Resubmissions
26-05-2024 14:07
240526-re128sha21 1026-05-2024 14:07
240526-reyl4sha2z 126-05-2024 14:06
240526-res2mahg52 126-05-2024 14:06
240526-reqw9shg48 126-05-2024 14:05
240526-rd5n2agh9s 126-05-2024 14:05
240526-rd2blshg35 126-05-2024 14:05
240526-rdxnesgh8v 126-05-2024 14:05
240526-rdt8asgh71 126-05-2024 14:04
240526-rdpykshg28 126-05-2024 14:04
240526-rdlwxsgh7w 1Analysis
-
max time kernel
1680s -
max time network
1764s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
26-05-2024 14:05
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
Resource
win11-20240426-en
General
-
Target
https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3100 msedge.exe 3100 msedge.exe 220 msedge.exe 220 msedge.exe 3496 msedge.exe 3496 msedge.exe 1056 identity_helper.exe 1056 identity_helper.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 220 wrote to memory of 3332 220 msedge.exe msedge.exe PID 220 wrote to memory of 3332 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 2180 220 msedge.exe msedge.exe PID 220 wrote to memory of 3100 220 msedge.exe msedge.exe PID 220 wrote to memory of 3100 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe PID 220 wrote to memory of 4696 220 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc51e73cb8,0x7ffc51e73cc8,0x7ffc51e73cd82⤵PID:3332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:2180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:4696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:2256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3496 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:3836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:4140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:4812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14747817240013017588,12361067138889442490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4616 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58e1dd984856ef51f4512d3bf2c7aef54
SHA181cb28f2153ec7ae0cbf79c04c1a445efedd125f
SHA25634afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7
SHA512d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ffa07b9a59daf025c30d00d26391d66f
SHA1382cb374cf0dda03fa67bd55288eeb588b9353da
SHA2567052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb
SHA51225a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5a2eb5e661f9fd8858529b0d6e5c9fb2d
SHA1ffafd43fe5d412803dcf144ce3c086d8020d1d84
SHA256e11e8d20f0f55fb4822f764493f4b7adf6714f1e0d88d738c2074f70daeccdff
SHA512e1cb38be88fa17e4725142a4df303e8b9e4f37558a9ff64559c342fa3c687c0e76b92af5497087d38a5d923bfe3b8705d4e0f2f9f31847f677a43e743b8a7d46
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fb24ba9615a3d3bdc4e851c77e6ee564
SHA1362f8efb21d841d35831f1c68ce7d007287aa821
SHA256c11efd6aed86f331174ca5cc43f5a6ed0f39bf5ec6d4ce7773677606c8388157
SHA512da35ab7869ec667c26bdc7ca05e599cbb3e79896697424bbcdd5d3499fb8a5a076e85155d73ff7b6ed23aebd34a8e5b2e0e324b6d41935ab03068fab0eb39d71
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51c258e1dd7f5ed62f5f594e96eba95da
SHA103f97bd687c5b2b147dd920d4e242a2f37e7b988
SHA2567c98f9c591d3f787f169b1e428c8bd4086655bffd5fbaeb5a15abe8a1d25a2b5
SHA51259e7721bad545c297ddb1dca5a9dd070874de27932179636dc1083c62dc9234e13e8d5361b1438ade5911d52ffec7fd40504f27bbcc1cee369c710e66b1bca6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5b5f70a36dce496cea06da73c73b14e75
SHA15fc5c2f3fa365be4ad91d102273bc45c2f542d64
SHA256f12da489d6b15f9f20a0e3689b6e3dadce15acd03e5545e90af083a7e592525c
SHA51242382020e8cdf669b2a84278d2929f36b62c6128c80ed544894ea0e5cabaf68c6249ae4eed787c8ccb3bd685bb8a87a4312fca87ca8ba9a311f5d4f1012193ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c9c8.TMPFilesize
48B
MD5b8b3e2968f5db4eab65a6f56d7a62f2e
SHA11bb96a4639b074d8f7cde0d8ec10471028c5a124
SHA25617df3fafda1871668b08c64dfbd0e14b0b57d4b83ce77473815f72afab3659ef
SHA51259f1fd9304ff9f1163fe128e496d91ec0288c1d41f89b5cf6141d07c362e158f20027c284e98c47f8e76f3e859adc72ecef4f5b440b881a6f9d447c3d386d4ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c4a401f2f5d84fb5b497adee525c14ea
SHA1f19efff978e3b0300ab86708bd51fb5eba7036ca
SHA25656d5d4ba720631deeceff9349c9baae5c02d690e351e0d7120ff6ee77fbf8199
SHA51244f8c8431d75e27481a6934b6cbc61d9c2eff8f5195ac0968d76006ffc9d1b47ace7ecc4ffabd7dc31d7fca78f7b5d4ca172c3a64a7d33a9496eafce0ea886de
-
\??\pipe\LOCAL\crashpad_220_SIYEQENVNPQTHUHMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e