Analysis
-
max time kernel
90s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
26-06-2024 18:13
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 764 msedge.exe 764 msedge.exe 4948 msedge.exe 4948 msedge.exe 4880 msedge.exe 4880 msedge.exe 852 identity_helper.exe 852 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4948 wrote to memory of 2624 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2624 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2492 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 764 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 764 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe PID 4948 wrote to memory of 2560 4948 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://apostaequus.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb2c33cb8,0x7ffeb2c33cc8,0x7ffeb2c33cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59a91b6dd57fc9c4880d34e9e7c6b760f
SHA177a09da6ef4343a8b232386e000cd2d6b9fc30a3
SHA2560170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a
SHA5129fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5bbfb66ff6f5e565ac00d12dbb0f4113d
SHA18ee31313329123750487278afb3192d106752f17
SHA256165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754
SHA5128ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD50d20072986aef139cb9e18389821a488
SHA1ee3615fd4a7d01f91cba962c6238498d24ea77c1
SHA256a18fa7b9d044d6d31820bdafec549c121730b479cd785001b0fe145994be3bdb
SHA5124f80c91de858bd320ad101ffe5ebca9932d50ceaecda7bc7bb7d35317ad26373ca04293558520b5c85051a1f3508a5f794786e7ab49604b42e841c309ad18a26
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD5ff15278bebcaf72b62d03ef802356f55
SHA1f58fb8c51d0f41ca83caf229384fbf1e2de511b2
SHA256ab4b00dc4166f6bebb74f4ca9281842d0a82887226a64bc6185fd4f5e9af7620
SHA512924dd85cd412ab396ad81f0178c2b945d28bb300f395e861a27e2dde240f9ccbb2dc487d4c1cb324b62af4a4a48212f4f1d1082e9185e9038bba81f5dc01cb84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD526003af9e3edda021de61e98fd26b96d
SHA10a3fb53cf1ae8c26ea8cba060acfee73bcbd5b3b
SHA256d070b1a42c0d85bd07a3140730701231ce3062a57723ee027c1d2b3067840a86
SHA512f9b9f9499a6ea9093fa39ed92f0ec7121696725a338444d5b6a6127cf84c18e468b0e7869933971b1ea52b0d7ef9a06004bb13739405a54154dd727d49fb17f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5cd66229fe268fe9a1b13b648c35ca16f
SHA19a0ba16cdfde2f80974a3616a8d26232d5a3be5d
SHA2563a544fdca5464ce7a454888c22689bceafc81af7345fee98412377e2bf321e27
SHA512b73ebc9102dbfc114544550b9ed4a065ffc073df4618d22c7af95ef97aacfebe9fa06bd15d1e5e0d0a2d2cdb130074e5d8614130551306b9cfde9ba2ba119a40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c7abd3cde38e95a7bade7d0de0f67293
SHA16a00c58945be464e82b6259163c8cf6e54780105
SHA2560117ae4a5acc0353885a50ed151be1c8b649dc7c752ab03907003be830f352c5
SHA512d7bcf92eefde02652cfa661344cbf87b71f05b14ae73d15603adfcc6bcdf9a55f1e7a5c5fca9bc74a4409800a90482d122d09b9ac819f3e1cd3d134d7a7cf253
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b106a941540a576cc9c112e1d09bbe2d
SHA1dd45cb3bf47d255491921bb566c186001f9ee727
SHA25651e014b13cb7efaa15ff8ea2cf67fa534429192a6aa11b4ea63da501edecf62e
SHA51250fb1672a498ea6ed76536bc4df46339ab245882a23b69c0fe700daafa84ec16a5fa1f65885567f52e1045c8e3f29a824b31d091a04cdd5f820e5b28c2c18c67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
873B
MD5c8f6e37d563989fbe45ba761b8ce17d4
SHA1672178f40b52b0aa47ab3185478b67ef1bda1068
SHA256f655f1cf5cf13633b2484f29e12e17c927d05d9dba06c019edf6f05a3f31cd4b
SHA512f905db17b5052a6c10da138f31bd394bd5904d9d9140ed0ab8b604a225b420357a3006eeab33ea122502c0011133293f57473f30b7e6a37a871463c0fe36aa77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMPFilesize
204B
MD5f709acd040af40580a62624a59f3c5ab
SHA12d9840f55fbc7ef73c22d68612e54304bba14c3a
SHA256bd47ceb727f5702c9859d17679ee004b351e79cb509d2a45621e114e2ed39cec
SHA5127165695c31b27ffcf12447e8cea0d099abcd5d84ef70b415a2e4dae03d3222f434c32e04a51101b951208fc8082778d6a5ea0b4a98492c870897fc59d62128be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55c2a43ba72a8a2336b181e74576878d8
SHA1f5a2d7163f9e0629aa48af96af6f411acf401ac8
SHA2566eb899f1a026b699499508e33e0feaaff45b21b0f3deec6038b035b67462b8fe
SHA5121e6539a6c9751916572215c758f55d3384a5baa2718da0cf872ba848fb1d0b76dc129392cf2e62ffc2f5f460d9538e95432f64ff7c0d4bb9157e69c1ff1488e7
-
\??\pipe\LOCAL\crashpad_4948_QWNMEDCYIMSHYDNTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e