Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-es -
resource tags
arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
28-07-2023 11:10
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://abstractposs.infura-ipfs.io/ipfs/QmNSYWuXDJ6ZpEHU8UBgvAw7Tw2Jj4WyeCHYkRqWSTXjMS#[email protected]
Resource
win10v2004-20230703-es
General
-
Target
https://abstractposs.infura-ipfs.io/ipfs/QmNSYWuXDJ6ZpEHU8UBgvAw7Tw2Jj4WyeCHYkRqWSTXjMS#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3100 msedge.exe 3100 msedge.exe 4416 msedge.exe 4416 msedge.exe 2344 identity_helper.exe 2344 identity_helper.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe 4416 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4416 wrote to memory of 2032 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 2032 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 5000 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3100 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3100 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe PID 4416 wrote to memory of 3112 4416 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://abstractposs.infura-ipfs.io/ipfs/QmNSYWuXDJ6ZpEHU8UBgvAw7Tw2Jj4WyeCHYkRqWSTXjMS#[email protected]1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff344546f8,0x7fff34454708,0x7fff344547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3277921684073365591,17904882974784746100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b950ebe404eda736e529f1b0a975e8db
SHA14d2c020f1aa70e2bcb666a2dd144d1f3588430b8
SHA256bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4
SHA5126ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD568d6cf4992617dc370e826c2edda2955
SHA1d964e8d6e7959652e54ab8258005fcaa667087fb
SHA256b709ee11bebb0f50850619f3ce5cb100a3e2969b9e5147705f6f0bdae513a8cb
SHA512f28da90553e5c6d0bbcf7877bf8460e335dd8357a3c3c32b83da024723e9474563433b5d8be10c96b47cf32b547eb490e1a56f5af53a27fcdb3ed4a5c455ca6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
392B
MD53219f485c74c402a426c6d2b7a6fdf1e
SHA1101ab57002cf4ce552644decc47182a0edc4dfac
SHA2566f125f0d489c0230e433ccf71e8d8a3d228cf983ca2f540cc1ae18c5a962b5ff
SHA512b5ce26d67013c03409cfae380520b768f0e58bc68beac0faba10a4e2d2dfff9b61f787a30439b3ff8ae0dc2338f9ee31e8babba9597d0ee9aa1c2a0ff803e67c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d5bfdbf84cb572e4c0898f5f0c092f89
SHA18b3baf28cf03287fd0e07327d734351512597207
SHA256f7b315af1e9e6c06d521cbfa7919ad3a0f62ce850eaa8546137b55c1518de654
SHA512f86eb37f42787ff5bff3d25aaef588caf8063b818f8e03bac005f6406b70ded7dff3636e824ea30a8f7c3bc421a63e7ad73b24301dd85743ac6ee8828e140f45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5878b92834ab105258f4999d8c6310e10
SHA163a42b4ddd6f522afa4e6d00fb497dd3d05f31b6
SHA256f6aed46651fadd2df24dc47dbcd6b8f3273fe7a4b6509a63c9e1184b3aa7f7f6
SHA512467f9456c0efc7b81c303bf677a0e7cb7b6d5cccd84de2960465d6925d811fd5d1146728637484e37728226a1b0f9c859cae702caab7e9eb2fab8574703f7ebf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54d4451f894cb20b0ae180143fa0b56ce
SHA1305b228b3685fc8fa49a8b24c4a228371474acf6
SHA256b48d417d644b63d6c8416250c2eee78c4e4b5aec77ffedd9dac91d56162a9fa6
SHA5122cd7cdd2a27297fe6176d45234e8c37b693145f711658a310d0cea5f53cca90bb6533d7463364ebd1478952e2337043b9927b86983bfb0dab7da11adfe552d53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5ca36933e6dea7aa507a272121b34fdbb
SHA13b4741ca0308b345de5ecf6c3565b1dbacb0fb86
SHA256fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d
SHA5125a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD55e58d27038a530cb5d9e57a26a294e01
SHA19854b1f27ac6ea4aba4b4ec0d3f1b62226559c81
SHA256f3a339c03f177b81530c836b9108291089c99e54a14500f08812eda3e8381eec
SHA51241f253b512693cafbeba559e053fa08608e5001729c31597b72735aee5ab71f1e05f65e7313afaf8b6ff2e90fe511c53a2043176f087a6a0ff4a29f82f8ceee4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD50e84dc4489d79cc5a0b4e375979030c7
SHA10d73bed38728ae8b75c3cba1772a7ee06f69be1a
SHA256cc77b26e0909d59321aa4e086e6c918b7444388053d4c0dc5e1e93bbc77b0f9d
SHA5126a73c783987b332e2094421158bcca6a65a87e679af64a4e21a6989d2aa952477acd25697bb619a9b548b9d01bb7e41fd972d17c30eaa3724ebb310cdefe7b2f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_4416_SCFSBDUWYFAJVFFDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e