hxxps://drive[.]google[.]com/drive/folders/1WefurmLdoVZzYx-82Y0Odo0neercUvKp?usp=sharing

Resubmissions

08-07-2024 17:08

240708-vnsn1a1hpa 6

08-07-2024 16:30

240708-tzytqazgnc 6

Analysis

max time kernel
879s
max time network
883s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1WefurmLdoVZzYx-82Y0Odo0neercUvKp?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
152	drive.google.com
180	drive.google.com
3	drive.google.com
5	drive.google.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
1840	vlc.exe
4312	vlc.exe
4460	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
2848	msedge.exe
2848	msedge.exe
4444	identity_helper.exe
4444	identity_helper.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4084	msedge.exe
4084	msedge.exe
2040	mspaint.exe
2040	mspaint.exe
1112	mspaint.exe
1112	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1840	vlc.exe
1332	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	3652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3652	AUDIODG.EXE
Token: 33	1840	vlc.exe
Token: SeIncBasePriorityPrivilege	1840	vlc.exe
Token: SeTcbPrivilege	4796	svchost.exe
Token: SeRestorePrivilege	4796	svchost.exe
Token: 33	4312	vlc.exe
Token: SeIncBasePriorityPrivilege	4312	vlc.exe
Token: 33	4460	vlc.exe
Token: SeIncBasePriorityPrivilege	4460	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe
4460	vlc.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1840	vlc.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
1332	OpenWith.exe
4180	AcroRd32.exe
4180	AcroRd32.exe
4180	AcroRd32.exe
4180	AcroRd32.exe
2040	mspaint.exe
2040	mspaint.exe
2040	mspaint.exe
2040	mspaint.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
4312	vlc.exe
3012	AcroRd32.exe
3012	AcroRd32.exe
3012	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1748	2848	msedge.exe	82
PID 2848 wrote to memory of 1748	2848	msedge.exe	82
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 1048	2848	msedge.exe	83
PID 2848 wrote to memory of 5068	2848	msedge.exe	84
PID 2848 wrote to memory of 5068	2848	msedge.exe	84
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85
PID 2848 wrote to memory of 4708	2848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1WefurmLdoVZzYx-82Y0Odo0neercUvKp?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8105f46f8,0x7ff8105f4708,0x7ff8105f4718
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14391693374849962776,6693640422124145221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3148

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\10.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x3cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4796
- C:\Windows\system32\dashost.exe
  dashost.exe {416a07d4-fc32-4819-a9ba9ea1746dada1}
  2⤵
  PID:2076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1332
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\2019-03-02 22.52.44.jpg"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4180
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:2312
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0789A8972B4856007C2653B3388205BF --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2568
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7241F1F5036212675072BDE409222BAB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7241F1F5036212675072BDE409222BAB --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:1116
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5B9A656698A1072EFE7DE6501F9F65C5 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2408
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61CD72B79A4A2177DD0FA9EF6D447A3C --mojo-platform-channel-handle=1980 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B6F23D81DD074AE2BDB54C993445E974 --mojo-platform-channel-handle=2004 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\2019-03-02 22.52.44.jpg"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\20.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\3.JPG"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3012
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2792
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AC6C6F34520D58876F92B8E891E4550D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AC6C6F34520D58876F92B8E891E4550D --renderer-client-id=2 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4448
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ABD3424C0C7368F45321A1BB210E66F9 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0936BB0A505812B5847FF1C4D55B943D --mojo-platform-channel-handle=2268 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4452
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B959C30B864E6582301C97BAE1301EA7 --mojo-platform-channel-handle=2528 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0AAF938DD26614FC46F42A96171153B4 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1956

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\3.JPG"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1112

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Discord Nitro Girls-20240708T170859Z-001\Discord Nitro Girls\Discord Bait\2019-03-02 22.43.01.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
f245b17cbaccd3930815689f18d65c93

SHA1
d90403a03d8b48c175db9dd2124a4edfc6e1efc9

SHA256
753e29de32b45eaa60cde1770a1a740b8a40254d22b0302ea53adc7cc4da5981

SHA512
beed12e955777e10d6f85a488920be1a500da4fed850395d8fb73e6e7706287b0954456f7888e83f5c51c5bb66e6ba6d3331d3f0bb4bb6aed652fda32bfb7c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
4a8abe932b2eb65b75f93b7ed7299ed0

