hxxps://drive[.]google[.]com/file/d/14TcXhps27GHZAovVlQr2SNf-w21KApSx/view?usp=drive_web

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2025 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14TcXhps27GHZAovVlQr2SNf-w21KApSx/view?usp=drive_web

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
316	vlc.exe
3480	vlc.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
316	vlc.exe
3480	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
2524	AcroRd32.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
2524	AcroRd32.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
316	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe
3480	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 4260	536	chrome.exe	81
PID 536 wrote to memory of 4260	536	chrome.exe	81
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 1048	536	chrome.exe	82
PID 536 wrote to memory of 3968	536	chrome.exe	83
PID 536 wrote to memory of 3968	536	chrome.exe	83
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84
PID 536 wrote to memory of 824	536	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/14TcXhps27GHZAovVlQr2SNf-w21KApSx/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcbc86cc40,0x7ffcbc86cc4c,0x7ffcbc86cc58
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4640,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5392,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5568,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5440,i,10496728749283803231,7655681592671943327,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2308

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_TULSI BIDCON.zip\TULSI BIDCON\TULSI BIDCON.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2524
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F8C91B3C3B730DD83E87B5244E423C3B --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CF38BD3658E4AECE48DD70D7D2E2DF03 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CF38BD3658E4AECE48DD70D7D2E2DF03 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1EA39E0DCF817D74C12B89B577846C75 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4780
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4E47DF048BB3896DE19983DE491B746E --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A1C9B8AF748666711B3909D13F73E8D7 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3624
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=32728AC8CAB4F65E19F5242AD5127188 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=32728AC8CAB4F65E19F5242AD5127188 --renderer-client-id=7 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_TULSI BIDCON.zip\TULSI BIDCON\VID-20241226-WA0005.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x308
1⤵
PID:612

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_TULSI BIDCON.zip\TULSI BIDCON\WhatsApp Video 2024-12-25 at 19.05.28_26617b43.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7560fe1ce7523e1d1ff1b5cadf650039

SHA1
fb21e5e3d734c34f4cd75326717dffc69a734077

SHA256
bae86b402c0ebcbab7088d537d226ec1235100f2f9184b1186a60d04df6752ba

SHA512
ad0eecfa17a232697f04356e64bdc6cf0a2d32aae9809bd0c155d63a7c78093d410e37822df33410d0958e9ff0560affc90d261e44cbe09449c070d06005aa9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2f23a3ab58a8305ca078034c01ffd2c5

SHA1
cea4e34531c2e9e870141ddc5348ef3f7acde519

SHA256
ac152b78071ecd13fdcdc1a72070fe5a75b2ca1c3b9071d66c265074e757015b

SHA512
074bfdbd1252bc6a59a569d1381ba71ce84c514be840e7f49ef79ff9676b3c3f463cedca70d4b472648aa010400c7b8b829ca4fabe47b922cf5dd6888850635e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
76c8abc271afa77177ac8f06a6c7938e

SHA1
7791a8629fbf4af75eb53fd36af1fbba21fb2f3d

SHA256
150ab8d03b07e6d0ae0e222d9c8d41365dca4ce931e6222e021ce662d075df43

SHA512
7f319e719819b5994e66837c69332bfc72b432699199ebf86f1636bd2e589e416958198cca6b10562c6e12f7e08ed73e5a43566f30f76bdb80e6547a40395014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0e895420863023af95cfd94fe8a77e68

SHA1
ce7f69e860575defccca9c8abafdbb5f14bc5418

SHA256
a9deeddd212c43e1ce82d78ade8165e2b601eff064e8b6a7eea46dc30db01061

SHA512
70c3b387154441dfd7156f5c05bea5a9dbe1f76a9376a24688e93b455378e8749f864b5b27870a8aa64ab6eef52dbe919ff6993151269d76c02972e05c4f50ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e21ef402df1c5668dd0fcab51e9205c9

SHA1
0b97dd9a0d74e7cdba07b0c36e35c93e1be62d6d

SHA256
e8be0c686b03f73202491ad270ed83900499e8681a70b32993551dd1ca0f1ff8

SHA512
1f86b91c8bf8fc5d7e1931f8184b73c97cfd9c8adefedc8f8f4592ecefe9d07a5f5281c062c7fded2d7afdf4eb3b7c8650d2694146e7d117cfd1bce7dd69f86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2941ebc48f4fc432eb5e2142f355621a

