Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 22:20
Static task
static1
Behavioral task
behavioral1
Sample
03c13400f15f52cc306dd7dca0aad594_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
03c13400f15f52cc306dd7dca0aad594_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
03c13400f15f52cc306dd7dca0aad594_JaffaCakes118.html
-
Size
721B
-
MD5
03c13400f15f52cc306dd7dca0aad594
-
SHA1
65a2bdb7bf8f7538aced7169226bf8604bd20247
-
SHA256
ff8ff766c0e0ec9a8b7ee9326039b522561494746c839199167dd4fcf2803c53
-
SHA512
ecfd28d90e871991260139534d31355e060a3a655fd1ba4d71611490e8a2c41917e1055c6c1572c0791724dcce73aa6e9acdbe543561dc601a395ad9e20ec3be
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3488 msedge.exe 3488 msedge.exe 2404 msedge.exe 2404 msedge.exe 2616 identity_helper.exe 2616 identity_helper.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2404 wrote to memory of 3828 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3828 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 2228 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3488 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3488 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe PID 2404 wrote to memory of 3900 2404 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\03c13400f15f52cc306dd7dca0aad594_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe732246f8,0x7ffe73224708,0x7ffe732247182⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:2228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:12⤵PID:4128
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵PID:3872
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:12⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:12⤵PID:2072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:2844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:2456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵PID:456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:4540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:12⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9113409299517124346,3734803360800550400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:3960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2420
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52e27a951df1d4c61883c0652f80acf8a
SHA1a436653dd84c64c5836f1cd0c4644d017cc495f9
SHA256c36062b46abbbe0a84a1873a0340d1eb9cc05b8741f13407bc3016205135e359
SHA512db64a5cf6208fdbcb431ebfb69f479ffd1a912a71a815476c545b4b7b6fb183aa2a9fdb389c5ff4156cd5b8942fdc21d12ebf8bfb4777e621bafd678f0d2d46d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5511df0e08bfbcb023b60fb9d223a3210
SHA1065b5a38b94a77f1b4c402d6092196caf6cd81de
SHA25653b3a13ae57852c1af86365ac89cdc4c5ff503d51537d889f821c2efd6c8e4a5
SHA512ce5e551b34ca5a7f38d5f4c60622814ab7482a7588c424c42f852ba778ef2a78e9547a850e8a430bb0bd46039930e2a4db32218d55537475e98149ec31405eee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD560b8150d2a2c4653c20043651d4d11da
SHA1632cdaf6de5bc5bf884060e28c439e89c9e49e69
SHA2560f12b91f6f2005fd3c0e1bb8ce08727b8fb8e03b00d63740f3d3d8814fa70458
SHA5121b24d46227532326b60b43ea4322689f829530ada02ed43c625215e8d3d00170fed9a3744e21dd587ae8bc12d5c636d89632887dcf64ccb1ff9f34b8601e45ce
-
\??\pipe\LOCAL\crashpad_2404_CTLIXLQHNOSGHVCBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e