Windows Analysis Report
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?

Overview

General Information

Sample URL:	https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?
Analysis ID:	1538471
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found dropped PE file which has not been started or loaded

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Downloads\ImgBurn_822881.exe (copy)

ReversingLabs: Detection: 37%

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.16:49718 version: TLS 1.2

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: z:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: x:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: v:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: t:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: r:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: p:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: n:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: l:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: j:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: h:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: f:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: d:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: b:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: y:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: w:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: u:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: s:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: q:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: o:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: m:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: k:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: i:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: g:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: e:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: c:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: a:

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: s3.us-east-2.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: contentworldinc.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@37/131@11/116

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

File created: C:\Program Files (x86)\MPC-HC

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\f49b3257-f62a-478f-b4f0-8489b6810a44.tmp

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Mutant created: \Sessions\1\BaseNamedObjects\MediaPlayerClassicW
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Mutant created: \Sessions\1\BaseNamedObjects\'mpchc_setup_mutex'

Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe

File created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp

Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe "C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$902A0,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe "C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$D0188,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$902A0,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$D0188,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Program Files (x86)\MPC-HC\mpc-hc.exe "C:\Program Files (x86)\MPC-HC\mpc-hc.exe"
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://github.com/clsid2/mpc-hc/releases
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=772 --field-trial-handle=1588,i,684023181700708914,18408882208510045909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Program Files (x86)\MPC-HC\mpc-hc.exe "C:\Program Files (x86)\MPC-HC\mpc-hc.exe"
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://github.com/clsid2/mpc-hc/releases
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=772 --field-trial-handle=1588,i,684023181700708914,18408882208510045909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: schannel.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: d3d9.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: avrt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: explorerframe.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ieframe.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mlang.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: onecorecommonproxystub.dll

Source: C:\Users\user\Downloads\ImgBurn_822881.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Window found: window name: TSelectLanguageForm

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-G1JA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E1CCJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-HRP5E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-H1HG0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-VGCFT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E5DT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JOOLQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-LRKKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-I8O7B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-I5VSF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-Q271V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GB9QV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GGN6G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4J1PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-S9DSV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Users\user\AppData\Local\Temp\is-CSEKA.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NI1KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JLURM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-SG7J4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-KAM7D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-MNOND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8I2S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-VLCLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-5G7SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-VJ7MT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-0SBI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-EHUPO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-A4ORV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-9U2V9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8S77H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GBT2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-O5PQ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-HM83S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-A27KQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-COO4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-F602M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-FA2AP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-PF32S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E6IKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	File created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-M8EL4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-2SST0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-276B0.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 271687.crdownload	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-F3958.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-MR3Q5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-RT0HS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JNJ28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-9F7JP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-6EMAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-S4643.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-49CFF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-0VBGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-KGDJ9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-E50CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4IFSU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-N3ECJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-B3Q3D.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	File created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4LSBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-CIPNU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-A3VA9.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\f49b3257-f62a-478f-b4f0-8489b6810a44.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-Q09AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-SMKID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NU37N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-DCB43.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-V0FJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-5RD0J.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\MPC-HC.lnk
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\Uninstall MPC-HC.lnk

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-G1JA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E1CCJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-HRP5E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-H1HG0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-VGCFT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E5DT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-LRKKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JOOLQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-I8O7B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-I5VSF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-Q271V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GB9QV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GGN6G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4J1PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-S9DSV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CSEKA.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NI1KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JLURM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-SG7J4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-KAM7D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8I2S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-MNOND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-VLCLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-5G7SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-VJ7MT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-A4ORV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-EHUPO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-0SBI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-9U2V9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GBT2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8S77H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-HM83S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-O5PQ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-A27KQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-F602M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-COO4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E6IKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-FA2AP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-PF32S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-M8EL4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-276B0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-2SST0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-F3958.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-MR3Q5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-RT0HS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JNJ28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-6EMAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-9F7JP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-S4643.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-49CFF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-0VBGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-KGDJ9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-E50CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4IFSU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-N3ECJ.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-B3Q3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4LSBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-CIPNU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-A3VA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-Q09AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-SMKID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NU37N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-DCB43.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-V0FJK.tmp	Jump to dropped file

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809

Source: C:\Users\user\Downloads\ImgBurn_822881.exe

Process information queried: ProcessInformation

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://github.com/clsid2/mpc-hc/releases

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
3.5.132.70	s3.us-east-2.amazonaws.com	United States	16509	AMAZON-02US	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
104.26.5.9	contentworldinc.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
185.199.108.133	raw.githubusercontent.com	Netherlands	54113	FASTLYUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
216.58.212.163	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
127.0.0.1

Contacted Domains

Name	IP	Active
s3.us-east-2.amazonaws.com	3.5.132.70	true
contentworldinc.com	104.26.5.9	true
github.com	140.82.121.3	true
raw.githubusercontent.com	185.199.108.133	true
www.google.com	142.250.185.164	true

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Downloads\ImgBurn_822881.exe (copy)

ReversingLabs: Detection: 37%

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.16:49718 version: TLS 1.2

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: z:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: x:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: v:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: t:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: r:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: p:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: n:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: l:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: j:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: h:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: f:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: d:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: b:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: y:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: w:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: u:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: s:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: q:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: o:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: m:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: k:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: i:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: g:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: e:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: c:
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	File opened: a:

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: s3.us-east-2.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: contentworldinc.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@37/131@11/116

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

File created: C:\Program Files (x86)\MPC-HC

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\f49b3257-f62a-478f-b4f0-8489b6810a44.tmp

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Mutant created: \Sessions\1\BaseNamedObjects\MediaPlayerClassicW
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Mutant created: \Sessions\1\BaseNamedObjects\'mpchc_setup_mutex'

Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe

File created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp

Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1948,i,18086677487560941788,16590809308708294037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe "C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$902A0,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe "C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$D0188,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$902A0,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe"
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp "C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp" /SL5="$D0188,16070317,185856,C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe" /SPAWNWND=$90294 /NOTIFYWND=$902A0
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Program Files (x86)\MPC-HC\mpc-hc.exe "C:\Program Files (x86)\MPC-HC\mpc-hc.exe"
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://github.com/clsid2/mpc-hc/releases
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=772 --field-trial-handle=1588,i,684023181700708914,18408882208510045909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process created: C:\Program Files (x86)\MPC-HC\mpc-hc.exe "C:\Program Files (x86)\MPC-HC\mpc-hc.exe"
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://github.com/clsid2/mpc-hc/releases
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=772 --field-trial-handle=1588,i,684023181700708914,18408882208510045909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: schannel.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: d3d9.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: avrt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: explorerframe.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: ieframe.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: mlang.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Section loaded: onecorecommonproxystub.dll

Source: C:\Users\user\Downloads\ImgBurn_822881.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

Window found: window name: TSelectLanguageForm

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-G1JA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E1CCJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-HRP5E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-H1HG0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-VGCFT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E5DT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JOOLQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-LRKKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-I8O7B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-I5VSF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-Q271V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GB9QV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GGN6G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4J1PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-S9DSV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Users\user\AppData\Local\Temp\is-CSEKA.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NI1KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JLURM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-SG7J4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-KAM7D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-MNOND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8I2S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-VLCLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-5G7SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-VJ7MT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-0SBI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-EHUPO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-A4ORV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-9U2V9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8S77H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-GBT2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-O5PQ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-HM83S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-A27KQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\CrashReporter\is-COO4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-F602M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-FA2AP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-PF32S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-E6IKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	File created: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-M8EL4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-2SST0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-276B0.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 271687.crdownload	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-F3958.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-MR3Q5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-RT0HS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-JNJ28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-9F7JP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-6EMAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-S4643.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-49CFF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-0VBGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-KGDJ9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-E50CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4IFSU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-N3ECJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-B3Q3D.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	File created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-4LSBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-CIPNU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-A3VA9.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\f49b3257-f62a-478f-b4f0-8489b6810a44.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-Q09AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-SMKID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NU37N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\LAVFilters\is-DCB43.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\Lang\is-V0FJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\Program Files (x86)\MPC-HC\is-5RD0J.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\MPC-HC.lnk
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\Uninstall MPC-HC.lnk

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-G1JA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E1CCJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-HRP5E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-H1HG0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-VGCFT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E5DT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-LRKKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JOOLQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-I8O7B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-I5VSF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-Q271V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GB9QV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GGN6G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4J1PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-S9DSV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CSEKA.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NI1KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JLURM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-SG7J4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-KAM7D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8I2S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-MNOND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-VLCLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-5G7SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-VJ7MT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-A4ORV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-EHUPO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-0SBI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-9U2V9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-GBT2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-8S77H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-HM83S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-O5PQ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-A27KQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-F602M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\CrashReporter\is-COO4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-E6IKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-FA2AP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-PF32S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-M8EL4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-276B0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-2SST0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-F3958.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-MR3Q5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-RT0HS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-JNJ28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-6EMAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-9F7JP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-S4643.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-49CFF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-0VBGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-KGDJ9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\is-E50CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4IFSU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-N3ECJ.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\ImgBurn_822881.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-B3Q3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-4LSBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-CIPNU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-A3VA9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-Q09AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-SMKID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-NU37N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\LAVFilters\is-DCB43.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\MPC-HC\Lang\is-V0FJK.tmp	Jump to dropped file

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\is-0GQ2H.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809

Source: C:\Users\user\Downloads\ImgBurn_822881.exe

Process information queried: ProcessInformation

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\MPC-HC\mpc-hc.exe

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-0EOK8.tmp\MPC-HC.1.9.19.x86.tmp	Queries volume information: C:\ VolumeInformation

ID:	1538471
Product:	CloudBasic
Start time:	11:24:03
Start date:	21.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?