SHA1
8f307ab213eb5d051f40e71e5e579e46ccaba5c0

SHA256
4ddad90928367844e48c4eb3929a25da301a5470c83c354b8798cecc9025b446

SHA512
a4a3c9870858bce3767f876cf7bdc979c1d06f7bd9ed9ece47b7726e1199441509314c51c36d2424b52a2c8e847449908d7a3bf289f851cd7c30d0e064a8cd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8470976e4318feada6ba0ffc4eb00688

SHA1
f9b992db7240e223b27ae44db628ba029000842a

SHA256
9bc2aa2ad1be9b88238144c5930a438679d398434d213a80358f108d3a128657

SHA512
2f137de314ca3086710f063a0d64b701ed1171f34dc41f033250748d94a1d9654c03bf404255ef9249daf3c950657cb06dc378bd7364c7f7c41644dc7ba57205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5dc21f5813a1ba5a4ed1760db596eb9a

SHA1
3a775967582e8e4b1e46f1473a54b6f018395817

SHA256
2d0f89e42a350fb9039ce05cee0d6707137243d9b0991d05b8b1ffc5f79f7fdf

SHA512
5380d0e9a897d8a8a0cbcde2e3cb95a103ecacc86b9e0d7f8f8d192e77bae91a0648f0912de1c11c897c47d49f8e860703ed9e8a0dac0c3282fbd66f8bfe6b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47a0e8d2d84bf5b7a6a4453fde723385

SHA1
201d4180d556092cebe7ad36614df2f3410382e0

SHA256
2f73193fa49b2f1a2fd3347eec1f0cfd5100913caac5bba58899512d9e4f66d0

SHA512
fc7ce0b8eb2dacac0ed15583aa1088ddadf695f8010786b6456d5011938ca8b4e65f4080a544f9af447f2311d5f5d26024ab361e4ee6a57bae1751e7bc998f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fce460f1c2f67b0671188ec33595bb2f

SHA1
acb41daade1cdd1f1cf99e398ebc25ca673e520b

SHA256
5f847da3229731924fd1e362645ccb86649bf72d20ec255c50f13400b078f64d

SHA512
aa5291bf66579f1c6cd1ae21ed879c14a0c813d2b4b638aa01e4a9cbd1f6c6a13f40ad24a76e656cdd6165881a4577cbc4af91f72b8f833b0a849d72e8f668ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a99bde37d7fc6e6973a5b67c91d8b879

SHA1
6c4c7df3dc12f6fbaa5c458cc09f6834e31adb0d

SHA256
f543a8d791272c66ab21c59ff203fdeef97eade89244298a32bfe376f7ca4306

SHA512
2094a3fca1b2e39ec490846b3c1850ebe57d3dcbee03b5653a67c08ed8e94c7c6d7e22a3f473e6d125fc38851b9cea1cb24c8d857bf4435c35c403c6e5a15038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed9339fc3e31c1a93ac83b03499f8f92

SHA1
403f483ebb35dc59412a67566fe294b9a50446aa

SHA256
d685d77ff5c700bad8b1fba41fcebf4a6c96f57da490efbf991d955d6df1d8e8

SHA512
795d34ddaa7e9d1b83f494dcc95d3bca211e00fb6545abdbda46571bfe767e879e863f3d78c857a8e585f94a317f7c710646c55a8a300f898eb142dd0b2bdf44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4189f566010ef4c36a6f42852d0860b

SHA1
4bf44b03df99eb61ff423e09603f89d004744f93

SHA256
bcd6ddd121724f2d35337b30e4572ed9455bab869a592b1acd766d4bae7845c4

SHA512
6406e68285b14ce2e8e09a13275bba1bcddd2a8ac4a03be0980017d4540a70505537302dd722363019fc70d6235bc1e406540cf90c5d6086964a19006d966cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a58bda0d84059d47b32b2fb9cf20302e

SHA1
b07839e5247f0fc2468e3c1c95199611c7fe36ce

SHA256
058d659b48829d3ee8f5bbc43ea0d425c00bb1bf5c22c734a18894ecd7a919df

SHA512
e4f44e39e9aa21e0904f2465f87d753506d219abd12eaaeb42689d1056cc549961e89b870957d2282e5ea1dd68939a1015ef6569a3be890598adc87fe3c98728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d15d27f3569ce8145f23c558515af495

SHA1
46615435c7fdc2d6ff0d9a327be90a336007850b

SHA256
bfbb415ba31c869f2a3fffebf5b10c3575663afbea038e0efe34555b9cdb44b8

SHA512
ca8d2d06c82c9f7d15ae262c0a77895ab0732edcf33faf3c5b67bb414a55195f0ad49fb3b4722268d51f47832b54b4d0ea4cc4a390304025e28286ef74cded5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
3e51156a8dfc31f9f7977996458ac52c

