Edit tour

Windows Analysis Report
sup.logical@gmail.com.exe

Overview

General Information

Sample name:	sup.logical@gmail.com.exe
Analysis ID:	1541871
MD5:	8c26c5bb599b606cc549ceef0d9d2da3
SHA1:	86a373936df7e753f7284efc63bf8970e9a56870
SHA256:	acc791703bc6e6ec9dcad7ef28ea5bcd1cf70f0a17412b28078daa66df5989d8
Infos:

Detection

TrojanRansom

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected TrojanRansom

Connects to many different private IPs (likely to spread or exploit)

Connects to many different private IPs via SMB (likely to spread or exploit)

Contains functionality to compare user and computer (likely to detect sandboxes)

Infects executable files (exe, dll, sys, html)

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: Schtasks Creation Or Modification With SYSTEM Privileges

Tries to harvest and steal browser information (history, passwords, etc)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes many files with high entropy

Abnormal high CPU Usage

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: PowerShell Module File Created By Non-PowerShell Process

Classification

Process Tree

System is w10x64native

sup.logical@gmail.com.exe (PID: 2696 cmdline: "C:\Users\user\Desktop\sup.logical@gmail.com.exe" MD5: 8C26C5BB599B606CC549CEEF0D9D2DA3)

cmd.exe (PID: 4964 cmdline: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

schtasks.exe (PID: 8092 cmdline: SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F MD5: 796B784E98008854C27F4B18D287BA30)

sup.logical@gmail.com.exe (PID: 4260 cmdline: C:\Users\user\Desktop\sup.logical@gmail.com.exe MD5: 8C26C5BB599B606CC549CEEF0D9D2DA3)

cmd.exe (PID: 1048 cmdline: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

schtasks.exe (PID: 4100 cmdline: SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F MD5: 796B784E98008854C27F4B18D287BA30)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: sup.logical@gmail.com.exe PID: 4260	JoeSecurity_TrojanRansom	Yara detected TrojanRansom	Joe Security

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, CommandLine: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\sup.logical@gmail.com.exe", ParentImage: C:\Users\user\Desktop\sup.logical@gmail.com.exe, ParentProcessId: 2696, ParentProcessName: sup.logical@gmail.com.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, ProcessId: 4964, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Schtasks Creation Or Modification With SYSTEM Privileges

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, CommandLine: SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4964, ParentProcessName: cmd.exe, ProcessCommandLine: SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F, ProcessId: 8092, ProcessName: schtasks.exe

Sigma detected: PowerShell Module File Created By Non-PowerShell Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\sup.logical@gmail.com.exe, ProcessId: 4260, TargetFilename: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\#Recover-Files.txt

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: sup.logical@gmail.com.exe

ReversingLabs: Detection: 47%

Exploits

Connects to many different private IPs (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.11.209:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.207:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.208:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.205:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.206:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.203:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.204:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.201:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.202:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.200:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.28:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.27:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.29:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.24:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.23:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.26:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.25:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.20:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.22:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.21:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.17:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.16:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.19:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.18:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.13:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.12:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.15:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.14:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.11:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.10:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.199:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.197:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.198:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.188:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.189:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.186:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.187:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.195:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.196:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.193:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.194:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.191:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.192:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.190:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.179:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.177:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.178:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.175:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.176:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.184:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.185:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.182:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.183:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.180:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.181:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.168:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.169:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.166:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.89:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.167:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.164:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.165:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.86:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.173:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.85:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.174:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.88:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.171:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.87:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.172:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.82:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.81:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.170:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.84:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.83:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.80:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.159:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.157:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.158:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.79:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.155:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.78:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.156:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.153:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.154:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.75:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.162:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.74:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.163:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.77:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.160:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.76:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.161:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.71:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.70:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.73:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.72:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.148:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.149:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.146:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.147:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.144:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.145:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.142:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.143:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.151:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.152:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.150:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.139:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.137:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.138:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.135:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.136:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.133:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.254:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.134:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.131:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.252:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.132:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.253:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.97:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.140:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.96:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.141:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.99:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.98:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.93:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.92:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.95:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.94:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.91:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.90:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.128:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.249:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.129:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.126:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.247:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.49:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.127:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.248:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.124:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.245:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.125:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.246:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.46:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.122:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.243:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.45:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.123:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.244:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.48:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.120:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.241:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.47:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.121:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.242:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.42:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.250:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.41:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.130:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.251:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.44:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.43:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.40:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.119:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.117:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.238:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.118:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.239:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.39:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.115:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.236:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.38:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.116:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.237:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.113:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.234:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.114:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.235:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.35:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.111:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.232:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.34:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.112:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.233:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.37:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.230:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.36:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.110:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.231:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.31:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.30:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.240:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.33:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.32:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.8:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.7:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.9:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.108:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.229:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.109:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.106:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.227:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.107:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.228:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.0:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.104:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.225:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.105:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.226:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.2:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.102:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.223:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.1:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.103:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.224:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.100:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.68:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.4:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.221:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.101:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.67:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.3:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.222:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.6:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.69:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.5:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.220:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.64:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.63:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.66:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.65:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.60:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.62:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.61:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.218:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.219:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.216:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.217:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.214:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.215:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.212:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.213:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.57:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.210:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.56:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.211:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.59:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.58:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.53:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.52:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.55:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.54:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.51:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.50:445	Jump to behavior

