Overview
overview
10Static
static
30930b4b48c...18.exe
windows7-x64
100930b4b48c...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3begin_pass...1.html
windows7-x64
1begin_pass...1.html
windows10-2004-x64
1policies48...0.html
windows7-x64
1policies48...0.html
windows10-2004-x64
1tweet1845418885.html
windows7-x64
1tweet1845418885.html
windows10-2004-x64
1uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7vitamin-c-...t.html
windows7-x64
1vitamin-c-...t.html
windows10-2004-x64
1zoo.html
windows7-x64
1zoo.html
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30-04-2024 06:03
Static task
static1
Behavioral task
behavioral1
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
begin_password_reset1850795531.html
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
begin_password_reset1850795531.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
policies484632680.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
policies484632680.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
tweet1845418885.html
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
tweet1845418885.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
uninstall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
vitamin-c-pink-grapefruit.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
vitamin-c-pink-grapefruit.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
zoo.html
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
zoo.html
Resource
win10v2004-20240419-en
General
-
Target
zoo.html
-
Size
20KB
-
MD5
88538df19003582f822a403c9e10bf45
-
SHA1
818a0d2b7883090cca53ebd20ea22792c434eeda
-
SHA256
5b8a5147236aa02f35ff811c2b4299ff186bbe6a7e0f1bcaddc17c1f47b02f38
-
SHA512
3173b04fa8f77f0f64ab9d6aa8c5d0970bc1882e5e3d726e4147b8305e13e082eed37c800686da125edc6e738953adf4bc98122e7cbc381f3280765612038a5d
-
SSDEEP
384:xC7FFJHWfaddUh1AfurwpIClBFosnqjVN9duWkolBJ:w7FFJ2hrrPyLoCYVNrvlX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2016 msedge.exe 2016 msedge.exe 1648 msedge.exe 1648 msedge.exe 872 identity_helper.exe 872 identity_helper.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe 1288 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1648 wrote to memory of 4408 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4408 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4260 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 2016 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 2016 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 5028 1648 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\zoo.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff035946f8,0x7fff03594708,0x7fff035947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9629503953818596086,4598162891230606158,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
180B
MD551e3cb992c436f4720b0e6c83c4e194e
SHA1b995d9d689702148821346592bb338a8282b4d68
SHA25694ff69b8ebc41ce1d68b14cf572bdd8e29d49420a8d1ddf20b8edd7bb72fbbc5
SHA51218e7749b819729a36f36ceb8816bd0db4e22ae71ea0b8448874351e6ffb714ddb799c03e0e57f2fc8081700e85925598dd9b4cd3af7768d566c51e3bc52aaaa5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5eaf6cedaac853c2a1f03ff43e229781c
SHA1e7bfb07cdca9560b8d891bae85d1f92c634c889f
SHA2567bf2467942255da48077779f4693e318ef749e9dbff1ac0847acd09fd4346fcd
SHA5129efa37e0052a327a5000f14a03f933b1540b0d11a5a86dc046878c15828837f444cd36f9f2886b08fee3a474b644f16993ad6fb51556a32b5f4ef8fbbe8301e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ae73985d532bde9975ecad23f3049d2b
SHA18122846fd86097776a731fa341dd60ce66b14576
SHA2565999e3605a2c897e61db51976e0fbe094e478e5bc6ac7a8db4f17c652c92b4b6
SHA512539c715df6a17d0791f39dab0b9e25ea87b460faeacad7ca512611d870a843309b4e4cf286e4e74368ad819dcaa1badeee4e0e0257f454195e9a8852fdd240d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5864687abbabad9ac30d747fcec518a61
SHA1af6974e3e550e13d2e322fe84acf048cf1f75e7b
SHA256539db3b117d10f658d2adcfe38fa0712dce2a2ee1819ef0b875a8f79339d0e7f
SHA512702f2c40f1d22476802b78bff6be469a8e2bbe1f6eb4e6da8d8fdf1a02dcc7f5ae82c45aa85d196bc4ca6402f46a379fd428470765e334ab34d4bf4e0018c6cd
-
\??\pipe\LOCAL\crashpad_1648_XBTKGZHYFYXHCNSQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e