a3d67b6da7f0e2d48b71c2129576c35595a352a423274224bb2dbc7ac1328c34

Analysis

max time kernel
297s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
25-03-2022 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

COMPRO-2022-PDF-HTJASDFI12Q4398ASDJ2143ASDJFFAS.pdf
Size

120KB
MD5

0e852e01a2da3b1c934a2e606865e743
SHA1

3979f1ee2ad19344f4f318b851339ca406064644
SHA256

a3d67b6da7f0e2d48b71c2129576c35595a352a423274224bb2dbc7ac1328c34
SHA512

676acea48eeae07bc7175761acdb9ec0662668d0f48e9338473f81916448ce0d6e8071fd839bc945bd99eb10efb678ec5352a7630a399e95c48059101f7f7f54

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exemsedge.exemsedge.exeAdobeARM.exe

pid	process
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
1372	AcroRd32.exe
4172	msedge.exe
4172	msedge.exe
1240	msedge.exe
1240	msedge.exe
3328	msedge.exe
3328	msedge.exe
4148	msedge.exe
4148	msedge.exe
632	AdobeARM.exe
632	AdobeARM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

AcroRd32.exemsedge.exe

pid	process
1372	AcroRd32.exe
1372	AcroRd32.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

1372 AcroRd32.exe
1372 AcroRd32.exe
1372 AcroRd32.exe
1372 AcroRd32.exe
1372 AcroRd32.exe
1372 AcroRd32.exe
632 AdobeARM.exe
1372 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1372 wrote to memory of 2584	1372	AcroRd32.exe	RdrCEF.exe
PID 1372 wrote to memory of 2584	1372	AcroRd32.exe	RdrCEF.exe
PID 1372 wrote to memory of 2584	1372	AcroRd32.exe	RdrCEF.exe
PID 1372 wrote to memory of 3940	1372	AcroRd32.exe	RdrCEF.exe
PID 1372 wrote to memory of 3940	1372	AcroRd32.exe	RdrCEF.exe
PID 1372 wrote to memory of 3940	1372	AcroRd32.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 4992	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe
PID 2584 wrote to memory of 5088	2584	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\COMPRO-2022-PDF-HTJASDFI12Q4398ASDJ2143ASDJFFAS.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2584

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3FC4834EDFB4904EFE9D430EEB9755C6 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4992

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C97A71FAE237B6A4D901A9BCF39CD176 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C97A71FAE237B6A4D901A9BCF39CD176 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F408AE1335CC2AF0718A20CF3BD0D78 --mojo-platform-channel-handle=2148 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DAB4F44DF3F616B7D8C2A58D693A0D60 --mojo-platform-channel-handle=2000 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4444

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D694B31408E20667B920D45BDD8932D2 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4368

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3940

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4688

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AF7408A352CE7F0BB1D8C4D28D1439F8 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=00E26B315C788828A8A7D4DCD9FBF07D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=00E26B315C788828A8A7D4DCD9FBF07D --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4892

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11570EC3B7C9C2BFF301809E8847CE79 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4308

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=028EEF82001015A3C5F5E2AAF3AD42F5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5004

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C98A086F0227A755FA7430AA816D2AEE --mojo-platform-channel-handle=2200 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5068

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A75BA2500C32F548C02E0C73A4BEF610 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A75BA2500C32F548C02E0C73A4BEF610 --renderer-client-id=7 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2708

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:632

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe026c46f8,0x7ffe026c4708,0x7ffe026c4718
3⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,696584864185750489,2138322871143342528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
3⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,696584864185750489,2138322871143342528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
2⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffe026c46f8,0x7ffe026c4708,0x7ffe026c4718
3⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11435245652753480814,9867515950934272778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
3⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11435245652753480814,9867515950934272778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
2⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe026c46f8,0x7ffe026c4708,0x7ffe026c4718
3⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe026c46f8,0x7ffe026c4708,0x7ffe026c4718
3⤵
PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\27740c7bafb34732b676a8aac3407fc0 /t 1304 /p 1372
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe026c46f8,0x7ffe026c4708,0x7ffe026c4718
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
2⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6708 /prefetch:8
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8064 /prefetch:8
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
2⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4862310661062424722,1157853017598130007,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
2⤵
PID:4432

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
MD5
00d1b97d10d176a4e1f22128bc9577b7

SHA1
6b3344d6042e02a668ef8615732a30490f3785b5

SHA256
36ce4b33fe14b860e2be9e4d0272f824233a5786083b4bf406bc17ddb3811a12

SHA512
0b57b7a6202621d0b105afb150a9c8a4aadcdd6c06205c53eaa83152d2a25d09e1cada4b8bdc4fe04cbe30219aff59887d82f6c35e20ae8827c6901f2faa7b3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
7f6ce30cbfc9c4f602503b12292ca307

SHA1
0ac85d45cc6e213f330f7cbfdc9e7c1ac39aeed4

SHA256
855802d255c139757efed795e64010b38730d09b37698a96dcf03bc310e78245

SHA512
5dcda910bd24de2ba4de20f7067d5ee4b4c140eb2f65654132ace89465d331cdac9043900a6dca85d0b316f38cb896169a1d50d9e00b5b9dcf1de17c3da1c01c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
7f6ce30cbfc9c4f602503b12292ca307

SHA1
0ac85d45cc6e213f330f7cbfdc9e7c1ac39aeed4

SHA256
855802d255c139757efed795e64010b38730d09b37698a96dcf03bc310e78245

SHA512
5dcda910bd24de2ba4de20f7067d5ee4b4c140eb2f65654132ace89465d331cdac9043900a6dca85d0b316f38cb896169a1d50d9e00b5b9dcf1de17c3da1c01c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
66d87fbf9cd6335d9a107a484ea004bb

SHA1
d9671c517ab7ebed8212143e73e22d8d272cbeac

SHA256
c68acfa9af95472cacc5d80bcecd95818871d9040cffab19e6a906aadb04ee5e

SHA512
a1aa0fb9abdbdc333595b3692dc11d8558de7ea530a56e71d576019465352ca85efd5437f7f20da72437483700806c487252ebdde893d08681e2d629f9abfa00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
66d87fbf9cd6335d9a107a484ea004bb

SHA1
d9671c517ab7ebed8212143e73e22d8d272cbeac

SHA256
c68acfa9af95472cacc5d80bcecd95818871d9040cffab19e6a906aadb04ee5e

SHA512
a1aa0fb9abdbdc333595b3692dc11d8558de7ea530a56e71d576019465352ca85efd5437f7f20da72437483700806c487252ebdde893d08681e2d629f9abfa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
48688eaeffde1c7101b1bdc72a72b9a3

SHA1
c086a6b8524aedae9bfd2863067a75088b7a1972

SHA256
6383d0e79eb153ccf1004b3b65da09989d1d5fe62ae1935a3c42ca5102a7d9af

SHA512
f778710d5fc3a7a9657b1fd7c69d7e1e325376217eb86578c85155547804f2c9efb60cf786f0ccf0dc7a6ce169fbbe913c8b662f155213139f1e2701ddc800c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
8f2b526f8b06d1befe13ac9df5f196d0

SHA1
5312747fc37ddad74957388f3aab556cffb08c3e

SHA256
9dbb8343e2da49863a8abfe10867dccfd9956ef8af848ab3aca54d9cd17a5845

SHA512
2ed4a83537a583825d77b43f8d6428c02e598e8b54cc1c66f0280acbcdbe76729718274b518cd68906c266cc1565b82fb7445aee62a063c0f2a273ca0cb5a01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
8f2b526f8b06d1befe13ac9df5f196d0

SHA1
5312747fc37ddad74957388f3aab556cffb08c3e

SHA256
9dbb8343e2da49863a8abfe10867dccfd9956ef8af848ab3aca54d9cd17a5845

SHA512
2ed4a83537a583825d77b43f8d6428c02e598e8b54cc1c66f0280acbcdbe76729718274b518cd68906c266cc1565b82fb7445aee62a063c0f2a273ca0cb5a01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
8f2b526f8b06d1befe13ac9df5f196d0

SHA1
5312747fc37ddad74957388f3aab556cffb08c3e

SHA256
9dbb8343e2da49863a8abfe10867dccfd9956ef8af848ab3aca54d9cd17a5845

SHA512
2ed4a83537a583825d77b43f8d6428c02e598e8b54cc1c66f0280acbcdbe76729718274b518cd68906c266cc1565b82fb7445aee62a063c0f2a273ca0cb5a01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
9b4b6e12447f3911c6cdaaed7b3730f1

SHA1
19e397ba6d4b0e40db07440f2a684131dd6a78d9

SHA256
9685fd18c23e6286fa5f036d9673ed9ba336410a8f864a836e97870628c51277

SHA512
a27ee9db2af7550361d79e74bb34e0d16e5225e7d47cc993373647db717987c8f16251da4790c9652fef20018fea9fb988ca4780fe9fd85319b05578b2c111dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
9b4b6e12447f3911c6cdaaed7b3730f1

SHA1
19e397ba6d4b0e40db07440f2a684131dd6a78d9

SHA256
9685fd18c23e6286fa5f036d9673ed9ba336410a8f864a836e97870628c51277

SHA512
a27ee9db2af7550361d79e74bb34e0d16e5225e7d47cc993373647db717987c8f16251da4790c9652fef20018fea9fb988ca4780fe9fd85319b05578b2c111dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5
ddcbf7e04fca8c9b4ccc1bcb8ea7dbed

SHA1
b1c3b750c3e7648bb70ce65811f8aeaf6ad46b67

SHA256
40bf81136356e6a977db2abdc392861be4d8c62950e984ec59e6317f8df78434

SHA512
ea1e7842acf2d6693b7ef573de317da98bbb94f81783059fc9d621b8427b94fd1cb05f691aa5d0c1c8e98bdf1437581cde941361955410f0612e44158fbc9e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5
ddcbf7e04fca8c9b4ccc1bcb8ea7dbed