SHA1
d607dfb948c2efa38dd8f39d98f68cf025ee55a4

SHA256
9e7d3993e8f5bbc7b02c5e09e5a3843664b255498ef379920c573485beb08a6a

SHA512
4ca37361c521419381847a5ac8285df88157627e375406e016f1804d92d654c64d632e10c7e9a972141519a27f012c6f565d94464e7638c662edca39782e1210

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
a9bd70e05dff0a98d75de2bb8d8c3658

SHA1
5acca3d4b9d96267bf4022bd88c02cdd45970b52

SHA256
5c233893d88249759d682984dfc7611a52bf9cd2614b1809a51e2e75ea27ac83

SHA512
849838d561a76904c19cf6c459f9f9a568e709018fe4d3bbefb0f4578521afd7993f64fc757928925e5a2e8a0010d8608b018a5ccee8d10d8cf0f452e2864381

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

Filesize
97KB

MD5
700e7d6f9cfc26cea4d04f65f02b3452

SHA1
e5580200e54edb7cd4f7c5daada5c031434cf334

SHA256
c3d8aef5d450a90e4a51335532c977515e589143be772697e666c8c9f4ab0c0e

SHA512
1cafa5bab9838052312d8a6ced7d9baa4f28ef77d48681ada4dedf29400d235b51e187a1f207cfd8e008ee6274156cb7ef2821fdf7cbcc65d697ff4f469d7a82

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
145KB

MD5
0ca92e00a9ce4375a3638046691b4bc9

SHA1
5a157e36bc4f2d9e92603360272114bdc0c05a6f

SHA256
d4438f7c878c75f83cb468efcf7c34f76c7db8e04a90a40314785addf2227151

SHA512
bf22570e1899f239c117a4e3bd1f46f6e656ee3615490c45157c8dfc18bc3021f6b7a75afba908c2c31850c4f5db7fb56e08059eeb36552720a7aa5d9f7c23c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f61bb5048aa81f14a088bfb56c8323b

SHA1
fe6acea953de4cc6e6a959e58514831f07240a59

SHA256
42e7f68923f5b93f081d51f1802a145e4ab62de164eb839a286f2325bbeb73c2

SHA512
db293d05550009e38a4d46e31b6a01cdb951547b2e1d5825878aea220f6caac48647b45255c78088455c02eb7df47d6f6009ce69b596d78f58d93d15502e1b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e489f5f35ae2879a9d9fb0e05b1361e4

SHA1
62d0b84b2f1eaf193f19175590c36aa1bec85fac

SHA256
643075ac2fd53a2275bcc4967a837c88f60e6a6d5daf22266ffd1137ef671a4d

SHA512
ce561a7f33b84412cff4311bf17482acdab885d6099bfabf8ea7e6591789fbb998e842452ac1291aeeae00fae7dc6d0e363ee1ac57bffca50005681e7f1d9d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
99e21f68bcdeecf487d6111dfddd4e49

SHA1
d7d22d1d2791fbf6845d97599f5a9945e6ddd662

SHA256
66b932dfaaecc1fdccb6f58e6f84145d83241a0d804c22d051e6a0905441d57a

SHA512
87c8a6b1ac550dc48f392855b0cc6dafedeae4c691809fee9f8d430c67de0e2618223f6fe7ae9d60988c041310bec6965fd78fe12adab1482000b87903c43207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e740cb286767900bd32b4a6c101b0208

SHA1
f6ae4ee3ae624f99571ddf4d5e157c2bbd6428c4

SHA256
8aa2359fc90531ca917dc07714e58b10d0a2a307a6e3bb480c7d9b7408ca4719

SHA512
99de6d3aeedfe2939d772092b72e8890a0aa2150d8d52569019d90799700ac112b9da85ebfa37a857a4bc0b392febc2aec56172074017e188a9932bbc183e039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00794304074f39b796337ec3424880f0

SHA1
a0a0d96cf1060f3110759552d62028e5e201f719

SHA256
2fe7883ee0ffc786c2d9562ab4883f8afc2762658beb3a98b6a48adf1f56e20d

SHA512
29f99e65268a60259c70be1328e30b78e905a7dce8d836d9ffc98638b417cb9dbb061619b49d98f26bc312b1f14b7b50340de739a120798b9b1e1a6128d90637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd4c843e09452554f5da8bbeafa893a2

