Analysis
-
max time kernel
92s -
max time network
103s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
25-03-2024 13:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://u.to/VE2FIA
Resource
win11-20240221-en
General
-
Target
https://u.to/VE2FIA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3516 msedge.exe 3516 msedge.exe 4444 msedge.exe 4444 msedge.exe 4580 identity_helper.exe 4580 identity_helper.exe 1104 msedge.exe 1104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4444 wrote to memory of 2120 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 2120 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3200 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3516 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 3516 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe PID 4444 wrote to memory of 1496 4444 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/VE2FIA1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbff343cb8,0x7ffbff343cc8,0x7ffbff343cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5341f6b71eb8fcb1e52a749a673b2819c
SHA16c81b6acb3ce5f64180cb58a6aae927b882f4109
SHA25657934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29
SHA51257ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD588e9aaca62aa2aed293699f139d7e7e1
SHA109d9ccfbdff9680366291d5d1bc311b0b56a05e9
SHA25627dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c
SHA512d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5eaa261918271c485d8cafd690e817b01
SHA1f9685284bab6d42f4224e3c9b9bdf80adf181b4c
SHA25604d3ee6cd635d6f90913e835b3835f1dd30b65cf292da5485b133a6bca431015
SHA51200f38262880becec95afe66f1615e09020921fa37eef91285c88a24f1abc4424465bbf22b2ac8d64910ce01cdfcc05a2649d94349ad3aa396d2d961307c9a695
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
952B
MD528e1ef52a1d55df70d784086f8e6d2ea
SHA1ee8155d952a590b21a6fee9a9edcdad862782f6d
SHA256ce8811aa46feef4f8998d780fe4044bca9496fe6fd057a8fb54777bfb3abd317
SHA5122351da29ff5ca71dfc4005ad7a7a373d37b6562ed8fddab6d15c36e311dd02efdf2398ba2ef05a2952f65e358aec7735caec1caf52cb3c03409465bd1a6d1d86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD509d10f7292df2ad24c47782609293990
SHA17ad0b1f13ca4a6d868d3fd8fe7a0914860489e2f
SHA256a29cd7dde939047e0f1fc723d88ab1a790bbab3c8cafaee9144ca0553ab36f53
SHA51227b2cd9fae8690878252ae29fd68603a0b49bd0d592012b91f2d497e7e9d817a3cddeb1f26bc81dd7ceff09cf50c490c60fa4eb130198e1bf4570f164d56449b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57847103c78087209cbf5eca6144a91a4
SHA10f34b9d3b793282bd7019fefc65471d692adc29d
SHA256e76039769b7215029dc995127b090f4a27f3ade925e193a26097b34bd3a9a3a1
SHA5121a3e8eaa1709d411b371541720ac9118d55f3ff5ac730d244c122c65550bd9dd0851c3ebdcf62f3637c06937d6ea3de562fec15a9f649075c1304ae8a56f566e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f8400ab53bf91b9d706d527d5fa646a6
SHA10f88e540f90b95f559f2b7ff206b367bbac1369c
SHA2563af68d97a6ce69f0de1afa0f15adca31ff887e7ed5665f3179403b6922956f87
SHA5121f391eb258a7b1740d852a54ca6dd1a9dddc0aa6fc9474bfa616d98aeb3a646d2583fc24cd1b904aa6972974767fca551be1545b5ad18341547b17c4ceb85067
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
537B
MD547f897da2a7992cac690d3bd203ad568
SHA157f6ebc0e57e7272bd3424761f695379a0900381
SHA256a786b74029c03a175a20ba3b27dc903cdcc0a630d31936aab2a5138603c37311
SHA51297d68455225bb597925e35f48b61a2cff734dac8f797b33d76d638d651eb03eb6cb25cf29638f6c05df3f1654a4371175ad2092a22fc927fbb607969503c1d3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583f65.TMPFilesize
369B
MD503ffaef006fa24da8a0f54671d3f4639
SHA13d439e32bf4b9b4345952208a4c120c2b1794208
SHA2565c0a25aaf69f8a5a2c242835c87d4e9b07b5ad3ad4d438283c670105a6d4530d
SHA512b544bb92baa84a5c8806e4e5a360867e7a879ebe46fc3c7f945792903a26ff56c49722cce4df42c0fae982b830897b8af3c13b81789b4c033928977e350d029b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b275cfa38d1243382967effe55ac95a1
SHA1436c34923e3dd4f78e2e9ff52529bb146b2a40c0
SHA256bfe25332de86f787ee39c141002beb535e2bbaa1703fbdb445bd0830eefee689
SHA512976ba5e0d04cfa9f8e742842818f5bc5764bd05b8189cbb7a26e0fb78bebddfa2da49583ad8966c24e1ed26e7eb8bae70d8ef4a19df048e18ad22cc7e5049b60
-
\??\pipe\LOCAL\crashpad_4444_QAOAVLELQUEKGFGIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e