SHA1
cf72e5402a40cef643cd9470154f85518025f560

SHA256
325d4e5bf2eeb9c45ba03292aa2d2f7b03f2fce9a351ddeb4c9f71e3be71b81e

SHA512
4edfa6ac0a44717a405b83b45639233ee43384e9c4390f215c197b8d46756739d89c30dde13acaf363d88736fd4072ace9dc876ab08d6c526a84abc1194a8b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
731ca3d52c25a8f25eae08a4c9dbd885

SHA1
ca0c54e68357fce64d5bbd4ff5f4558dcbdb8fb5

SHA256
8b14d7b6b0ec2d963e433d317795972a513c4e3779bbf99569154e105206c2ac

SHA512
ae7367ca118c6bea915e6ce899be698b13b78e14172728ae93f92f10fb072046f5657143d50999598eb86afefae62230946fa9ab9b1b4e6e9c26c95e15bd4665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
572ff697d384f2bcb4205dc4cb05c1b1

SHA1
c2648c447790665f12fc6ba4758663addaa013f4

SHA256
73c90552f722067f2de6bc38031f06dd93017a013e551ac213ec4a587c44abb8

SHA512
c0d476b90370e099dcb52a72cfc761ad8c70e1c052996e5dc23af4ec496ca3f0f7fbb11513a4c52c6d45c4e476bb0f30ee5c9a73bf8e70a9c2f62cf9759e0c36

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
612B

MD5
3f41a5e9faa545213c4aef3e6ebc8beb

SHA1
e0d55a8cb5ec3b22d52c83801ee0ab39b2250cf0

SHA256
a84877d334b7fa69dfab484ef859d1850391615c28f0fc806b3ce95057eaa3f8

SHA512
d51abc4e783e7b432f9ad543b91e6a78ef24787f3a146fddade42f30a16e1fbbd28cb19d911d3357980797503b0384677c12e261372140358e53db643ac6c759

