4d5a730bad1d3d736da65917d6440a4e35b157f6c6b5deb3f08a7f0f7ede8cce

Analysis

max time kernel
50s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CS_119_Homework4_2024.pdf
Size

255KB
MD5

dfdf2c8c3b86047fe5a4e3ff3fa39a9a
SHA1

3de23aa5213721453191bf978fa73ae20a771edb
SHA256

4d5a730bad1d3d736da65917d6440a4e35b157f6c6b5deb3f08a7f0f7ede8cce
SHA512

3b046364ad2856fbbeeacc74967172a887186307781e6703b01d28c3dddb833b43e001b3dcfbb795e2b4a7905e7d15939fd61dca317c5437abc136aeb32a4d6d
SSDEEP

6144:VKBdfuEzkQ9YqFec+UE5DBV/Gkp7fjmJYn:sZ+qFet97//S+n

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

VencordInstaller.exeVencordInstaller.exeVencordInstaller.exe

pid process

3540 VencordInstaller.exe
5812 VencordInstaller.exe
5216 VencordInstaller.exe

pid	process
3540	VencordInstaller.exe
5812	VencordInstaller.exe
5216	VencordInstaller.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582135147469445"	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exechrome.exe

pid	process
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
5092	chrome.exe
5092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

5092 chrome.exe
5092 chrome.exe
5092 chrome.exe
5092 chrome.exe
5092 chrome.exe
5092 chrome.exe
5092 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe
Token: SeShutdownPrivilege	5092	chrome.exe
Token: SeCreatePagefilePrivilege	5092	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

AcroRd32.exechrome.exe

pid	process
1792	AcroRd32.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exeVencordInstaller.exeVencordInstaller.exeVencordInstaller.exe

pid	process
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe
3540	VencordInstaller.exe
5812	VencordInstaller.exe
5216	VencordInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1792 wrote to memory of 1476	1792	AcroRd32.exe	RdrCEF.exe
PID 1792 wrote to memory of 1476	1792	AcroRd32.exe	RdrCEF.exe
PID 1792 wrote to memory of 1476	1792	AcroRd32.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1268	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe
PID 1476 wrote to memory of 1908	1476	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CS_119_Homework4_2024.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1476

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D07DE9D392C8DC06783788477E97EC05 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1268

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9D752ACF36ABDC8D71C75108A94B9FCC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9D752ACF36ABDC8D71C75108A94B9FCC --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=40A353A9D1466D01B14BD5A9C53CB3C3 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5032

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=289920ECD810A399C108E66091C0BEC2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=289920ECD810A399C108E66091C0BEC2 --renderer-client-id=5 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1640

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C17E941550D2DFD84F457A6CB29B6FAA --mojo-platform-channel-handle=2692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2145649118875FEDE466C74E36F9355D --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984bbab58,0x7ff984bbab68,0x7ff984bbab78
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:2
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:5212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4804 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4716 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3304 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4156 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3088 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4044 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4472 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1892,i,9465147637976763063,4436315906093782446,131072 /prefetch:8
2⤵
PID:3952

C:\Users\Admin\Downloads\VencordInstaller.exe
"C:\Users\Admin\Downloads\VencordInstaller.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3540

C:\Users\Admin\Downloads\VencordInstaller.exe
"C:\Users\Admin\Downloads\VencordInstaller.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5812

C:\Users\Admin\Downloads\VencordInstaller.exe
"C:\Users\Admin\Downloads\VencordInstaller.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
e26bb8099e506615c4661c624de7f831

SHA1
957b5618cf3ffc8bb6ed3913c0f794ccd0a40f16

SHA256
31625b97eef76d19ff01f6bf5e5f89c77e10597d71b4d55ffcb410ca0eda2291

SHA512
51a2d31205ac0194c9103a1de02f1be4459def4c08727ec973f340fdb9f3f995eb8bc9a0addd3006c1acc2dccaa7fa311464bf220e74255bc6d3b9bf2d0b7b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
685B

MD5
c74a3813ccd25affd4341856c4397f3e

SHA1
e5b407b9f73a19acf7b44ad71139ac7f553a8239

SHA256
26ddc7e66fb1e78b6184191933d266b9af7fc54d1f89727feacdead63ab206ef

SHA512
7fd8c1d096e2281ace0e9df9b1f1b7653f0fe111050ac921aaf6d3a2c5a819ffc21357a4902216fb95a296308cf6c502749b3313babd78d84708f4f6e0ca7c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
520B