Connects to many different private IPs via SMB (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.11.209:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.207:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.208:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.205:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.206:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.203:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.204:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.201:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.202:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.200:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.28:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.27:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.29:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.24:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.23:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.26:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.25:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.20:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.22:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.21:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.17:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.16:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.19:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.18:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.13:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.12:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.15:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.14:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.11:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.10:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.199:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.197:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.198:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.188:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.189:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.186:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.187:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.195:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.196:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.193:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.194:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.191:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.192:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.190:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.179:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.177:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.178:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.175:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.176:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.184:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.185:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.182:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.183:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.180:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.181:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.168:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.169:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.166:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.89:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.167:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.164:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.165:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.86:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.173:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.85:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.174:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.88:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.171:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.87:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.172:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.82:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.81:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.170:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.84:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.83:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.80:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.159:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.157:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.158:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.79:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.155:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.78:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.156:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.153:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.154:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.75:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.162:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.74:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.163:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.77:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.160:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.76:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.161:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.71:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.70:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.73:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.72:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.148:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.149:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.146:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.147:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.144:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.145:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.142:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.143:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.151:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.152:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.150:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.139:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.137:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.138:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.135:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.136:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.133:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.254:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.134:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.131:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.252:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.132:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.253:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.97:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.140:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.96:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.141:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.99:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.98:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.93:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.92:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.95:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.94:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.91:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.90:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.128:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.249:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.129:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.126:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.247:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.49:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.127:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.248:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.124:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.245:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.125:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.246:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.46:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.122:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.243:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.45:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.123:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.244:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.48:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.120:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.241:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.47:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.121:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.242:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.42:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.250:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.41:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.130:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.251:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.44:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.43:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.40:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.119:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.117:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.238:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.118:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.239:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.39:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.115:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.236:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.38:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.116:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.237:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.113:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.234:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.114:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.235:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.35:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.111:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.232:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.34:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.112:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.233:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.37:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.230:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.36:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.110:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.231:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.31:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.30:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.240:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.33:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.32:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.8:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.7:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.9:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.108:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.229:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.109:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.106:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.227:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.107:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.228:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.0:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.104:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.225:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.105:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.226:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.2:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.102:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.223:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.1:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.103:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.224:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.100:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.68:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.4:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.221:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.101:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.67:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.3:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.222:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.6:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.69:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.5:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.220:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.64:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.63:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.66:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.65:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.60:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.62:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.61:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.218:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.219:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.216:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.217:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.214:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.215:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.212:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.213:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.57:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.210:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.56:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.211:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.59:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.58:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.53:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.52:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.55:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.54:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.51:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.11.50:445	Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\DESIGNER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\VSTO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\Services\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\ado\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\msadc\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Crashpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\default_apps\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Extensions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Installer\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\MEIPreload\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\PrivacySandboxAttestationsPreloaded\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\VisualElements\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\WidevineCdm\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Internet Explorer\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Internet Explorer\SIGNUP\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\PackageManifests\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\fre\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Licenses\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Licenses16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\loc\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office15\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1036\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\3082\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\AI\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\AugLoop\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\BORDERS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Configuration\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\CONVERT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\CONVERT\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FloodgateExperiences\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FORMS\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f14\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f2\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f3\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f33\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f4\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f7\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000055\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000064\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_w1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCardRollback\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCardRollback\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LogoImages\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\MEDIA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\MSIPC\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OneNote\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\osfFPA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OutlookAutoDiscover\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OutlookReactNative\SearchView\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PROOF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\SAMPLES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000002\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000002\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000006\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000006\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\assets\src\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\ios\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000054\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000054\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000058\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000062\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000063\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000067\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000068\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000068\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000069\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000070\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000070\assets\src\assets\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000072\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000072\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000076\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000076\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000077\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000077\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000083\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000087\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\TextInputIntelligence\en-us\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\TextInputIntelligence\en-us\prefilter\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Stationery\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Fonts\private\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\LicensingEnforcement\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\System\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\features\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\META-INF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\VisualElements\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\pref\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\fonts\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\META-INF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\uninstall\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\MSBuild\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\af-za\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ar\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\az-Latn-AZ\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\bg\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\bs-Latn-BA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ca\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\cs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\cy-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\da\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\de\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\el\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\en\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\es\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\et\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\eu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fa-IR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fabric-icons\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\gl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\he\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\id\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\is-IS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\it\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ja\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ka-GE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\kk-KZ\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ko\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\lt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\lv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ms\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nb\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nn-NO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt-br\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt-pt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ro\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ru\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sk\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sq-AL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sr-cyrl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sr-latn\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\th\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\tr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\uk\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\vi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\zh-hans\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\zh-hant\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\css\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\js\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\media\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Reference Assemblies\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\ruxim\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\ruxim\Logs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\UNP\Logs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Media Renderer\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Network Sharing\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Skins\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows NT\TableTextService\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.51922.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.20.1881.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2303.10961.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.60404.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_93.0.961.47_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_93.0.961.52_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_94.0.992.31_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2304.1202.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2304.1202.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.6.0.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.21051.1282.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.OneConnect_5.2308.2294.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.People_10.2202.100.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22305.1401.5.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.6_2.62108.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.6_2.62108.18004.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33519.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33519.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_11.2403.8.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2023.2305.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2304.1243.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2403.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23062.153.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10041.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\#Recover-Files.txt	Jump to behavior

Source: sup.logical@gmail.com.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062\* source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062te\* source: sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18024262280.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161F44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*M source: sup.logical@gmail.com.exe, 00000005.00000003.18024262280.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intel\Gamesmotionslication Data\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062yctt! source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\\* source: sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991\*Appl] source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991tion Dy source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991yatio source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Software Reporter Toolata\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062y source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991ata\Lo source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

System file written: C:\Program Files\Microsoft Office\Office16\OSPP.HTM

Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E5170 FindFirstFileExW,GetLastError,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,		5_2_00007FF6FC2E5170
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F89C0 FindFirstFileExW,		5_2_00007FF6FC2F89C0

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2E3500 GetLogicalDriveStringsW,

