Chrom.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows ApplicationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows ApplicationJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\unarchiver.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\Chrom.exeProcess information set: NOOPENFILEERRORBOX
                            Source: Kodiak Hub Procurement Ltd Project portfolio 2025.docx.docStream path '\x1Ole10Native' entropy: 7.99834188355 (max. 8.0)
                            Source: ~WRD0000.tmp.0.drStream path '\x1Ole10Native' entropy: 7.99830465815 (max. 8.0)
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: 4680000 memory commit | memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeMemory allocated: 19E521D0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeMemory allocated: 19E6BC80000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: F10000 memory reserve | memory write watch
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: 2D60000 memory reserve | memory write watch
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: 1090000 memory commit | memory reserve | memory write watch
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,19_2_0040BAE3
                            Source: C:\Windows\System32\unarchiver.exeWindow / User API: threadDelayed 1191Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exeWindow / User API: threadDelayed 505
                            Source: C:\Windows\System32\unarchiver.exe TID: 1872Thread sleep count: 1191 > 30Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exe TID: 1872Thread sleep time: -595500s >= -30000sJump to behavior
                            Source: C:\Windows\System32\unarchiver.exe TID: 1872Thread sleep count: 268 > 30Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exe TID: 1872Thread sleep time: -134000s >= -30000sJump to behavior
                            Source: C:\Windows\System32\unarchiver.exe TID: 2576Thread sleep count: 505 > 30
                            Source: C:\Windows\System32\unarchiver.exe TID: 2576Thread sleep time: -252500s >= -30000s
                            Source: C:\Windows\System32\Chrom.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                            Source: C:\Windows\System32\Chrom.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                            Source: C:\Windows\System32\Chrom.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                            Source: C:\Windows\System32\Chrom.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040B477 FindFirstFileW,FindNextFileW,19_2_0040B477
                            Source: C:\Windows\System32\unarchiver.exeCode function: 7_2_009DB3FE GetSystemInfo,7_2_009DB3FE
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14196188701.0000019E6EB6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#00000013CCA00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ISUNI
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14196188701.0000019E6EAEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#00000013CCA00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ows}
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14196188701.0000019E6EAEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#00000013CCA00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: The key responsibilities Doc .exe, 0000000C.00000002.14196188701.0000019E6EAEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#00000013CCA00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{887c27cf-b658-19ef-a77e-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>
                            Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0040BAE3 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,19_2_0040BAE3
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004053E1 LoadLibraryW,GetProcAddress,FreeLibrary,#17,MessageBoxW,19_2_004053E1
                            Source: C:\Windows\System32\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"Jump to behavior
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe "C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe"Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\windown.bat" "Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txtJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeProcess created: unknown unknownJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Chrom.exe .\Chrom.exe /stext .\output.txt
                            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                            Source: C:\Windows\System32\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun" "C:\Users\user\AppData\Local\Temp\{8B4742D0-AA74-4FD3-8BB8-675474C23405}\{A4BDC57A-8FEA-431D-86EC-4FAFFB5D4D02}\The key responsibilities Doc .zip"
                            Source: C:\Windows\System32\unarchiver.exeProcess created: unknown unknown
                            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCodeItalic.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCodeItalic.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCodeItalic.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_0041A773 GetSystemTime,memcpy,GetCurrentProcessId,memcpy,GetTickCount,memcpy,QueryPerformanceCounter,memcpy,19_2_0041A773
                            Source: C:\Windows\System32\Chrom.exeCode function: 19_2_004192F2 GetVersionExW,19_2_004192F2
                            Source: C:\Windows\System32\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\key4.db
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\aqo0o2a7.default-release\places.sqlite
                            Source: C:\Windows\System32\Chrom.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                            Yara detected WebBrowserPassView password recovery tool
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63d568c8.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 59.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 74.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 67.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 104.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.0.The key responsibilities Doc .exe.19e51da0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 62.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 90.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 25.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 24.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 25.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 89.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63cf4290.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 65.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 62.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 76.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 57.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 44.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 59.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 82.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 87.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 81.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 73.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 35.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 104.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 43.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 98.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 47.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 91.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 87.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 44.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 54.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 91.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 74.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63c91c58.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 90.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 47.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 65.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 99.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 73.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 81.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 82.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 43.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 24.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 89.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 51.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 51.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 54.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 35.0.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 67.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.0.The key responsibilities Doc .exe.19e51da735e.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 76.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 98.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 28.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 99.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.0.The key responsibilities Doc .exe.19e51da735e.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 33.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 57.2.Chrom.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63d568c8.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63cf4290.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.The key responsibilities Doc .exe.19e63c91c58.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000003E.00000002.13464519175.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000000.13194057357.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000043.00000000.13242431814.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000003B.00000002.13440224933.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000057.00000002.13501902455.