Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 14:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://facto-edf.online/
Resource
win10v2004-20240611-en
General
-
Target
http://facto-edf.online/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 548 msedge.exe 548 msedge.exe 2404 msedge.exe 2404 msedge.exe 5060 identity_helper.exe 5060 identity_helper.exe 5176 msedge.exe 5176 msedge.exe 5176 msedge.exe 5176 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2404 wrote to memory of 2760 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2760 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2964 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 548 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 548 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 1528 2404 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://facto-edf.online/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb02ae46f8,0x7ffb02ae4708,0x7ffb02ae47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1904 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5566827506197431726,4688231572753781208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\charmap.exe"C:\Windows\system32\charmap.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD59f893786afe0aa34890ffcbb4c6352dd
SHA1cb4a9e63d7e578d225cf136f2e30463a1b20ec5f
SHA25612071d258f0bcab20fd225f95c568141ddb8925a09a93f4a22a1d6455b422206
SHA512423a1d7b38f9304b7152f181fd97f2bab240f2bbfdd0762edccf6a20ec95a201adeb6fc4ac7530b8d4bc6d751dd9493862e204d77b1ad8a032adc7e7df05dc01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5eae45be67c4c989916c26c6b03450d11
SHA1e384d54c72416ec073195c7be4309ee57342135d
SHA25648ea946a63466f880e452f21842fb51992f6026472b99c2b1558b7d3f27928af
SHA5120a0f327a6e6513dc30030052d2bcda7d497e38453f91fdbc8acb090ac9d06dff6f53a99de02b6f5d9c439c26dc846d8aac5b3df859e27e90b25b5b35dc934693
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD510b181bec8b5197e2caffe87b24c75ef
SHA1247b45388cf414a0d88d0b6529caf2e0ee5bfeb6
SHA2564cb188b89e8ba4b93249362c4c55b94866b2dccf2451751461ed6ad619be2a1d
SHA512bb8b1e5dda4e121fe99bddd33c5d275e209e5de0ee45c7dee41be18110757f47bd4744e4ffde8420cea348d05102c27a69bb66c814d719fe0189c9a0c3b75aa4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56a1e0bf609a31598bd40bf215a8fbe2b
SHA1d5f8951ea2b14bf0e5596978cab6145c3ad27547
SHA2568fd9e432e7db9c419fb1f05f9449e74d8679058d9945e2cb3fc9ebc11db0bb24
SHA512d55d2c1287b26999b1afcd20fce4748c2d9099c1dd4c340fa51a275c37c8ae3763779ce782bd6ae0b84d4d4172eaabd1bb40910bdd5c402e9efc6b7a67b596d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56ebadd9e605efcae7fcea103b524c933
SHA1ba4c54e48a024f03fa50ad2666231aebc483b0a2
SHA25659029e6e65c4a3f726af165c62b1dde74e2b6d901179b11425875edc8e5212f3
SHA5121416527e09f566416cbf77d6880741921c137d10ff785bd7ded2c31479160cb2f93d89c090947626ed14d5b97820917c92b7e9f4cc24dd4a6936ad8656f93b4c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD511b506b13da2deb8d2314127a7c0331d
SHA108a5813d83534232133dde08210340d34e2a8ed4
SHA2566212280a1f25cceb6004ad35d59a096069e1238da0eb2eb8aa82c07c01ed4239
SHA5124bde360a4b5167ee3fb52673185bb162f897f360f7fb777afeb99e2a5e63dfa78fe07a4e59815facebef1f25a97b2e9b333454dc786f42ad44ee6162060f41e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD589a9f518b7663cb2abd287cead8d9190
SHA15cc148b5c67bcc4b626b57701d177f25cfbd50c2
SHA256c8e3bed587dedd1a6b4fc98a6dcf1b996c57fc07e7ef121b2fcde5d268d34aa5
SHA5128a45bed7eae490779eca98d73fb5ecce796d1438e93e87899518781a6dd7c3b5e5e227682bb0b10cc4bc00f69fa116657e1bb2e8d9ad3843e14dcb61ae6c530f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_2404_ZFLPCQDVSRCCDUYDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e