5_2_00007FF6FC2E3500

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\#Recover-Files.txt	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.9
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\#Recover-Files.txt

Jump to behavior

Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: http://stackoverflow.com/questions/30030031)
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://accounts.firefox.com/
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://basket.mozilla.org/news/subscribe/
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://basket.mozilla.org/news/subscribe_sms/
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://basket.mozilla.org/subscribe.json
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://getpocket.com/
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://getpocket.com/recommendations
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://github.com/mozilla/activity-stream/blob/master/content-src/asrouter/docs/debugging-docs.md
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://github.com/projectfluent/fluent.js/wiki/React-Overlays.
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://help.getpocket.com/article/1142-firefox-new-tab-recommendations-faq
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: scriptCache-child-current.bin.5.dr	String found in binary or memory: https://snippets.mozilla.com/show/

Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443

Spam, unwanted Advertisements and Ransom Demands

Yara detected TrojanRansom

Source: Yara match

File source: Process Memory Space: sup.logical@gmail.com.exe PID: 4260, type: MEMORYSTR

Writes many files with high entropy

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Intel\CUIPromotions\Images\000000_INTEL.ODYSSEY_ADDITIONAL_GAMEPLAY_ASSET_CUI.2.3-600x300.png entropy: 7.99897330545	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cache2\entries\6ABAD3ABA9A177B8A0F8ECEF73ED0888C272E70F entropy: 7.99395308925	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT entropy: 7.99367947978	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db entropy: 7.99980056742	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db entropy: 7.99231573258	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2 entropy: 7.99456724456	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1 entropy: 7.9949793494	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\D3DSCache\3534848bb9f4cb71\6F75932F-7DFC-4FB0-B4B8-12DE1AC415DA_VEN_8086&DEV_3E98&SUBSYS_3E98&REV_2.idx entropy: 7.99476790156	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cache2\entries\E34CCF2F421FB2762468857BBB9C7CF2AC2FBB09 entropy: 7.99838957354	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst entropy: 7.99782124065	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat entropy: 7.99879289396	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\rppDvk77e2D_U7QJxDHv6SXyEy8.br[1].js entropy: 7.99408934285	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\rDnfUAqNFBDSCW_sAZVtgTZYfeY.br[1].js entropy: 7.99782573432	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\tlNPwMYUrz38JMaul4z4EwjtT-w.br[1].js entropy: 7.99134929153	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\v_mVxhBtqooP5Yn9_SsJyuL6xyk[1].css entropy: 7.99168564537	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\_aHBOJxMTEYV4PBsRJl-t3xnElM.br[1].js entropy: 7.99927526715	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\PMAQH2N6\81\sejSEZ7tbpy5nc29yFtIGNVOOIM.br[1].js entropy: 7.99777563451	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15 entropy: 7.9920951362	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx entropy: 7.99993377693	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15 entropy: 7.99191987585	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15 entropy: 7.99322619235	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OUTLOOK_EXE_15 entropy: 7.99057394487	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15 entropy: 7.99191515949	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15 entropy: 7.99084310162	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer entropy: 7.99330787647	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_SkyDrive_Desktop entropy: 7.99262776089	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_ entropy: 7.99232152065	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help entropy: 7.99145074761	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog entropy: 7.99217140097	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop entropy: 7.99269067909	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133742914629986069.txt entropy: 7.99762682149	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133743145220135052.txt entropy: 7.99760042264	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133742928933571012.txt entropy: 7.99792312576	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json entropy: 7.99912056755	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt entropy: 7.99970600917	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32 entropy: 7.99235027617	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer entropy: 7.99275088127	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel entropy: 7.99233197675	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl entropy: 7.99485684154	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\15\E6DC4029A1E4B4C1\1834E8353BA7A499\override_list.pb.gz entropy: 7.99955972151	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99448906433	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99782124065	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99879289396	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.jtx.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99993377693	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99231573258	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99367947978	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.user\ActivitiesCache.db.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99980056742	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv entropy: 7.99954440958	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4 entropy: 7.99728927432	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4 entropy: 7.99738681507	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml entropy: 7.99623877762	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4 entropy: 7.99713682565	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4 entropy: 7.99703062164	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml entropy: 7.9986279824	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\master_preferences entropy: 7.99784847765	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\chrome_100_percent.pak entropy: 7.99975158593	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\chrome_200_percent.pak entropy: 7.99988144976	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\resources.pak entropy: 7.99997839202	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle entropy: 7.99846386694	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Installer\chrome.7z entropy: 7.99999955028	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.new.bundle entropy: 7.99930674905	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\found.000\30000000-RUXIMLog.029.etl entropy: 7.9981909187	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\af.pak entropy: 7.99959133452	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\am.pak entropy: 7.9997480453	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ar.pak entropy: 7.99976772656	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\bg.pak entropy: 7.99973383589	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\bn.pak entropy: 7.99983042392	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ca.pak entropy: 7.99964925223	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\cs.pak entropy: 7.99959663602	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\da.pak entropy: 7.99957898136	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\de.pak entropy: 7.99960301801	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\el.pak entropy: 7.99981332192	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\en-GB.pak entropy: 7.99951855298	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\en-US.pak entropy: 7.99957560659	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\es-419.pak entropy: 7.99965317676	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\es.pak entropy: 7.99964622203	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\et.pak entropy: 7.99959383808	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fa.pak entropy: 7.99973938144	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fi.pak entropy: 7.99951477115	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fil.pak entropy: 7.99962650051	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fr.pak entropy: 7.99962111075	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\gu.pak entropy: 7.99981516476	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\he.pak entropy: 7.99966377076	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hi.pak entropy: 7.99982641968	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hr.pak entropy: 7.99959985981	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hu.pak entropy: 7.99960433682	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\id.pak entropy: 7.9995778482	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\it.pak entropy: 7.99958987038	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ja.pak entropy: 7.99967663402	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\kn.pak entropy: 7.99981996841	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ko.pak entropy: 7.99958977683	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\lt.pak entropy: 7.99966720299	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\lv.pak entropy: 7.99967824643	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ml.pak entropy: 7.99986319872	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\mr.pak entropy: 7.99981810365	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ms.pak entropy: 7.99961049044	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\nb.pak entropy: 7.99950829461	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\nl.pak entropy: 7.99958942247	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pl.pak entropy: 7.99961732486	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pt-BR.pak entropy: 7.99962034288	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pt-PT.pak entropy: 7.99958032322	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ro.pak entropy: 7.99961924492	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\found.000\30000000-RUXIMLog.029.etl.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.9981909187	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\master_preferences.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99784847765	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\chrome_100_percent.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99975158593	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\chrome_200_percent.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99988144976	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\resources.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99997839202	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Installer\chrome.7z.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99999955028	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\af.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99959133452	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\am.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.9997480453	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ar.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99976772656	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\bg.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99973383589	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\bn.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99983042392	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ca.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99964925223	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\cs.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99959663602	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\da.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99957898136	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\de.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99960301801	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\el.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99981332192	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\en-GB.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99951855298	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\en-US.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99957560659	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\es-419.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99965317676	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\es.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99964622203	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\et.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99959383808	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fa.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99973938144	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fi.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99951477115	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fil.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99962650051	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\fr.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99962111075	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\gu.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99981516476	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\he.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99966377076	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hi.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99982641968	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hr.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99959985981	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\hu.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99960433682	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\id.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.9995778482	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\it.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99958987038	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ja.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99967663402	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\kn.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99981996841	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ko.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99958977683	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\lt.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99966720299	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\lv.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99967824643	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ml.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99986319872	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\mr.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99981810365	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ms.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99961049044	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\nb.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99950829461	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\nl.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99958942247	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pl.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99961732486	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pt-BR.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99962034288	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\pt-PT.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99958032322	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\ro.pak.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99961924492	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99728927432	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99738681507	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99954440958	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99703062164	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99713682565	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.99623877762	Jump to dropped file
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File created: C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy) entropy: 7.9986279824	Jump to dropped file