SHA1
a23b1353ac73d6374fbea1c1473b6a4126c6cc64

SHA256
f067c4c50e424342064dad0fef6300af867f5faee42a60f19c3034a4392d25e8

SHA512
bd21e6cca9158beb53cb0099648f8afeb84ac67b54798b42093c28017d8cb95f68876186e8c2d12d5ff4a1058a9c681aa8f4335466ba96327f2d2a51fdc248c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
005cb4d32b18a03dddda7c3a789917f9

SHA1
5b993bd12e2316c82fecfef31fccc4e4bd154d6b

SHA256
7e5adc544a55e78bfa0c9571c7826b393b86a21a343c8afa923ca9613557c804

SHA512
4f0d8821f4a99734cfdd05155055701dff9f319e1a70f610ec404e186060b11ec2c59e6a5bbc723f11787c2bfb7cdf809c2b48fbc0a08bfaa21dc4a2881d6eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
555eab25a59a2400dd701a49a7d0ff71

SHA1
c613eda1ef500fea670ca9f617c5b816b12a60db

SHA256
3c39ced69e84ddb8556f832b800887249bc545231f0efc4f665e86ad5beabf2f

SHA512
8f2404d4de0b09a86a1e5962dde8dbab9b405ef5e54bbc1d2bd04db7c1396d0b7d24f508455fd4d8e68ac5fc580636e13122e2eec2b9586def73c46a7fd7a881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30323800120ca8b80d30a21dece98257

SHA1
ef5d96ae274ab585b0ce03a0a637913a1912bfc1

SHA256
231ad4ed431f2c5b5e983e17d350b294a4269a9e91585b015b86cd2700b78615

SHA512
8e9e3e4920255f2ea68fa11cc23bc27bc889a693a1292bbe7d1c34429409c10cce28a8804f53842ae1f66c9159da1698e9b3c31e3afe0d46994ca7ecdd74e35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f9905acdba5cd81eddd22f23e8686c3

SHA1
d87861bac2a81cac721159a2343353646444656a

SHA256
b1985361d389a5422967a0f784f07a555b3b181c0390e754627814dccf20a97b

SHA512
9d4d6dfb0fbecd3cc1965f028b1b5a2caf032301e9dd9040314fd3ba74e894bb022968b6e4e91adb07888d48e3d341edc19171ecff73371a02e3db993e303288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00ab4e8aab20da2d083cd447dd7361e0

SHA1
ac137c8659c7f51f0b7d787b7793925dec133497

SHA256
eb167112e98ee343d3ebac1ceb2435e49fa11745266918d378772a38f127d302

SHA512
309e57585f49b32ae01a05c0c53376afeb8d9d54c766139140ec3073e32448f487824c7c5a06d05bc1f77c95991e4fc4888e9ef2f4760423c3936d254ac728eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a70f281dbf48a042151009c8aafd0b7

SHA1
35b527267cd5afcc1f386b4e5d334d13bcd4607d

SHA256
6d834346ab75bfe84bc39b58d60a975dc6047259bf752b0f2c1f8c6e3f759839

SHA512
b8a6423d4c67c9657bf6857cd0ddcc336045595f3e3454c7b6920a1b1cb0a828c28e64a7dbe790941085715142592763bd3fa3dc00e14882acea774197839582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59caa1c9fe16e12475936469993386e8

SHA1
c2e79e39be5b1b2a28682212e57cea19f85559d5

SHA256
1c8995ae146edd5c6d0a7e73b292fc28a6f7b1e5370caad35149f7c80df79470

SHA512
15f0b51ebc63c1540e31b6aadd0ec0508a1073c82750eed365ef9d479982c125810dfd443bf21e86972f095e00107132537008d0ab6648f647f139fbf5ccc94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b657b127c8b19921a671c704f3203944

SHA1
840754f4728abffceb8f2004d2f7bdddc3ee7a89

SHA256
39302d579d1b319a2ecc0afaacac6d74d53c529739659f25c704a20859c6b3cb

SHA512
1658bddc1baee2b15c000ca97313a55c5a405a7876fa4e6395f3b28ea3e1c1c77b89189d052216eef04f5c52debd2141277c6ed133a143069869271319ac9f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5e85951fc864552cc616063a0f3b113