Download Submit
memory/316-387-0x00007FFCC0620000-0x00007FFCC0654000-memory.dmp

Filesize
208KB

Download
memory/316-365-0x00007FFCBD020000-0x00007FFCBD037000-memory.dmp

Filesize
92KB

Download
memory/316-370-0x00007FFCBC4A0000-0x00007FFCBC4B1000-memory.dmp

Filesize
68KB

Download
memory/316-368-0x00007FFCBC600000-0x00007FFCBC611000-memory.dmp

Filesize
68KB

Download
memory/316-369-0x00007FFCBC5E0000-0x00007FFCBC5FD000-memory.dmp

Filesize
116KB

Download
memory/316-366-0x00007FFCBC960000-0x00007FFCBC971000-memory.dmp

Filesize
68KB

Download
memory/316-383-0x00007FFCBB930000-0x00007FFCBB941000-memory.dmp

Filesize
68KB

Download
memory/316-382-0x00007FFCBB950000-0x00007FFCBB961000-memory.dmp

Filesize
68KB

Download
memory/316-381-0x00007FFCBBD40000-0x00007FFCBBD51000-memory.dmp

Filesize
68KB

Download
memory/316-380-0x00007FFCBBFE0000-0x00007FFCBBFF8000-memory.dmp

Filesize
96KB

Download
memory/316-379-0x00007FFCBC3D0000-0x00007FFCBC3F1000-memory.dmp

Filesize
132KB

Download
memory/316-378-0x00007FFCAE4C0000-0x00007FFCAE501000-memory.dmp

Filesize
260KB

Download
memory/316-372-0x000001A4B4500000-0x000001A4B55B0000-memory.dmp

Filesize
16.7MB

Download
memory/316-388-0x00007FFCAA0B0000-0x00007FFCAA366000-memory.dmp

Filesize
2.7MB

Download
memory/316-371-0x00007FFCA9210000-0x00007FFCA941B000-memory.dmp

Filesize
2.0MB

Download
memory/316-386-0x00007FF7FBB70000-0x00007FF7FBC68000-memory.dmp

Filesize
992KB

Download
memory/316-389-0x000001A4B4500000-0x000001A4B55B0000-memory.dmp

Filesize
16.7MB

Download
memory/316-363-0x00007FFCAA0B0000-0x00007FFCAA366000-memory.dmp

Filesize
2.7MB

Download
memory/316-364-0x00007FFCC47A0000-0x00007FFCC47B8000-memory.dmp

Filesize
96KB

Download
memory/316-367-0x00007FFCBC720000-0x00007FFCBC737000-memory.dmp

Filesize
92KB

Download
memory/316-362-0x00007FFCC0620000-0x00007FFCC0654000-memory.dmp

Filesize
208KB

Download
memory/316-361-0x00007FF7FBB70000-0x00007FF7FBC68000-memory.dmp

Filesize
992KB

Download
memory/3480-435-0x00007FFCADA10000-0x00007FFCADB90000-memory.dmp

Filesize
1.5MB

Download
memory/3480-420-0x00007FFCA9540000-0x00007FFCA974B000-memory.dmp

Filesize
2.0MB

Download
memory/3480-437-0x00007FFCBBD20000-0x00007FFCBBD37000-memory.dmp

Filesize
92KB

Download
memory/3480-432-0x00007FFCBBB00000-0x00007FFCBBB7C000-memory.dmp

Filesize
496KB

Download
memory/3480-438-0x00000195A97F0000-0x00000195AA8A0000-memory.dmp

Filesize
16.7MB

Download
memory/3480-434-0x00007FFCBBD40000-0x00007FFCBBD51000-memory.dmp

Filesize
68KB

Download
memory/3480-433-0x00007FFCBC200000-0x00007FFCBC211000-memory.dmp

Filesize
68KB

Download
memory/3480-431-0x00007FFCBBB80000-0x00007FFCBBBE7000-memory.dmp

Filesize
412KB

Download
memory/3480-430-0x00007FFCBBFD0000-0x00007FFCBC000000-memory.dmp

Filesize
192KB

Download
memory/3480-429-0x00007FFCBC3C0000-0x00007FFCBC3D8000-memory.dmp

Filesize
96KB

Download
memory/3480-428-0x00007FFCBC3E0000-0x00007FFCBC3F1000-memory.dmp

Filesize
68KB

Download
memory/3480-427-0x00007FFCBC4A0000-0x00007FFCBC4BB000-memory.dmp

Filesize
108KB

Download
memory/3480-426-0x00007FFCBC5E0000-0x00007FFCBC5F1000-memory.dmp

Filesize
68KB

Download
memory/3480-425-0x00007FFCBC600000-0x00007FFCBC611000-memory.dmp

Filesize
68KB

Download
memory/3480-424-0x00007FFCBC720000-0x00007FFCBC731000-memory.dmp

Filesize
68KB

Download
memory/3480-436-0x00007FFCAB150000-0x00007FFCAB25E000-memory.dmp

Filesize
1.1MB

Download
memory/3480-423-0x00007FFCBC960000-0x00007FFCBC978000-memory.dmp

Filesize
96KB

Download
memory/3480-422-0x00007FFCBD010000-0x00007FFCBD031000-memory.dmp

Filesize
132KB

Download
memory/3480-421-0x00007FFCBC220000-0x00007FFCBC261000-memory.dmp

Filesize
260KB

Download
memory/3480-416-0x00007FFCAA0B0000-0x00007FFCAA366000-memory.dmp

Filesize
2.7MB

Download
memory/3480-418-0x00007FFCC0610000-0x00007FFCC0627000-memory.dmp

Filesize
92KB

Download
memory/3480-417-0x00007FFCC47A0000-0x00007FFCC47B8000-memory.dmp

Filesize
96KB

Download
memory/3480-415-0x00007FFCC1620000-0x00007FFCC1654000-memory.dmp

Filesize
208KB

Download
memory/3480-414-0x00007FF7FBB70000-0x00007FF7FBC68000-memory.dmp

Filesize
992KB

Download
memory/3480-448-0x00007FF7FBB70000-0x00007FF7FBC68000-memory.dmp

Filesize
992KB

Download
memory/3480-451-0x00007FFCAB150000-0x00007FFCAB25E000-memory.dmp

Filesize
1.1MB

Download
memory/3480-449-0x00007FFCC1620000-0x00007FFCC1654000-memory.dmp

Filesize
208KB

Download
memory/3480-452-0x00000195A97F0000-0x00000195AA8A0000-memory.dmp

Filesize
16.7MB

Download
memory/3480-450-0x00007FFCAA0B0000-0x00007FFCAA366000-memory.dmp

Filesize
2.7MB

Download
memory/3480-419-0x00007FFCC05F0000-0x00007FFCC0601000-memory.dmp

Filesize
68KB

Download