Analysis
-
max time kernel
1201s -
max time network
1204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 18:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win11-20240508-en
General
-
Target
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629497018941762" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3076 chrome.exe 3076 chrome.exe 4248 chrome.exe 4248 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 3076 chrome.exe 3076 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe Token: SeShutdownPrivilege 3076 chrome.exe Token: SeCreatePagefilePrivilege 3076 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe 3076 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3076 wrote to memory of 1300 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 1300 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 3316 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4892 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4892 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe PID 3076 wrote to memory of 4208 3076 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6ac9758,0x7ff9e6ac9768,0x7ff9e6ac97782⤵PID:1300
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:22⤵PID:3316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:82⤵PID:4892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:82⤵PID:4208
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:12⤵PID:1456
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:12⤵PID:1972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:82⤵PID:1736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:82⤵PID:312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 --field-trial-handle=1900,i,272029374774660361,10628631064043717377,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:2116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5541264cd1abd7246267f3fcbe49f5b35
SHA198fffc5fb691af831bb74ede4f7bcd81e93fab81
SHA256a53158142b2c7e8c4847c1baa0349fcba7274b562b49ba9767b579288ab5f6b3
SHA5121638d838b2bd426681763e7c34d225ada922b10bd275555b0cebd2d8e44187321aa851460b660b76a96eb8385d9300626f8d8568ecb4099685dcd59ee46fb28c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5d546332a5bebd989cae7f2d2823ae8be
SHA12857ced246341182f71cf538ea8cd165dab94754
SHA2564b42e597709e81ad86d337c274861116f875aab428786f1354e8930c2313779e
SHA5125a4a9b2ba397537dfa4ae2ae2f7addb7a4dd1a08c5f2aee5292a59a9c559c611d127612380bd038db990c6e6bb1d23e4c26937cdb5b301250319516b74c6a803
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD54b099fe02c2aba6e70e66b82ae205b29
SHA186f5a9dd7dd4b7e29a7b15f241c2f730642e672a
SHA25604123f0a21722e03e27a20e5f308bbf51f7fee38132adfdd0d5bc0f2af4823b6
SHA512951e3846da56f93353e48cd16b11a87c468f0e47dfa6f069d484868e69a25e91d17a8985d3c2062ca721d24628eed52f732594a2adea54a64d0dae77e4793c82
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5def2c3467c7c96cefb4f5cecd6bf344b
SHA17ac7e38714b35817c809eeb8d7fabf4ff01a0b9e
SHA256520386680066301684a45489b43e21321c0b9739af29deb6225b99186f3d9f49
SHA512a1597155ae18f4b2e6abee22ab53e3c629f09924fe972fc81e3fb4331308a2ee4c4afc67cc44ca6984caef53bcd0b34c13a8e169fc4445a16beaed3d837a7fbf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD54558f6f8a63b06c4c4bc4a4c1b1b4e6d
SHA12252d58e26f1dcc09fe330ad1adbd89826292a44
SHA25666a8eba4fa918cf1b7a2c7df12b2ecd10d0a106ef09493c1a53549ecbcc4dde6
SHA5124a0c8e5daab3895cc9b8fdb15336f73a502c9369790c4555a2898c0089d0cb11ba0054cc34021743371d277fd63ea5897ffc4c925d75ff10fb20a6486bd5201f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d5691d17a9bfa073f474894fad37b43a
SHA16e5e33acb3a8008412d9da0e4fe04315e6ca758a
SHA256602ae0a50cc9321805b551aac0dc320372d9c3d1ee0cc7dfbf3b596c0a7e345c
SHA5123006de795bd3abe0a893d231147a17abf8e250939a37bcfba7886e9fa88b9ccd20a8ba5006e109f0931ca2fd889198a3c1a1a260eb81eff19ba89358c50dff90
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD570320e39ff1c79f8f17010475f4ab151
SHA1182ec9fb4a9dbbcf04c86edd33207ee7bbc3059c
SHA256843ba7bd760a0928254177018efdd838ae0c93f79c703f4a015863dfa4dd39c4
SHA5129ce1a9bd40fbe3f59c7a2f24a35df71efef7b1ff8032ca68a024b45ed2c509c511e33dcf56ea37ff5681ea28037e8fe72b204d6c215accc9ce4756c722be237b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_3076_LAFGBIHBYPNOCVHTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e