Overview
overview
10Static
static
30930b4b48c...18.exe
windows7-x64
100930b4b48c...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3begin_pass...1.html
windows7-x64
1begin_pass...1.html
windows10-2004-x64
1policies48...0.html
windows7-x64
1policies48...0.html
windows10-2004-x64
1tweet1845418885.html
windows7-x64
1tweet1845418885.html
windows10-2004-x64
1uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7vitamin-c-...t.html
windows7-x64
1vitamin-c-...t.html
windows10-2004-x64
1zoo.html
windows7-x64
1zoo.html
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30-04-2024 06:03
Static task
static1
Behavioral task
behavioral1
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
begin_password_reset1850795531.html
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
begin_password_reset1850795531.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
policies484632680.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
policies484632680.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
tweet1845418885.html
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
tweet1845418885.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
uninstall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
vitamin-c-pink-grapefruit.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
vitamin-c-pink-grapefruit.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
zoo.html
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
zoo.html
Resource
win10v2004-20240419-en
General
-
Target
policies484632680.html
-
Size
9KB
-
MD5
469afd13ec8b7255cf9861321efa0c28
-
SHA1
ad60e9b8c63791cf5cd8e5d259d95532268aed41
-
SHA256
740e07665bf8958bb6b99b39f9277e2618737a8ef994bbf039f376d064ca28b3
-
SHA512
03f1ba22ee860badbe4d7952c346658afd9bb653cd3da222c8e68fadefda869a148f81321ee6d55e24e6c70f179e888c899b2ca75ba1b7f8fc8c3990435034b6
-
SSDEEP
192:11lgH3YSHEpUA4sePED+AeoWpt1+hhkjSOAMr3:11lgonpUAFd7eoWpt1Maj9T3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1612 msedge.exe 1612 msedge.exe 2196 msedge.exe 2196 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe 3204 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2196 wrote to memory of 1132 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1132 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1992 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1612 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1612 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe PID 2196 wrote to memory of 1644 2196 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\policies484632680.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb42bf46f8,0x7ffb42bf4708,0x7ffb42bf47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,9472336182989950614,16308238885787314314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD568ceb87b3abb74ef45796df4644cd1cd
SHA158bda10cafeeb09bea056740846b1d841df31ce7
SHA256470e8f3c9326a6ceaf9c8ae9248a95c5f03995f575d19f2798c1a727fd4f600d
SHA512b2266885c9c0960e0b72310f499d7b81b71ba136247c394a397988cbf394dede4e20021ce207f7c4edf64865f2af86a79e47dd855fcc97abc9f57b43335e226c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5bfae61bfd329a2eea5ee00c140ad3c82
SHA1d15b779c0d884cb370f38f1dcc9f6cf73dcc76e9
SHA256f5b5ff25df424290f342944feb0337261fd31f3904df816c68540bf72645ad7e
SHA51201b886c342f203fd09d7d734e9c7a6c0ad40d851b12ad781b8baa0eb7b51cf08f619df15398842b306e01bee21fe62d8156a2c775e009124a6ae6b984420ae9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f9aaef1541ac38ffad7835d7083d5546
SHA13a1435d436d5043c1e6c39d42863215aa58e8d33
SHA2561307e4ffd55e28541f6006f088a37ab04358a26a70d3b7dc3cca50d6f03e2889
SHA5122e4a0f71ba93177edbe37ad80e407da7159d1b607d2927369e7fcc8c14266e8f0cc215c86670722d8d4b5dde4764c5a5f3b2db48c6c6a77a29f52de24f9e124b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b2096190018e08cc1a021609bea2d01d
SHA16e47ba66c220c672a3acc60f974479138350731e
SHA256fbf8ef3afa70bdad359ac7f92b6c4c42020031ca74a89ebe82e651faa412db33
SHA51277ae984a0cfd3dc1918f0450a963aaf15204415dabe7f46287aaf170f63f93cfdae2b3b22bd94e619663e79b2e1b4bf983400721d67abe8bf976a7882aa114d4
-
\??\pipe\LOCAL\crashpad_2196_ETTPPTBNXCTZIKOPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e