Analysis
-
max time kernel
52s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2024 13:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://discordpromotions.com/gifts/4vqVpulK0Bx0RpHu
Resource
win10v2004-20240226-en
General
-
Target
https://discordpromotions.com/gifts/4vqVpulK0Bx0RpHu
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 940 msedge.exe 940 msedge.exe 2328 msedge.exe 2328 msedge.exe 368 identity_helper.exe 368 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
msedge.exepid process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2328 wrote to memory of 1300 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 1300 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 3212 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 940 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 940 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe PID 2328 wrote to memory of 2744 2328 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordpromotions.com/gifts/4vqVpulK0Bx0RpHu1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12095260533602224748,15799409784159699132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
312B
MD58b67d1d48c86b74b4ee68eeca85728cb
SHA1f5249532ee864b5f4bdc8866b094aef4e910fe9b
SHA256169c78fe8e79bba0c431756fffa160f729906b40cb977d2b999e630b97e9051b
SHA5125726b933a4d5bdcd8cd4784af24483cd439a0f0493e091da16b1b96dd2d5597ceae032cd78b6f70d7afa9f3462f8fc5d36d045f9e9206e2b82f01c871357bf41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c926667bb8f5b1b33508a38ce643d609
SHA107281e592700c7db70e906eb1088f70acaa90978
SHA2565589f2d81729776ae5178f158df09858dc5a4c8cbc00a3fc6516c94e1019ffbf
SHA5125f7b9d98f97a75faaf2ac96fc2dfd3730f3864059d16f9f36ac0f61f3aa6d2500d6fb144cff2eed18f62c5bce4ea9622099a82f61543780929cc600a8a7180c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD554941bf9e0e1f870b286c488184e9b9c
SHA13a51a92f36ab1a6ac883a894ee1899a16badfc91
SHA25658291a1b2da9de4c68df64ec19d3d59ed8976a9dfa7ba3c644c4d9fae72dee07
SHA5125cc649003d6e8fc1974c054eae2e3e7a85d7fc8aad8233ae6c896472addca3eedc4277128a2bdf4dee73e83907aba5acc4f59662d7aab4c7127c693a5dc41d77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD586b76e7a36216e157aee2975862164a4
SHA15050f746afc91ba45db9e89a6978afdbd185a023
SHA256d01fb44d88d791a6b9a01f873f05e9ae79cc9f39f15aa0f7e0883be0c8b0c946
SHA512f298927da2b00d2975e061febb79e5ba2bb7df0cf9bb4f57b5fdb423c80ef310087027734f5c258c0ce2a5228923e23ca868c12aaee34612ff92eccf818492ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD519f63223670170ad206f283983ba6e5d
SHA128cfa0ca610f8dc4181cf42682bb07409a5a1f6c
SHA256f7fde8de64946bb2f00f2245b88ddec1de569663e43a3ff5b213bc86e65bf41b
SHA5122c1abbb293a4f435a7c1b40bf925658a3a2d99b73c5fc858dc255d2c3955b50fe947dc052a22d8609207f519559e9822899613e0e9e3ccc3a6665d103aa1b61b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798b6.TMPFilesize
872B
MD57c3c504d65f26757f71df36dd053b29c
SHA18d5fa463b36cc2c6b768367f4fd1ba7dc000911d
SHA25682998e1110b0aaa65b4e49f34c6de199a4eb8c3df2483736fd5a7a1e033b271b
SHA512e8e757191410ebc50f45576b0901d65735d3d4bcdc352bf463db1265881d4f6e28deb5e4030802226b423b400a419bf7ff216f4517ee13d2f76a3f05ce639283
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51869c96257f9f7c1fe2be0906f485833
SHA1c0d9d0b59aa78b8576195c91f7b7e54183fed124
SHA256b48d80bc81f689d0d6e28f526bc8941173f33b40811b11d0d3acd7e8049e5394
SHA5121aefa2c3295edb4b94f2eae3b0e7bd5bba46d58246415861ee24ab8f844686ad3666d0c98c32843757139bf6500b1704426af0411e4f67f562294ed0eaa3fb2b
-
\??\pipe\LOCAL\crashpad_2328_AXJVRTWMENKQWFXEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e