SHA1
4ca8343f1c29c1802d42b3834f3eb63edc2868fb

SHA256
4684abea90d8fa043cd46bee1a53bf83182567b7ef9eac52cde2525d60864716

SHA512
721d3de2eda8434440052ef7f08c9944363d945d5e629c6edeb1c9f7e601ee42794e6d7d1c68020108424ccb22c5a1ce19206b269f5f41377b215822a9bed640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b68f0b020e999b0cd2607e6336785bfa

SHA1
8c5ae07a78cbf60621a2be2802edaff94795a24d

SHA256
963f1dbcc23969f32982f6db41b63fe940e9ac9bca78d544f4482ef2794a3383

SHA512
fbbf6313ef9b3fe93d633d1bf8325fdfe533ff6221d9ea418e130e5ccdc481deaf82a075695624d7f30fbc88ecfd5f020022b9df2e2aa9ca0726043e063c1120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d2a01530fe51c772770a8e06bdbb8ef

SHA1
d590c72d527a1e43c05688d16d454f866b701f6b

SHA256
9491154e1b63e009b82dd68a36fd68065b66f6006edb0fcbf9af82897ab0ff32

SHA512
19b990e36dffa0998a3c57257361fb485a06e6f959ca06b6fa47fcfcd955d8267995d559a2b4fe4fa18efaaf1bf03b31fb6441c9b0439cce5da6a489184d68e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23664244e4af9de8781195f83069a863

SHA1
3f91a714d912a6839a28297d4f776179ba24d49b

SHA256
a42d2e73667f403d106f06f946b805a815ffcb979eed942128582e65572764fa

SHA512
e994c353cd5bc922af97195dcd7961088325a19ddf32c0df0510ff87248d7697077b45db03a16e47f58faa816c721734e1a3101635f24f67526b3752531e2716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c34230c694c45d3ae9b98fe663a9c3d6

SHA1
8c7537d353f75c381cdf3ed48f7777b848507e04

SHA256
1764d5143bef9b48d67a14a53ff7415ea4c2dec099395c7dfcfae7589a5f6654

SHA512
f069bf7559d50e1798e0a65a413001e00ab1d0f28c75a5fc1025b511f3a356f0238d3ed2f4eea49097db6198d28a1d77adeaa9058139d95104779517efba9a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ce9afaa02c362a87e7f6f560b19ccfe

SHA1
f012c91c6cc36e2e1bdcf2818800f71b339b2200

SHA256
7d0eb10ddaff6e746a1ccc56a93f27a86ba8ab5bacdcbae8a6ada5267e5a4f9d

SHA512
beb34d2c407bee41e2e8bc3b690b4e30e12d2285d32a7e83acdc266e88a7ad25a6f8bc683451fda675a8fbb911300c3b8593b38d9eb106a551d5f51bae78d346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c9f9e49784670f41101df076051edea

SHA1
968fe8330b95e7d3d3b5c50fa594ed6bcadeea74

SHA256
cb42e84988533812b66d8207dc9b2b9060000789b1e53f221d501176859dc221

SHA512
772ef88050f3c8c79c95fdfb9ea7527d45f3480858899a80395a845bb18d988cf597bb761856cf83f6c4688330af6b6e1554dd192afd1c00d1429668ac3b767c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17ca38d03bd7e54a88b002c012a0c481

SHA1
dcda75e0c2e79cee0814605c695f12555e250f2e

SHA256
85d1723fcbf9309dee7c6b8255c04e380a6591a757fb2feabae2d83aae73104f

SHA512
90e8a9c24f9c1fd8b89aca7c6b0326b50ee748b17dfa0276d1d7dc70d4a7257e417fc9439cd91a4f06052b2ea29209113f207a42010caf1daa04c768083651ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26659682ce06cb3fcc417a359cf23a7c

SHA1
7c46c6a3cbffe6693f4cdff84e7eac01da7511e4

SHA256
f5833dfccf6545f17e1ab1193ac84517b3b133f8cd23d191b6a0ab551911fe11

SHA512
b98730f52405f87b3fd5dda8733acc3f50b50a65260154e8f281fb947bd4ceefae71ed792fd60681f560ff516e21c9107b893707f21cdb0a9db54c257729de39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef118a1ce7802c97b4bfc9a2d9be0566