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Process Stats: CPU usage > 6%

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C7E50	5_2_00007FF6FC2C7E50
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2EB640	5_2_00007FF6FC2EB640
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E76A0	5_2_00007FF6FC2E76A0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C1010	5_2_00007FF6FC2C1010
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D3060	5_2_00007FF6FC2D3060
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E9050	5_2_00007FF6FC2E9050
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E98C0	5_2_00007FF6FC2E98C0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D38C0	5_2_00007FF6FC2D38C0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E5170	5_2_00007FF6FC2E5170
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D41B0	5_2_00007FF6FC2D41B0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2EA9E0	5_2_00007FF6FC2EA9E0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C19C0	5_2_00007FF6FC2C19C0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2DA3A5	5_2_00007FF6FC2DA3A5
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E6C50	5_2_00007FF6FC2E6C50
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D2440	5_2_00007FF6FC2D2440
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D4CA0	5_2_00007FF6FC2D4CA0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D5CB8	5_2_00007FF6FC2D5CB8
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E3500	5_2_00007FF6FC2E3500
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F6D6C	5_2_00007FF6FC2F6D6C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2FBDAC	5_2_00007FF6FC2FBDAC
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F5628	5_2_00007FF6FC2F5628
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D8E13	5_2_00007FF6FC2D8E13
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D7E73	5_2_00007FF6FC2D7E73
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D7693	5_2_00007FF6FC2D7693
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F3E8C	5_2_00007FF6FC2F3E8C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C1E80	5_2_00007FF6FC2C1E80
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2CEF30	5_2_00007FF6FC2CEF30
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F2F6C	5_2_00007FF6FC2F2F6C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C3FC0	5_2_00007FF6FC2C3FC0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C3020	5_2_00007FF6FC2C3020
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C5FFB	5_2_00007FF6FC2C5FFB
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F789C	5_2_00007FF6FC2F789C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C68C0	5_2_00007FF6FC2C68C0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2FB920	5_2_00007FF6FC2FB920
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F3154	5_2_00007FF6FC2F3154
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F3984	5_2_00007FF6FC2F3984
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C7180	5_2_00007FF6FC2C7180
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F89C0	5_2_00007FF6FC2F89C0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D8A23	5_2_00007FF6FC2D8A23
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F721C	5_2_00007FF6FC2F721C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E3A00	5_2_00007FF6FC2E3A00
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C5250	5_2_00007FF6FC2C5250
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C6A40	5_2_00007FF6FC2C6A40
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D72A3	5_2_00007FF6FC2D72A3
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2D7A83	5_2_00007FF6FC2D7A83
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC300B58	5_2_00007FF6FC300B58
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F333C	5_2_00007FF6FC2F333C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C4BD0	5_2_00007FF6FC2C4BD0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C3450	5_2_00007FF6FC2C3450
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2C64A0	5_2_00007FF6FC2C64A0

Source: sup.logical@gmail.com.exe, 00000005.00000003.18024262280.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystemSettings.exe.muij% vs sup.logical@gmail.com.exe
Source: sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystemSettings.exe.muij% vs sup.logical@gmail.com.exe
Source: sup.logical@gmail.com.exe, 00000005.00000002.18073805682.0000029161EBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs sup.logical@gmail.com.exe

Source: classification engine

Classification label: mal96.rans.spre.spyw.expl.evad.winEXE@12/2881@0/100

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2EB410 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,

