Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go.dalton-education.com/e/837113/daltoneducation-/5vxd7q/1877599094/h/ytHbZUmmv99IAThqeKTBJJ9HZ-fXu7-WLctkJhVQcls
Resource
win7-20231215-en
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1364 msedge.exe 1364 msedge.exe 3016 msedge.exe 3016 msedge.exe 1288 identity_helper.exe 1288 identity_helper.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3016 wrote to memory of 3208 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 3208 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4404 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 1364 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 1364 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe PID 3016 wrote to memory of 4316 3016 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.dalton-education.com/e/837113/daltoneducation-/5vxd7q/1877599094/h/ytHbZUmmv99IAThqeKTBJJ9HZ-fXu7-WLctkJhVQcls1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcffeb46f8,0x7ffcffeb4708,0x7ffcffeb47182⤵PID:3208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:4316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:4404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:2784
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:3024
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1288 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:1112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:4612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12427040924644476828,8230929651347828744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\614bb7a3-9dcb-41fa-a40f-b17d28298dae.tmpFilesize
372B
MD5914bb98463b678419a44c709528a9601
SHA111d480cbdc390e7ec7c6df0f2152179c9e777001
SHA2569074a001ffbae4772cbf1ea99aead6762e446b9dd687be7a92bcc3ae5b6d7128
SHA5128443f3857ec33ac8a9b87d63af64e90b59ae1c22832200b04de178e27a9cf8605ec4d94ff4e8a28b447e2806eadb164b6930f6128f2e7d1b9d22de8cda7845fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
384B
MD5f1e7bd121f8f34477a89ec93f9c5b786
SHA1ee82bd05c52f1ea3888c47338740c63b6c0f902e
SHA256a2e5a8231a51c35f17873c30165058ecdffd60aa9bb8977c6ef96d6a510b3386
SHA5120f55961d4d9d6578fb30c226fb066a5190e5f1188b6ae8b57c945bc98c195489df5ecd78ab2de242cf15012f0075aa59e24731a15b44acd6dc3b817fbf0347d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
340B
MD5c32f166681915b30f1b1d518bbdbba25
SHA1aa5c4573ef1cb73c22c79d341eae6bb1384312e1
SHA2562ec2a8444c50ccc54454d9216d6bc20259eded16f17bc789b8a12c7f1538fa61
SHA512762a5d9776a4e7f08356eff9ca74ebfd2b3499438766c58fe9f9c85fa77a6159c81e96164590c608b71b7f694a93dadb844adf8ebd7eacbde1c44fd0b2383b27
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD52ec57756ad2fb7b0fe3d189d138cf0f4
SHA1c5aa011515e15833608bfa0af0cdd3b15c6cb598
SHA256c62ee85434eb91c88a77ba0a9e24953e896a4fee123a6f2e4c119ddf90756c8e
SHA51293bd60252d3a970853a1243e710bbe4ef3f6c3e916ac393b1b1d156d01333987bd9f377c55b9ba047ca9d42bfc48d48b7d65f3574980444d5d0ba99f571b6460
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD519219c79923b8bef1298d80c71d3800d
SHA198a9e05a148567ae024450cbb0a702d30f0016fb
SHA256d08bbe43c882679f5a21e70688519a16d5861811b9ac2b7d69e0185796855659
SHA51210bde1b712f29d619da9096a13bb03dd9934fb7a0ae2080140df69e03b11618abda8a4718ecb25993d0e1ea7bca41441924835f3075463189c56ea9e9c824865
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD5e6918c06b2014025476a69f497b5bbc1
SHA1a219220bc6ea55be7d3e56d43f92699c02443727
SHA2567e8ae2713c61db369aa91bc1f9ec07ec91bd4d2fa9749b3d2e910335ca306885
SHA512d628036cf1899bd6a62634eb96cc5cfa4fa339ae31e8a3db6fe7e6ca42bd73f9bf4d09ee4336b31b23e14682b1799f5a3bf6c7ab2e5ff0947a063ef2aa5f7120
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f964.TMPFilesize
372B
MD5e614bae32970cf1ea6ad64f796ed3c83
SHA192ebb1a4c6adb50ae94effad4be07100679fb668
SHA256b2714eaeb69d1d47b22ae750ca984148833c8db3e3e84fe637d32acebca5481d
SHA512e56a433f5a7e21434ea5b7daa54aa1db58aea059126b9586335b2d5a323b6b0ebb7432b57df76224fe5b5a566824516376ecee7486381adb6b0fb1fa9c0f71f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5b69c7094dfe46601bc636de2f1b53821
SHA115b610bef53423c0944a65fb94c8d1100dba8a3c
SHA25685a2bffa114827efef8b4418714c5fef981e946d11b692c1328db6c0397458f8
SHA5121adc1af8a197d898936366a1921bf8ed9ab5aa23ee15646b333aefa4c5fb240f97826c5c97e2430a44b00f02a95974055c3fc820a59c72c5853e9087ba9946a2
-
\??\pipe\LOCAL\crashpad_3016_AXYNHJHWOMMZVKCZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e