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000004C.00000000.13247760799.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000005A.00000002.13520183601.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000033.00000002.13392932110.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000068.00000000.13300921265.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000039.00000000.13228211993.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002C.00000002.13388936632.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000000.13164825132.0000019E51DA2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000036.00000000.13216851196.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000062.00000002.13526821294.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000002.13385807520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000036.00000002.13457893428.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000051.00000002.13488673520.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002C.00000000.13209020725.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000041.00000000.13236607790.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.13415305315.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.14194544650.0000019E63C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000059.00000002.13523548029.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002F.00000000.13213106009.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000018.00000002.13439786329.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002B.00000000.13207792567.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000004A.00000000.13247409235.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000057.00000000.13271575303.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000051.00000000.13262632687.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000063.00000002.13627760446.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000005A.00000000.13272767498.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000005B.00000002.13522758721.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000004A.00000002.13500792319.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.13381544513.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.13184152594.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000018.00000000.13186906234.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000068.00000002.13534792929.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000049.00000000.13246851170.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000059.00000000.13277023712.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000005B.00000000.13273131711.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002F.00000002.13430143829.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000039.00000002.13703742860.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001C.00000000.13189610404.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000023.00000002.13510122546.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000062.00000000.13292715762.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000003E.00000000.13236059568.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000033.00000000.13212063103.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000000.13193416050.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000002B.00000002.13412258530.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000019.00000000.13187004590.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000021.00000002.13304461129.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000023.00000000.13195909333.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000003B.00000000.13227118444.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000052.00000002.13498801994.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000004C.00000002.13493699097.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000052.00000000.13270161948.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000043.00000002.13475967931.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000041.00000002.13474876301.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000019.00000002.13356623964.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000063.00000000.13294693356.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000049.00000002.13471706903.000000000044F000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: The key responsibilities Doc .exe PID: 6420, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6908, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6332, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6312, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7004, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6276, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6440, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 6284, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7196, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7416, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7632, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 7940, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 5552, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 8072, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Chrom.exe PID: 4108, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\co2gbwyw.c4i\The key responsibilities Doc .exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\System32\Chrom.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bbjvvwyq.lun\The key responsibilities Doc .exe, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information1
                            Scripting                            		Valid Accounts2
                            Windows Management Instrumentation                            		1
                            Scripting                            		1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		2
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Native API                            		1
                            DLL Side-Loading                            		11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory2
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		Junk DataExfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            Exploitation for Client Execution                            		1
                            Browser Extensions                            		1
                            Registry Run Keys / Startup Folder                            		21
                            Obfuscated Files or Information                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares2
                            Clipboard Data                            		SteganographyAutomated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCron1
                            Registry Run Keys / Startup Folder                            		Login Hook1
                            Timestomp                            		NTDS121
                            Security Software Discovery                            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading                            		LSA Secrets3
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                            Masquerading                            		Cached Domain Credentials3
                            Process Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                            Virtualization/Sandbox Evasion                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                            Process Injection                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1595937 Sample: Kodiak Hub Procurement Ltd ... Startdate: 21/01/2025 Architecture: WINDOWS Score: 96 83 Antivirus detection for URL or domain 2->83 85 Multi AV Scanner detection for dropped file 2->85 87 Multi AV Scanner detection for submitted file 2->87 89 6 other signatures 2->89 12 WINWORD.EXE 507 120 2->12         started        process3 file4 79 Kodiak Hub Procure...025.docx.doc (copy), Microsoft 12->79 dropped 81 C:\...\The key responsibilities Doc .zip, Zip 12->81 dropped 15 unarchiver.exe 4 12->15         started        17 unarchiver.exe 12->17         started        process5 process6 19 cmd.exe 1 15->19         started        21 7za.exe 2 15->21         started        24 7za.exe 17->24         started        file7 26 The key responsibilities Doc .exe 1 5 19->26         started        29 conhost.exe 19->29         started        73 C:\...\The key responsibilities Doc .exe, PE32 21->73 dropped 31 conhost.exe 21->31         started        75 C:\...\The key responsibilities Doc .exe, PE32 24->75 dropped 33 conhost.exe 24->33         started        process8 file9 77 C:\Windows\System32\Chrom.exe, PE32 26->77 dropped 35 cmd.exe 26->35         started        38 cmd.exe 26->38         started        40 cmd.exe 26->40         started        42 62 other processes 26->42 process10 signatures11 91 Drops executables to the windows directory (C:\Windows) and starts them 35->91 44 Chrom.exe 35->44         started        47 conhost.exe 35->47         started        49 Chrom.exe 38->49         started        51 conhost.exe 38->51         started        53 Conhost.exe 40->53         started        55 conhost.exe 40->55         started        57 Conhost.exe 42->57         started        59 conhost.exe 42->59         started        61 63 other processes 42->61 process12 signatures13 93 Tries to harvest and steal browser information (history, passwords, etc) 44->93 95 Multi AV Scanner detection for dropped file 49->95 63 Conhost.exe 51->63         started        65 Conhost.exe 53->65         started        67 Conhost.exe 57->67         started        process14 process15 69 Conhost.exe 65->69         started        71 Conhost.exe 65->71         started       

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.