Overview
overview
7Static
static
1URLScan
urlscan
https://github.com/p...
windows10-1703-x64
4https://github.com/p...
windows7-x64
1https://github.com/p...
windows10-1703-x64
4https://github.com/p...
windows10-2004-x64
1https://github.com/p...
windows11-21h2-x64
1https://github.com/p...
android-10-x64
7https://github.com/p...
android-11-x64
1https://github.com/p...
android-13-x64
1https://github.com/p...
android-9-x86
1https://github.com/p...
macos-10.15-amd64
4https://github.com/p...
macos-10.15-amd64
4https://github.com/p...
debian-12-armhf
https://github.com/p...
debian-12-mipsel
https://github.com/p...
debian-9-armhf
https://github.com/p...
debian-9-mips
https://github.com/p...
debian-9-mipsel
https://github.com/p...
ubuntu-18.04-amd64
7https://github.com/p...
ubuntu-20.04-amd64
7Analysis
-
max time kernel
1681s -
max time network
1690s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
28-03-2024 11:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win7-20240319-en
Behavioral task
behavioral3
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x64-20240221-en
Behavioral task
behavioral7
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral8
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral9
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral10
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
macos-20240214-en
Behavioral task
behavioral11
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
macos-20240214-en
Behavioral task
behavioral12
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral13
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral14
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral15
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral16
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral17
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
https://github.com/pankoza2-pl/malwaredatabase-old
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 960 msedge.exe 960 msedge.exe 3432 msedge.exe 3432 msedge.exe 1460 msedge.exe 1460 msedge.exe 4744 identity_helper.exe 4744 identity_helper.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3432 wrote to memory of 1044 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 1044 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3008 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 960 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 960 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 724 3432 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0923cb8,0x7ff9d0923cc8,0x7ff9d0923cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6327203522573114997,8223872564477376399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d4604cbec2768d84c36d8ab35dfed413
SHA1a5b3db6d2a1fa5a8de9999966172239a9b1340c2
SHA2564ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2
SHA512c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5577e1c0c1d7ab0053d280fcc67377478
SHA160032085bb950466bba9185ba965e228ec8915e5
SHA2561d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158
SHA51239d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5f6b161dd2d84093061f87d845f9e5ad2
SHA1c1ce4bbb3d96009f5c4b8205a02271cb92552217
SHA256a2f5e7de13ed634ef88ec3f582bb6c39b63dec56617fdeb31f33c76f7f23b54b
SHA512782999463a48460fbeed0832d0b45284d39180abc8f3214c887bd2c21c22299eb10ddeb5079ee51e52e4b090a2bef2db53a06206789fa00b7d0453b53ebdd52f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
496B
MD5c4897aa78d9edac4710b6abd9081210d
SHA182fff6d6a6c64af2e1e64a0a56c46cfc2a3470bf
SHA2561c2dbad9b7fe623f7907fe8875ae1df241de6ea09e8dbb063b885983420fc005
SHA512207439940f16c3a029f465c4f4b6d290f15deea00c5d46365d2bbe5a27c48371315a7a5e39366638a4d256c843470b6e9acd6fc7c0b85aac10dde6176aba026c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5186dfaac9c06863167009b38ac35f06a
SHA14d74b2163421ea062b902999c648dfdc0e5615af
SHA2563b6315216bad4e4edd4d3fcfb7f09e48b4566c16e4cd28298852412922de9de0
SHA512f846c148697e322c6e191a9120dc6a12b16004350a1ba058202604115b6f8e9ca36397cd2bc8ce00d965c1d62a8b4057f6a061e23d00e9af3d02d6a74f45665a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57d2ccfedaf7d96f60d5d36f83f7ecb5a
SHA194a18f66189d701a0a4b2b74236b44cb334058ac
SHA2561f68487a2dbe1c5aa040041fb00ef175462a5a4c32945ddb1d01b0e3ab678d40
SHA5128a61d1c28037ab37fd82040d70394813f534ffed29ef67980329c4b7798013717b4f6d433942d9926271d586cbb7c91a969b3410ad5c3b78468f44d4d6d8f7c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD577106f23db02056d13d79a3d4b453940
SHA13c60bd5860b5f0de38154e5168cf7ad8f7d09f1d
SHA256fc69c404a5f872d4ea3726b9458c9180f287bbde2ecbd0899233c685199e96ef
SHA512f14277494cc8cf4eb01ea1d4ab7da1b1abd70544ca6dc4cdc762b947aea21cb9f6c337a2bff0d5300027e3529010b5347120d88845250ada4e40780787a91863
-
\??\pipe\LOCAL\crashpad_3432_RAQENWCKXBSVGODUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e