SHA1
88ce08ddeb6adb1fc5c9577217b3a27b06da2556

SHA256
7570f3579c79688cf82852a19a61456d81e497a5c9dfcc8f9895414d94c2e15e

SHA512
24200a61cea6f92002d2160cce8a21d4f5920d365d4e2eb32b8f8b3df81e9fa050ea8c9aed914a02e8f47b0154efd1b42b182b82177aa420215924c558b526db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
944aefef0790a2b1f79e56c33c8595df

SHA1
6c966a5dc0b5b80de436177b09a3d36faf3ab1e3

SHA256
58ce50e45e4c2be2c2809c5739d583ed5097ba848b9650efbeb553754dd4fc00

SHA512
7e96acf29d236f1b8c52446a7c2051c851103153a5ebe59661092f81f3a5c6caf29a8b4cafd263822f08f95a4130ef361f161de0f5f9a3a4ad6e0953b88b32ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfb8b78aadd2e71c3df18833af7a36cd

SHA1
db65178f4925ab59e826aec9fb26b19f2b10c050

SHA256
a3a9ae62985ecbbbb8268a01f7f32ce48181c42c5043fd75fe1a0e8677452136

SHA512
17c2afbbe2ac16ae7e28324ac57a3d7b0f4ea7ad83accaf65add3a7a4ce3eb3fa5526d0d3ea35e4e4ea2e6934e59106d639a78adc19c8e61903614cdd5ec6871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e97fd7b03fe5c54f1c7ee0e901ea1768

SHA1
79e010de0c78dfa3987b450596cb4c09ff6d863b

SHA256
129846172f8d7ef9feb9a4a512700963713ecab466ad7c2aa3c25cf5d675c05b

SHA512
3bae6a0607fdb198d35fb2561d79f774aef33cdff6d71e0010c5fc4fefe768fa2b552dd638c6dd10d5814f69f90f67a1a8d97aa7a6943e2bea65d876e528fd46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58020e.TMP

Filesize
1KB

MD5
4ed7a99eaf2f1eca01504254433d8970

SHA1
cbf733b4ef72124cb0302d9458605a2e56c29c9e

SHA256
5b97dbd1e70777483330128be7441c0c7610bbf2c970ee104fed4ef3d92fb284

SHA512
f541d6a126ee66c3a902fec9d7cfac22f3b2eeee97b4d526c7af4de8e83ad4db79209a4fad89cafcce2e7b49ac4670f0a23ad17ae87d13816196893e0d07af28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb4e075d-d398-43c5-9660-89cef426e83e.tmp

Filesize
1KB

MD5
c13c9580408decae8610ad84b1af8506

SHA1
2ced4a1bbadc380187527ec66be7a834cd99956a

SHA256
fedc3410087ab70d0daef098bdd0146d7c7a62bb434ee82695f5d70f208d339d

SHA512
481cc384f09dece94a8c7c2ed5a81ce0ffc3c53e4e2ff10cf252d0c055e13e3640343465944d5e12e21b07367d7696ee88e610caa599fa54c012e335ca6c5041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8f1d6fde84cb7917b347cea23a70947

SHA1
66d92f71a008b29ff4890e0bb9a8f3f32714c970

SHA256
0676554ef924676a3ab6c51638e773d3561263ba0a05ced028022235126b1212

SHA512
4d09ec56270195c13b686554af7f91f01fb1646661533607a0b5d14f67b3b4a38648f162f38a21c41f7631936c99ac6dadcc68bc63b8777973465637144d0a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c833e26d942ea3df95d6156797b6dc69

SHA1
f5614050508252b9c4bc25c5a3fe2f68ea853d2e

SHA256
6e554e8d498593929d5fecafe85da8f467c3412b9019666e744e983422a29858

SHA512
c91bba38b75816d45b4461c8e8d3831ec5235d3df38d4754d1de112ff8797da5504ab6de0af886d6b165b1bfaeceb2202c28e9195505cc24e77476d255370289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b1247efd016db5bac9608a0f649572a8