5_2_00007FF6FC2EB410

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

File created: C:\Program Files\#Recover-Files.txt

Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Mutant created: \Sessions\1\BaseNamedObjects\hsfjuukjzloqu28oajh727190
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7428:304:WilStaging_02
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Mutant created: \BaseNamedObjects\hsfjuukjzloqu28oajh727190

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\#Recover-Files.txt

Jump to behavior

Source: sup.logical@gmail.com.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sup.logical@gmail.com.exe

ReversingLabs: Detection: 47%

Source: unknown	Process created: C:\Users\user\Desktop\sup.logical@gmail.com.exe "C:\Users\user\Desktop\sup.logical@gmail.com.exe"
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F
Source: unknown	Process created: C:\Users\user\Desktop\sup.logical@gmail.com.exe C:\Users\user\Desktop\sup.logical@gmail.com.exe
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: shunimpl.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\DESIGNER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\microsoft shared\VSTO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\Services\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\ado\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\msadc\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Crashpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\default_apps\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Extensions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Installer\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\Locales\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\MEIPreload\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\PrivacySandboxAttestationsPreloaded\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\VisualElements\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Google\Chrome\Application\128.0.6613.120\WidevineCdm\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Internet Explorer\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Internet Explorer\SIGNUP\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\PackageManifests\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\fre\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Licenses\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Licenses16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\loc\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office15\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\1036\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\3082\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\AI\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\AugLoop\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\BORDERS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Configuration\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\CONVERT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\CONVERT\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FloodgateExperiences\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FORMS\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f14\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f2\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f3\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f33\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f4\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_f7\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000055\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000064\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\FPA_w1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCardRollback\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LivePersonaCardRollback\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\LogoImages\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\MEDIA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\MSIPC\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OneNote\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\osfFPA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OutlookAutoDiscover\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\OutlookReactNative\SearchView\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\PROOF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\SAMPLES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000002\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000002\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000006\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000006\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\assets\src\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\ios\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000054\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000054\OfflineFiles\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000058\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000062\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000063\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000067\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000068\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000068\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000069\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000070\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000070\assets\src\assets\images\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000072\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000072\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000076\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000076\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000077\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000077\assets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000083\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000087\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\TextInputIntelligence\en-us\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Office16\TextInputIntelligence\en-us\prefilter\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Stationery\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\Fonts\private\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\LicensingEnforcement\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Microsoft Office\root\vfs\System\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\features\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\META-INF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\VisualElements\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\pref\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\fonts\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\META-INF\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Mozilla Firefox\uninstall\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\MSBuild\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\af-za\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ar\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\az-Latn-AZ\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\bg\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\bs-Latn-BA\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ca\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\cs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\cy-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\da\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\de\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\el\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\en\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\es\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\et\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\eu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fa-IR\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fabric-icons\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\fr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\gl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\he\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\hu\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\id\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\is-IS\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\it\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ja\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ka-GE\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\kk-KZ\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ko\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\lt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\lv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ms\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nb\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\nn-NO\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt-br\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\pt-pt\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ro\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\ru\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sk\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sq-AL\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sr-cyrl\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sr-latn\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\sv\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\th\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\tr\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\uk\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\vi\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\zh-hans\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\resources\zh-hant\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\css\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\js\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\PCHealthCheck\ux\static\media\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Reference Assemblies\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\ruxim\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\ruxim\Logs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\UNP\Logs\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Defender\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Media Renderer\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Network Sharing\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Media Player\Skins\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows NT\TableTextService\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.51922.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.20.1881.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2303.10961.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.60404.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_93.0.961.47_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_93.0.961.52_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_94.0.992.31_neutral__8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2304.1202.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2304.1202.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.6.0.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.21051.1282.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.27413.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.27422.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.OneConnect_5.2308.2294.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.People_10.2202.100.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22305.1401.5.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.6_2.62108.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.6_2.62108.18004.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2310.30001.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.33728.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33519.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.33519.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10070.17002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_11.2403.8.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2023.2305.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2304.1243.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2403.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23062.153.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10041.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-GB\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\#Recover-Files.txt	Jump to behavior

Source: sup.logical@gmail.com.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: sup.logical@gmail.com.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: sup.logical@gmail.com.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: sup.logical@gmail.com.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062\* source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062te\* source: sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18024262280.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161F44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*M source: sup.logical@gmail.com.exe, 00000005.00000003.18024262280.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intel\Gamesmotionslication Data\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062yctt! source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\\* source: sup.logical@gmail.com.exe, 00000005.00000003.18013641216.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18009283703.0000029161EDC000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18018326695.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.18010018573.0000029161EE2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991\*Appl] source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991tion Dy source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991yatio source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Software Reporter Toolata\Temp\Symbols\winload_prod.pdb\36C00AF489401A26639ABBA698DE76062y source: sup.logical@gmail.com.exe, 00000000.00000003.14971499425.000001E5726A1000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14970668221.000001E572688000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991ata\Lo source: sup.logical@gmail.com.exe, 00000000.00000003.14740164536.000001E57F87C000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14740087445.000001E57F87A000.00000004.00000020.00020000.00000000.sdmp

Source: sup.logical@gmail.com.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: sup.logical@gmail.com.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: sup.logical@gmail.com.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: sup.logical@gmail.com.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: sup.logical@gmail.com.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: sup.logical@gmail.com.exe

Static PE information: section name: _RDATA

Persistence and Installation Behavior

Infects executable files (exe, dll, sys, html)

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

System file written: C:\Program Files\Microsoft Office\Office16\OSPP.HTM

Jump to behavior

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: CreateMutexExA,GetModuleFileNameW,GetCommandLineW,CommandLineToArgvW,StrStrIW,wsprintfW,wsprintfW,ShellExecuteW,wsprintfA,GetNativeSystemInfo,CreateThread,CreateThread,ShellExecuteW,

