Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:20
Static task
static1
Behavioral task
behavioral1
Sample
65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html
-
Size
71KB
-
MD5
65aaf33092a8ec3a5ba8df700e6ccfb2
-
SHA1
8c7364026ac4a3908369d50eefb6ebe6813bbc4e
-
SHA256
d2910bc42d416f627b69ec8e68af59834607276e5b1a8e9e2d4c3c88984a8b80
-
SHA512
8cc297646b80eb43a8f17eea98a04676b9f2c28f5b737a4534f91db1f4efc25b21b2f084113fa6066beb09398391533ddc8a1fad5103e700f954acb1a68f1267
-
SSDEEP
1536:T3xbEcC93ctjVz+eK+eB+eh+ey+e2+eP+ej+e3wI4B6taIO6eTk6JA4Ft95rc1Cp:1EcC93cttMj/YoxRB0aCMKVfSfMV616r
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2664 msedge.exe 2664 msedge.exe 4424 msedge.exe 4424 msedge.exe 4844 identity_helper.exe 4844 identity_helper.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4424 wrote to memory of 1536 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1536 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2708 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2664 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 2664 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 5056 4424 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d6947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD513125e28e3ebfbf6f88d1552bac78f64
SHA1c32207dec6e833def1937377621bb65285905b6f
SHA25649c16a76873f0a4493e5f8e2efc84bb635c4db8ad2f4e1d01c285e8081494635
SHA5128c71494f174b4d20222eeec0a8bf372bb257d364dbc89b642c3cbe12a654f33ee6d7fc3060b6a649e5b7bc5b7a01b9adecced5acb9df6bd5af5ee3f8e678a6e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD500300c419342cb8e8f93b15e9b461e58
SHA1725399bc50b777d36464cf39703e8f37610b6ae6
SHA2563a11ed884dda964c1758d59a08cb2ad085b29f435b2b68fff37f72d912ef1f7c
SHA512d36c4ddf5f14bed560dca6ab6dde565139754882448817c4837b93d8ef9341e4f3f4be805bb966c129969b874321bf88e2e631e42aa4cf7c9df82b791030605c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5bf35be575433950a254c1c215ce57f69
SHA1dcaa2127ace0c965f0415ef7402503dc65a40b73
SHA256a7f33d70bc9bdd0e4748fd5935378824dc52a8a55356bdb35034e1885c95e8e4
SHA51268f6eac39beedfbd27c8b605bedd257d83d6e742130a489659ccd464019577e3a95b1968833326f2faad156eb8a9e16d718257625cf7cdcce20fc949739cb841
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD53c40f2db5ddaf19339fae0873cb9a0c9
SHA15e40ff4b2128e9cc30f2859067c7d9a9a6eb5104
SHA25633c7fef5302c5f9475a7b4634b9aa6b337414a61facf4a5706a3fbbb280604c2
SHA512323e2be829d531bc06a93d77226e94cecfb9fb543dc54ebc947138b166e2dcccd900d12ff4555424f12c4b03c361142527e35a36c3e3b69f9fa70903a60d376e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56b83f6bb9e61329d7134f45daf2ae17c
SHA18c44f7de240b5807397be9a476ebec6933d803ea
SHA256f8a00be9d6996f37243103106aa8e0716c19fb574f8a461adfd6a125e03b9ad4
SHA512daee0bec6ecaca00f9259ce08acf6f236df6bb35487307edf4cbfb682d9a10d90904d8a59164e5e37f0599dfd74ca0ad3b02bec302982526c2f0f86f35a9abf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5de89133c8f67c122aec1ac93d91b3154
SHA167d32b78d37a6ec73febc22120382d08c7cd7e9e
SHA2568753a96dca185abfd57531bfd13e67a4925f00fd3414714e6e6847cf42ce204f
SHA512405bdbd87fa4c7e5f0ce5810f25e35eed3eba5f21a7b6d5665c6d81be41f340ee601cb5f76b7e3b55a00fecf250c729d5412bd5559385ed7340ee5ecdcf80dc6
-
\??\pipe\LOCAL\crashpad_4424_CFXLGFYOVGBNXAMKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e