SHA1
24e9ce2e467a79374dff20638d3e783bcfcac00b

SHA256
feb18a3f86a608f21d935bd2133ad190ed92685b7f4a563cf6ed72c213321106

SHA512
91bad30be62dab4a1209fe871a6791fa6c42e6289631b398ec0a346ba12efc90882b23569fbfc8b55a311ead50bc7c536c73fd1ca282353005966de61d080150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
270a24bd3cee539acc3e2d7e637fae71

SHA1
39a63a5ff7abeb7afdfb0b79a1fc9fbd925a335d

SHA256
006dcad933932204cf34d79fd1a90cd97660a2bd6004fe81cb9296ce20591de0

SHA512
ef4772422176db9adbd79c1679354b9274d8b02528058c478a90513333e05eee9063c04df565231ab25086f99555595bfebd3fe296aee88131fa574b6a16fd81

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
b96a6dbbc56d82976e151cd3806d907e

SHA1
dbb0f30366efabc90f7891159fba11258e5a869a

SHA256
c0af5feb07b1f1bab26f5d210897c5d010ef421145e970f5d68628e6ff302ade

SHA512
1acb76780cb9759145649f4853dd05b4ba2d6765f85187b2caead471bcabdf0ab2cb47b5190ea3375940ebf74e25c6b02796aa0ca3c8c4f52e13316dd4f75015

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
0b38b6b3938c26279072102cfc628a7a

SHA1
9a43f5170b5b7e10a173f84e0a80abfbdfcc7b4e

SHA256
a53a18daba08c58889791b0a5a950840568ef95935f73bfb510e23c5cdbca771

SHA512
843c8c8bdcdf078fbbd937e0f556ad5b390f87e0e0990840e1408093b9a91ccf84b64fbbc8ca029a550254751380bbf7e845d819ab58327a287c4095e93c0000

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
610B

MD5
d8541061f27a97d5c061c6704e638742

SHA1
a12b49419d33f1c72b07a387d5c54a79cd1397ad

SHA256
afd7f3122db7aa60a7798d74552dc25fbbe18bd0f94f51790f8a6b15ed61fc79

SHA512
91c935e066732e6ed5aaaf85ef3749edf57ab649d66d98ad5f7067d6a567953cd0f747cca7950adc1232e5e93b914323b739cb78251ebc9a6975fc94158d69ba

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
938B

MD5
49a0acafe1c50d925eee7fae9c645e86

SHA1
bb3213de075a29da3fb13e434907c02bc82e14d9

SHA256
ac2577399d66f70388d3deee5e8a8addf72fe3fd56a9e5e70be7554944b230cc

SHA512
c2c9a0b087ad2e8d9454d7266673790331d8797423505144cf221e5fa6db4790e9c33848debf735adfb63baede0d5dbdbc00846c20f56d6e8d6de5a6a79d27f0

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
7KB

MD5
7c991e6da06711e15b28408f49a2dd1e

SHA1
767c72efa3efd8c8ae219dfe4f2dcc629d95416e

SHA256
19ddc10cfa8e88d5a718cbd483a3cd1a4640a6897ddec693e92dd36524f9fa70

SHA512
fe6343cf269229af31571c64655f9cba48172832b2e4ed0f3c43843d4e825f5c93196d606dc34e7012a57ceeaa9a899f65ac621494ce32f6a3740ea1be10b33b