5_2_00007FF6FC2E76A0

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Window / User API: threadDelayed 7679			Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Window / User API: threadDelayed 9238			Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_5-18706

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe TID: 704	Thread sleep count: 7679 > 30	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe TID: 704	Thread sleep time: -383950s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe TID: 4520	Thread sleep count: 182 > 30	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe TID: 3532	Thread sleep count: 9238 > 30	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe TID: 3532	Thread sleep time: -461900s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2E5170 FindFirstFileExW,GetLastError,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,		5_2_00007FF6FC2E5170
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F89C0 FindFirstFileExW,		5_2_00007FF6FC2F89C0

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2E3500 GetLogicalDriveStringsW,

5_2_00007FF6FC2E3500

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\#Recover-Files.txt	Jump to behavior

Source: sup.logical@gmail.com.exe, 00000005.00000003.16023227772.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.16370189262.0000029161F50000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: sup.logical@gmail.com.exe, 00000005.00000003.14983199998.0000029161F44000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000005.00000003.14982007501.0000029161F44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: sup.logical@gmail.com.exe, 00000000.00000003.14971155285.000001E572736000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14972625356.000001E572737000.00000004.00000020.00020000.00000000.sdmp, sup.logical@gmail.com.exe, 00000000.00000003.14969909566.000001E572736000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllss

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2ECDB8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00007FF6FC2ECDB8

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2FA418 GetProcessHeap,

5_2_00007FF6FC2FA418

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2ECDB8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF6FC2ECDB8
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2F264C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF6FC2F264C
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2ECFA0 SetUnhandledExceptionFilter,	5_2_00007FF6FC2ECFA0
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Code function: 5_2_00007FF6FC2EC400 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF6FC2EC400

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC300650 cpuid

5_2_00007FF6FC300650

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2E6720 GetLocalTime,wsprintfW,

5_2_00007FF6FC2E6720

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ME	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillRegex\2021.8.17.1300\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ML	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Module Info Cache	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.dat	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillRegex\2021.8.17.1300\manifest.fingerprint	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ET	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ES	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ER	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\QA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SafetyTips\2700\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ME	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\LA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\OM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\segmentation_platform\ukm_db	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\KE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ID	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\IpMalware.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SSLErrorAssistant\7\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db-journal	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Module Info Cache	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\postSigningData	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\QA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\EH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ER	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ES	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ET	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\OM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SafetyTips\2700\safety_tips.pb	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\f_000001	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\f_000002	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillRegex\2021.8.17.1300\data.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\PE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Floc\1.0.6\manifest.fingerprint	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\GPUCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ML	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Floc\1.0.6\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\GPUCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\GPUCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\GPUCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\MX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\CertificateRevocation\6869\crl-set	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\NA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ID	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\UrlBilling.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\IT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ST	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\JP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing Cookies	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\FR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\postSigningData	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Floc\1.0.6\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GP	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GQ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\GY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\HR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\RE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000e	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000d	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000f	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000a	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000c	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00000b	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000020	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001f	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001e	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001b	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001a	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001d	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_00001c	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000005	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000004	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Module Info Cache	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000007	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000006	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000001	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\CrashpadMetrics-active.pma	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000003	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000002	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000009	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000008	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000010	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000016	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000015	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000018	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000017	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000012	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000011	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000014	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000013	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\f_000019	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\GPUCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\UrlMalware.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\CertificateRevocation\6869\LICENSE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\AZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BF	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\BJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\FileTypePolicies\45\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Floc\1.0.6\SortingLshClusters	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\CrashpadMetrics-active.pma	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing\UrlUws.store	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\UA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SafetyTips\2700\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\UG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\first_party_sets.db	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\US	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\UY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\UZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\OriginTrials\1.0.0.9\manifest.json	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCache\GPUCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\VU	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\#Recover-Files.txt	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SB	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SI	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SS	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ST	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SX	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SY	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\SZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TC	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TG	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TH	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TL	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TN	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TR	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\index	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TV	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TW	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\TZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\YE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DE	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DK	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DJ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\YT	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DO	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ZA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\DZ	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CD	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CA	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\ZM	Jump to behavior
Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\CM	Jump to behavior

Source: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Code function: 5_2_00007FF6FC2EA220 WSASocketW,bind,CreateIoCompletionPort,

5_2_00007FF6FC2EA220

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	11 Process Injection	2 Masquerading	1 OS Credential Dumping	1 Network Share Discovery	1 Taint Shared Content	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Scheduled Task/Job	1 Virtualization/Sandbox Evasion	LSASS Memory	1 System Time Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	121 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	2 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	4 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	22 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
sup.logical@gmail.com.exe	47%	ReversingLabs	Win64.Downloader.BazaarLoader