MD5
72b13c37ee6a9cf1ecf84b95ad2017f3

SHA1
107aeb942e3dddc4a3072faf5edd57c1acfe735f

SHA256
b66e6f917dbd14f3c0fd76ac164cf6cdca570c35c833100b992f2c7c8a22cf76

SHA512
71abc63e7df513dec8d8cfc3ccb5b35ef6a164cf95a9c5d740ada786d412d0d5234ac0e1eccf3ca824beb86093e31d3a29227d042511d570fffbc0bd55104434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1e6a8c375a09e0a439e72a0153b8dbec

SHA1
c168904effa321625503070014e4e8513e562e6a

SHA256
dcc8e759933b8c5b53f96a2f1ad424e0a43a995940b28c742b5b8f6f2eec3cce

SHA512
d18da831950ce7523c38f445ac91209f922d1a97cf84efa0b9dc4397d3c05f63bd05bacf41affa72cb4517439fb1ca94ad4bca44651b82a62c6c3bb2fd28531f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fa89e040fd3d0336d251a0e70d82871e

SHA1
4e4b5da035104787e5b4794773117a78a2d78b8e

SHA256
92f4eeafcf934c2a4f4f245099170512abe2ffbca3be6dfd4519ad4ea107c3dd

SHA512
8611606ca86e99a1e06c49e9f08c50749f77aa93c52d3f241b8eb5ccb403626fd79d36065d309139f963ecc72bc596a3922fb88409976c2cee0bb9901bb7a9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
5d82741b2c4a7b66b5351a03d8909b17

SHA1
3f29863e9e7f3cbe7e34b2d2b94dd16f1e882069

SHA256
a73220471b1ac1a527a4303cf64bb76afd876da1b2dfb44a829726e2e6caac2e

SHA512
a6b888f152d359143fff59bfe66e389f871c04d9c8562ea9413bcbe839d52c052c69b68fed67be1ef83927f022a6e9542df09b731cfb7e4a67153d1f97f8202f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
252KB

MD5
22d21ef37a06e4ca9cbf46c7e678fb74

SHA1
96e16dea2d5de7896c3cc9454583f0112973b0f4

SHA256
907f93f8502262afa7c18946df6beeffc85a0185814aaa65c8c19e5a1d316361

SHA512
ae4dfde35252f077826186abbf40d7b011be595dc413d861182c3ccf1b88200186b77120ef68344d095902fab0b088db4a27b88f4e77575b21d9f4fc8c9f2560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
832cc1099c5060fb1ed96a8c1e26aaf0

SHA1
ed90e17f06b29d6005d5a00d7a2426fd307dccf4

SHA256
5700178a68c27573abd45ceea0393a15537d2edba43b523a2a2eb59a4b446397

SHA512
b708e0bd8c4445e8d3803a7f0ebfb39e1ff286bc38ec851dd5d1947d47d86611d38cfc449a7d69e04d98eb90be8fed166b4b8ad9d429521696d6c10e7155a606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ca93.TMP
Filesize
87KB

MD5
09a22375890846dd81992d4c600549e7

SHA1
00dec33ef396c94b44cae6c7c6e4f081ead4c3df

SHA256
da960ecca3b3dfa2a8c91ed93b550bcfff96266446d64ae738a348875b49a335

SHA512
4ffd0d775fb39430482ffa21562a9caca3dad49ad1dd9e7d28d93ca76f4b6bea21495da5fbb8013c31074c9e0bdcbd0fa51c942bdd722d5b67bb48b31169236c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 52349.crdownload
Filesize
9.9MB

MD5
1b8ee61ddcfd1d425821d76ea54ca829

SHA1
f8daf2bea3d4a6bfc99455d69c3754054de3baa5

SHA256
dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871

SHA512
75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a

Download Submit
\??\pipe\crashpad_5092_MDVUHAZMFKBFPFPN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3540-226-0x00007FF72D580000-0x00007FF72E7F9000-memory.dmp

Filesize
18.5MB

Download
memory/5216-255-0x00007FF72D580000-0x00007FF72E7F9000-memory.dmp

Filesize
18.5MB

Download
memory/5812-239-0x00007FF72D580000-0x00007FF72E7F9000-memory.dmp

Filesize
18.5MB

Download