Download Submit
memory/1840-649-0x00007FFFFC130000-0x00007FFFFD1E0000-memory.dmp

Filesize
16.7MB

Download
memory/1840-648-0x00007FFFFD3F0000-0x00007FFFFD6A6000-memory.dmp

Filesize
2.7MB

Download
memory/1840-646-0x00007FF71B240000-0x00007FF71B338000-memory.dmp

Filesize
992KB

Download
memory/1840-647-0x00007FF801CF0000-0x00007FF801D24000-memory.dmp

Filesize
208KB

Download
memory/4312-720-0x00007FF80BF00000-0x00007FF80BF18000-memory.dmp

Filesize
96KB

Download
memory/4312-738-0x00007FFFFCE30000-0x00007FFFFCFB0000-memory.dmp

Filesize
1.5MB

Download
memory/4312-730-0x00007FFFFED40000-0x00007FFFFED5B000-memory.dmp

Filesize
108KB

Download
memory/4312-729-0x00007FFFFED60000-0x00007FFFFED71000-memory.dmp

Filesize
68KB

Download
memory/4312-728-0x00007FFFFEF80000-0x00007FFFFEF91000-memory.dmp

Filesize
68KB

Download
memory/4312-727-0x00007FFFFEFA0000-0x00007FFFFEFB1000-memory.dmp

Filesize
68KB

Download
memory/4312-726-0x00007FFFFEFC0000-0x00007FFFFEFD8000-memory.dmp

Filesize
96KB

Download
memory/4312-725-0x00007FFFFEFE0000-0x00007FFFFF001000-memory.dmp

Filesize
132KB

Download
memory/4312-724-0x00007FFFFF010000-0x00007FFFFF051000-memory.dmp

Filesize
260KB

Download
memory/4312-717-0x00007FF71B240000-0x00007FF71B338000-memory.dmp

Filesize
992KB

Download
memory/4312-735-0x00007FFFFD5C0000-0x00007FFFFD63C000-memory.dmp

Filesize
496KB

Download
memory/4312-753-0x00007FFFFD1C0000-0x00007FFFFD476000-memory.dmp

Filesize
2.7MB

Download
memory/4312-786-0x00007FF808130000-0x00007FF808164000-memory.dmp

Filesize
208KB

Download
memory/4312-785-0x00007FF71B240000-0x00007FF71B338000-memory.dmp

Filesize
992KB

Download
memory/4312-788-0x00007FFFFCD20000-0x00007FFFFCE2E000-memory.dmp

Filesize
1.1MB

Download
memory/4312-787-0x00007FFFFD1C0000-0x00007FFFFD476000-memory.dmp

Filesize
2.7MB

Download
memory/4312-736-0x00007FFFFDA80000-0x00007FFFFDA91000-memory.dmp

Filesize
68KB

Download
memory/4312-731-0x00007FFFFED20000-0x00007FFFFED31000-memory.dmp

Filesize
68KB

Download
memory/4312-741-0x00007FFFFD560000-0x00007FFFFD571000-memory.dmp

Filesize
68KB

Download
memory/4312-739-0x00007FFFFCD20000-0x00007FFFFCE2E000-memory.dmp

Filesize
1.1MB

Download
memory/4312-740-0x00007FFFFD580000-0x00007FFFFD597000-memory.dmp

Filesize
92KB

Download
memory/4312-737-0x00007FFFFD5A0000-0x00007FFFFD5B1000-memory.dmp

Filesize
68KB

Download
memory/4312-732-0x00007FFFFDAD0000-0x00007FFFFDAE8000-memory.dmp

Filesize
96KB

Download
memory/4312-733-0x00007FFFFDAA0000-0x00007FFFFDAD0000-memory.dmp

Filesize
192KB

Download
memory/4312-734-0x00007FFFFD640000-0x00007FFFFD6A7000-memory.dmp

Filesize
412KB

Download
memory/4312-723-0x00007FFFFCFB0000-0x00007FFFFD1BB000-memory.dmp

Filesize
2.0MB

Download
memory/4312-718-0x00007FF808130000-0x00007FF808164000-memory.dmp

Filesize
208KB

Download
memory/4312-722-0x00007FF801CF0000-0x00007FF801D01000-memory.dmp

Filesize
68KB

Download
memory/4312-719-0x00007FFFFD1C0000-0x00007FFFFD476000-memory.dmp

Filesize
2.7MB

Download
memory/4312-721-0x00007FF801D10000-0x00007FF801D27000-memory.dmp

Filesize
92KB

Download
memory/4460-860-0x00007FF808130000-0x00007FF808164000-memory.dmp

Filesize
208KB

Download
memory/4460-859-0x00007FF71B240000-0x00007FF71B338000-memory.dmp

Filesize
992KB

Download
memory/4460-862-0x00007FF801D10000-0x00007FF801D28000-memory.dmp

Filesize
96KB

Download
memory/4460-863-0x00007FF801CF0000-0x00007FF801D07000-memory.dmp

Filesize
92KB

Download
memory/4460-861-0x00007FFFFD3F0000-0x00007FFFFD6A6000-memory.dmp

Filesize
2.7MB

Download
memory/4460-864-0x00007FFFFF040000-0x00007FFFFF051000-memory.dmp

Filesize
68KB

Download