Name	Source	Malicious	Reputation
https://basket.mozilla.org/news/subscribe/	scriptCache-child-current.bin.5.dr	false	unknown
https://help.getpocket.com/article/1142-firefox-new-tab-recommendations-faq	scriptCache-child-current.bin.5.dr	false	unknown
https://getpocket.com/	scriptCache-child-current.bin.5.dr	false	unknown
https://basket.mozilla.org/news/subscribe_sms/	scriptCache-child-current.bin.5.dr	false	unknown
https://accounts.firefox.com/	scriptCache-child-current.bin.5.dr	false	unknown
https://github.com/projectfluent/fluent.js/wiki/React-Overlays.	scriptCache-child-current.bin.5.dr	false	unknown
https://snippets.mozilla.com/show/	scriptCache-child-current.bin.5.dr	false	unknown
https://img-getpocket.cdn.mozilla.net/	scriptCache-child-current.bin.5.dr	false	unknown
https://github.com/mozilla/activity-stream/blob/master/content-src/asrouter/docs/debugging-docs.md	scriptCache-child-current.bin.5.dr	false	unknown
https://reactjs.org/docs/error-decoder.html?invariant=	scriptCache-child-current.bin.5.dr	false	unknown
https://github.com/zertosh/loose-envify)	scriptCache-child-current.bin.5.dr	false	unknown
https://fb.me/react-polyfills	scriptCache-child-current.bin.5.dr	false	unknown
https://getpocket.com/recommendations	scriptCache-child-current.bin.5.dr	false	unknown
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations	scriptCache-child-current.bin.5.dr	false	unknown
https://basket.mozilla.org/subscribe.json	scriptCache-child-current.bin.5.dr	false	unknown
http://stackoverflow.com/questions/30030031)	scriptCache-child-current.bin.5.dr	false	unknown
http://fb.me/use-check-prop-types	scriptCache-child-current.bin.5.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.11.209
192.168.11.207
192.168.11.208
192.168.11.205
192.168.11.206
192.168.11.203
192.168.11.204
192.168.11.201
192.168.11.202
192.168.11.200
192.168.11.28
192.168.11.27
192.168.11.29
192.168.11.24
192.168.11.23
192.168.11.26
192.168.11.25
192.168.11.20
192.168.11.22
192.168.11.21
192.168.11.17
192.168.11.16
192.168.11.19
192.168.11.18
192.168.11.13
192.168.11.12
192.168.11.15
192.168.11.14
192.168.11.11
192.168.11.10
192.168.11.199
192.168.11.197
192.168.11.198
192.168.11.188
192.168.11.189
192.168.11.186
192.168.11.187
192.168.11.195
192.168.11.196
192.168.11.193
192.168.11.194
192.168.11.191
192.168.11.192
192.168.11.190
192.168.11.179
192.168.11.177
192.168.11.178
192.168.11.175
192.168.11.176
192.168.11.184
192.168.11.185
192.168.11.182
192.168.11.183
192.168.11.180
192.168.11.181
192.168.11.168
192.168.11.169
192.168.11.166
192.168.11.89
192.168.11.167
192.168.11.164
192.168.11.165
192.168.11.86
192.168.11.173
192.168.11.85
192.168.11.174
192.168.11.88
192.168.11.171
192.168.11.87
192.168.11.172
192.168.11.82
192.168.11.81
192.168.11.170
192.168.11.84
192.168.11.83
192.168.11.80
192.168.11.159
192.168.11.157
192.168.11.158
192.168.11.79
192.168.11.155
192.168.11.78
192.168.11.156
192.168.11.153
192.168.11.154
192.168.11.75
192.168.11.162
192.168.11.74
192.168.11.163
192.168.11.77
192.168.11.160
192.168.11.76
192.168.11.161
192.168.11.71
192.168.11.70
192.168.11.73
192.168.11.72
192.168.11.148
192.168.11.149
192.168.11.146

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541871
Start date and time:	2024-10-25 09:19:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 16m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	sup.logical@gmail.com.exe
Detection:	MAL
Classification:	mal96.rans.spre.spyw.expl.evad.winEXE@12/2881@0/100
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 32 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
VT rate limit hit for: sup.logical@gmail.com.exe

Simulations

Behavior and APIs

Time	Type	Description
03:22:31	API Interceptor	29101360x Sleep call for process: sup.logical@gmail.com.exe modified
09:21:54	Task Scheduler	Run new task: Windows Update ALPHV path: C:\Users\user\Desktop\sup.logical@gmail.com.exe

Process:	C:\Users\user\Desktop\sup.logical@gmail.com.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	449
Entropy (8bit):	5.325018521029489
Encrypted:	false
SSDEEP:	12:Gnsm3Zk8Mser/J3T7rw6ZAsiR0NVZP8AvMMKLn:s3LMZLBD3ZAsiRwVmDn
MD5:	E2A59A33E6C827A3317AA009E702E816
SHA1:	003FA7C8ADB28BCB99468F7E0B738308858B6AF4
SHA-256:	AD3342FF420C93B547AC3ECD7CFB352BBA70A57B67FF5985F2442507DECF9F57
SHA-512:	F4C50931DB6D051AC62217DCA3E5D5AC080B02FDA58BD9CB93A81553F6B8CF8369845E87E64E1D378D1FB5749CEADFDE9C2B1EB142B512C7200DDA5FE56DAB99
Malicious:	false
Reputation:	low
Preview:	!!! Your files have been encrypted !!!..To recover them, contact us via emails..Write the ID in the email subject.....ID: XX-B2750012....Email1: sup.logical@gmail.com..Email2: logical_link@tutamail.com....Before paying you can send 2-3 files less than 1MB, we will decrypt them to guarantee.....IF YOU DO NOT TAKE CARE OF THIS ISSUE WITHIN THE NEXT 48 HOURS, YOU WILL FACE DOUBLE PRICE INCREASE...WE DON'T PLAY AROUND HERE, TAKE THE HOURS SERIOUSLY.

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.326876112775883
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	sup.logical@gmail.com.exe
File size:	338'432 bytes
MD5:	8c26c5bb599b606cc549ceef0d9d2da3
SHA1:	86a373936df7e753f7284efc63bf8970e9a56870
SHA256:	acc791703bc6e6ec9dcad7ef28ea5bcd1cf70f0a17412b28078daa66df5989d8
SHA512:	f05012ab52e2e88f0342d0a9fc52be210cdb4895035c4854592f350e24ddbcf48a710c25285c73a0462d51fe937540d491f5ce376e226558398cc1eb7bab2873
SSDEEP:	6144:ypBFADu1hgO8uoHKm9bDSN23GqcgCC/5t:sM6TgO1oHbHSN2334O
TLSH:	51740740F94FDBD8D697437C4857A107BEBB76813B100EE7924899712E0B5C227EEBA1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SI...I...I.......L...............B.......Y.......@.......b.......B...I...*.......G.....).H.......H...RichI..................