SHA1
b1c3b750c3e7648bb70ce65811f8aeaf6ad46b67

SHA256
40bf81136356e6a977db2abdc392861be4d8c62950e984ec59e6317f8df78434

SHA512
ea1e7842acf2d6693b7ef573de317da98bbb94f81783059fc9d621b8427b94fd1cb05f691aa5d0c1c8e98bdf1437581cde941361955410f0612e44158fbc9e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5
907da2a19e01ba443120ef71fb70c42a

SHA1
9aa63b04fc4c5a0e65b6613341aa7312f92a5429

SHA256
80ee58d9bc066aa979818daa30bc5f4cbcfef0543cfba9945694c7a3031fe8a2

SHA512
28f067d81ef0f595481adf491ad26d9e903471d46231c2b26e05f4d27c219f47f60bf3b1c3bf8da387024c9e3377521c581782ee5c54fa1c076c6c48577f64ba

Download Submit
\??\pipe\LOCAL\crashpad_4148_LRUZYANZUWSUAMHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4164_GWGINZNPCWTGLZGR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4744_AUUQDIOYGIKMQIKH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/392-229-0x0000000000000000-mapping.dmp

Download
memory/632-178-0x0000000000000000-mapping.dmp

Download
memory/912-262-0x0000000000000000-mapping.dmp

Download
memory/1016-275-0x0000000000000000-mapping.dmp

Download
memory/1240-203-0x0000000000000000-mapping.dmp

Download
memory/1484-202-0x00007FFE0FE40000-0x00007FFE0FE41000-memory.dmp

Filesize
4KB

Download
memory/1484-197-0x0000000000000000-mapping.dmp

Download
memory/1920-187-0x0000000000000000-mapping.dmp

Download
memory/2036-145-0x0000000000000000-mapping.dmp

Download
memory/2424-260-0x0000000000000000-mapping.dmp

Download
memory/2468-232-0x0000000000000000-mapping.dmp

Download
memory/2584-182-0x0000000000000000-mapping.dmp

Download
memory/2584-134-0x0000000000000000-mapping.dmp

Download
memory/2708-174-0x0000000000000000-mapping.dmp

Download
memory/2784-199-0x0000000000000000-mapping.dmp

Download
memory/3084-259-0x0000000000000000-mapping.dmp

Download
memory/3188-220-0x0000000000000000-mapping.dmp

Download
memory/3328-201-0x0000000000000000-mapping.dmp

Download
memory/3376-254-0x0000000000000000-mapping.dmp

Download
memory/3380-261-0x0000000000000000-mapping.dmp

Download
memory/3388-226-0x0000000000000000-mapping.dmp

Download
memory/3416-209-0x0000000000000000-mapping.dmp

Download
memory/3496-239-0x0000000000000000-mapping.dmp

Download
memory/3732-257-0x0000000000000000-mapping.dmp

Download
memory/3940-135-0x0000000000000000-mapping.dmp

Download
memory/3948-198-0x0000000000000000-mapping.dmp

Download
memory/4108-248-0x0000000000000000-mapping.dmp

Download
memory/4160-179-0x0000000000000000-mapping.dmp

Download
memory/4164-181-0x0000000000000000-mapping.dmp

Download
memory/4172-200-0x0000000000000000-mapping.dmp

Download
memory/4228-223-0x0000000000000000-mapping.dmp

Download
memory/4308-165-0x0000000000000000-mapping.dmp

Download
memory/4340-269-0x0000000000000000-mapping.dmp

Download
memory/4368-151-0x0000000000000000-mapping.dmp

Download
memory/4392-251-0x0000000000000000-mapping.dmp

Download
memory/4432-277-0x0000000000000000-mapping.dmp

Download
memory/4444-148-0x0000000000000000-mapping.dmp

Download
memory/4564-236-0x0000000000000000-mapping.dmp

Download
memory/4624-242-0x0000000000000000-mapping.dmp

Download
memory/4636-153-0x0000000000000000-mapping.dmp

Download
memory/4656-266-0x0000000000000000-mapping.dmp

Download
memory/4660-272-0x0000000000000000-mapping.dmp

Download
memory/4688-154-0x0000000000000000-mapping.dmp

Download
memory/4744-180-0x0000000000000000-mapping.dmp

Download
memory/4872-157-0x0000000000000000-mapping.dmp

Download
memory/4892-160-0x0000000000000000-mapping.dmp

Download
memory/4992-137-0x0000000000000000-mapping.dmp

Download
memory/5004-168-0x0000000000000000-mapping.dmp

Download
memory/5020-245-0x0000000000000000-mapping.dmp

Download
memory/5068-171-0x0000000000000000-mapping.dmp

Download
memory/5088-140-0x0000000000000000-mapping.dmp

Download
memory/5088-183-0x0000000000000000-mapping.dmp

Download