Entrypoint:	0x14002cbbc
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67085BF9 [Thu Oct 10 22:58:01 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	eca35de255324f27872ea348989b3396

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4fcb4	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x56000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x53000	0x1ae8	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x57000	0x6a8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x4d4a0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4d360	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x42000	0x2c0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x40b5a	0x40c00	cca9b98dfce6b02bb823ced36a7a8bca	False	0.39992308156370654	data	6.509649349623882	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x42000	0xe5d0	0xe600	e72ec1caaca819a889bbf6da74f7e901	False	0.39188179347826085	data	4.534712116973247	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x51000	0x1fb4	0xc00	6752b59658d709a8a2ba843af2625db3	False	0.15852864583333334	DOS executable (block device driver \322f\324\377\3772)	2.22817258811873	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x53000	0x1ae8	0x1c00	da2d072e7f580e7d1710b942d5ee30c9	False	0.47154017857142855	PEX Binary Archive	5.439099841604133	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x55000	0x15c	0x200	90bf8c4d09f5a02665138b1e0e3e8fd0	False	0.404296875	data	3.362522976289313	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x56000	0x1e0	0x200	4801c228830f1ce06f34261a7466e436	False	0.52734375	data	4.7137725829467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x57000	0x6a8	0x800	53b5b74c838496b048b799e5b2e19f3e	False	0.4931640625	data	4.990637813652138	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

DLL	Import
KERNEL32.dll	GetLastError, CloseHandle, MoveFileW, FindFirstFileExW, FindNextFileW, lstrlenA, FindClose, lstrcmpW, GetLocalTime, GetCommandLineW, GetModuleFileNameW, CreateFileW, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, SetFilePointerEx, GetStringTypeW, SetStdHandle, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RtlUnwind, ExitProcess, GetModuleHandleExW, GetStdHandle, WriteFile, HeapAlloc, HeapFree, GetFileType, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetProcessHeap, WriteConsoleW
USER32.dll	wsprintfA, wsprintfW
SHELL32.dll	ShellExecuteW, CommandLineToArgvW
SHLWAPI.dll	StrStrIW
WS2_32.dll	htons, WSAGetLastError

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 09:21:48.732024908 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:21:49.488697052 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:21:50.254045010 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:21:55.439944983 CEST	53639	274	192.168.11.20	192.168.11.1
Oct 25, 2024 09:21:56.678659916 CEST	53639	274	192.168.11.20	192.168.11.1
Oct 25, 2024 09:21:59.113266945 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:21:59.873559952 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:22:00.639082909 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:24:36.036676884 CEST	138	138	192.168.11.20	192.168.11.255
Oct 25, 2024 09:25:23.737103939 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:25:24.500633001 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:25:25.267277002 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:26:34.090653896 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:26:34.844804049 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:26:35.610187054 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:28.009691954 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:28.770386934 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:29.535936117 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:31.901705980 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:32.660180092 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:33.425652981 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:35.203080893 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:35.956705093 CEST	137	137	192.168.11.20	192.168.11.255
Oct 25, 2024 09:27:36.721801996 CEST	137	137	192.168.11.20	192.168.11.255

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 25, 2024 09:21:55.439976931 CEST	192.168.11.1	192.168.11.20	9526	(Port unreachable)	Destination Unreachable
Oct 25, 2024 09:21:56.678689957 CEST	192.168.11.1	192.168.11.20	9526	(Port unreachable)	Destination Unreachable

Target ID:	0
Start time:	03:21:53
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\sup.logical@gmail.com.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\sup.logical@gmail.com.exe"
Imagebase:	0x7ff6fc2c0000
File size:	338'432 bytes
MD5 hash:	8C26C5BB599B606CC549CEEF0D9D2DA3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	5
Start time:	03:21:54
Start date:	25/10/2024
Path:	C:\Users\user\Desktop\sup.logical@gmail.com.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\sup.logical@gmail.com.exe
Imagebase:	0x7ff6fc2c0000
File size:	338'432 bytes
MD5 hash:	8C26C5BB599B606CC549CEEF0D9D2DA3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	03:21:55
Start date:	25/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c SCHTASKS.exe /Create /RU "NT AUTHORITY\SYSTEM" /sc onstart /TN "Windows Update ALPHV" /TR "C:\Users\user\Desktop\sup.logical@gmail.com.exe" /F
Imagebase:	0x7ff64b7b0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Execution Coverage:	14.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	43.6%
Total number of Nodes:	1335
Total number of Limit Nodes:	32

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sup.logical@gmail.com.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\#Recover-Files.txt

C:\Documents and Settings\user\.curlrc.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\.curlrc.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr81920.dat.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\ACROBAT_READER_MASTER_SURFACEID.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_FirstMile_Right_Sec_Surface.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_READER_LAUNCH_CARD.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Banner.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Retention.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_Upsell_Cards.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\Edit_InApp_Aug2020.id[XX-B2750012].[sup.logical@gmail.com].hawk (copy)

Windows Analysis Report
sup.logical@gmail.com.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may deliver payloads to remote systems by adding content to shared storage locations, such as network drives or internal code repositories. Content stored on network drives or in other shared locations may be tainted by adding malicious programs, scripts, or exploit code to otherwise valid files. Once a user opens the shared tainted content, the malicious portion can be executed to run the adversary's code on a remote system. Adversaries may use tainted shared content to move laterally.
Tactics:	Lateral Movement
Data Sources:	File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre