Analysis
-
max time kernel
148s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
22-06-2024 11:03
Behavioral task
behavioral1
Sample
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe
-
Size
100KB
-
MD5
01d06f85fce63444c3563fe3bd20c004
-
SHA1
c4192f0994d5b9a5efd18e9a697dcf78cc092c0d
-
SHA256
bd11592557d2dba4e2cc5cdfdbc61cba64735ae01050db58557e2281389512a0
-
SHA512
0846b6e70c32fa21bae9f8eb05cd4d1dadb8f806baafeb27a19ea2ce44ec2d3cc3184925628ca4132a2e83e6c5f914db72c84cf71fbf448997d84bc69a553e1a
-
SSDEEP
1536:ugResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:t3S/CY7GQT9iqx0XYg7/
Malware Config
Signatures
-
Drops startup file 4 IoCs
Processes:
netmgr.exe01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ netmgr.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk netmgr.exe -
Executes dropped EXE 1 IoCs
Processes:
netmgr.exepid process 2892 netmgr.exe -
Loads dropped DLL 1 IoCs
Processes:
netmgr.exepid process 2892 netmgr.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3900602508" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3962946197" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3900602508" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3899196409" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3899196409" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1401D9A2-3087-11EF-86EC-6699275097D0} = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425819194" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
netmgr.exepid process 2892 netmgr.exe 2892 netmgr.exe 2892 netmgr.exe 2892 netmgr.exe 2892 netmgr.exe 2892 netmgr.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exeIEXPLORE.EXEnetmgr.exepid process 928 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe 3756 IEXPLORE.EXE 3756 IEXPLORE.EXE 2892 netmgr.exe 3756 IEXPLORE.EXE 2892 netmgr.exe 3756 IEXPLORE.EXE -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exenetmgr.exepid process 928 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe 2892 netmgr.exe 2892 netmgr.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEpid process 3756 IEXPLORE.EXE 3756 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 3756 IEXPLORE.EXE 3756 IEXPLORE.EXE 3700 IEXPLORE.EXE 3700 IEXPLORE.EXE 3700 IEXPLORE.EXE 3700 IEXPLORE.EXE 3756 IEXPLORE.EXE 3756 IEXPLORE.EXE 4888 IEXPLORE.EXE 4888 IEXPLORE.EXE 4888 IEXPLORE.EXE 4888 IEXPLORE.EXE 3756 IEXPLORE.EXE 3756 IEXPLORE.EXE 864 IEXPLORE.EXE 864 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 35 IoCs
Processes:
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exenetmgr.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 928 wrote to memory of 2892 928 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe netmgr.exe PID 928 wrote to memory of 2892 928 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe netmgr.exe PID 928 wrote to memory of 2892 928 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe netmgr.exe PID 2892 wrote to memory of 2416 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 2416 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 2416 2892 netmgr.exe iexplore.exe PID 2416 wrote to memory of 3756 2416 iexplore.exe IEXPLORE.EXE PID 2416 wrote to memory of 3756 2416 iexplore.exe IEXPLORE.EXE PID 3756 wrote to memory of 2668 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 2668 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 2668 3756 IEXPLORE.EXE IEXPLORE.EXE PID 2892 wrote to memory of 4284 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 4284 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 4284 2892 netmgr.exe iexplore.exe PID 4284 wrote to memory of 2200 4284 iexplore.exe IEXPLORE.EXE PID 4284 wrote to memory of 2200 4284 iexplore.exe IEXPLORE.EXE PID 3756 wrote to memory of 3700 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 3700 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 3700 3756 IEXPLORE.EXE IEXPLORE.EXE PID 2892 wrote to memory of 1276 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 1276 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 1276 2892 netmgr.exe iexplore.exe PID 1276 wrote to memory of 1828 1276 iexplore.exe IEXPLORE.EXE PID 1276 wrote to memory of 1828 1276 iexplore.exe IEXPLORE.EXE PID 3756 wrote to memory of 4888 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 4888 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 4888 3756 IEXPLORE.EXE IEXPLORE.EXE PID 2892 wrote to memory of 1916 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 1916 2892 netmgr.exe iexplore.exe PID 2892 wrote to memory of 1916 2892 netmgr.exe iexplore.exe PID 1916 wrote to memory of 2388 1916 iexplore.exe IEXPLORE.EXE PID 1916 wrote to memory of 2388 1916 iexplore.exe IEXPLORE.EXE PID 3756 wrote to memory of 864 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 864 3756 IEXPLORE.EXE IEXPLORE.EXE PID 3756 wrote to memory of 864 3756 IEXPLORE.EXE IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe"1⤵
- Drops startup file
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe"C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17414 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17420 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17426 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome12.ini3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"4⤵
- Modifies Internet Explorer settings
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome12.ini3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"4⤵
- Modifies Internet Explorer settings
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe-nohome12.ini3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"4⤵
- Modifies Internet Explorer settings
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBD06.tmpFilesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GU2A83AM\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.dllFilesize
51KB
MD5ffd43ae9ebb59c9fd3b5a2b52addaed7
SHA1b274ba1e9e386ecd129bc4957f1bc5d73056e0a2
SHA256c2c601b8a7d8511853a9e5a09bf78af1ea2fe481529e216ca9c42bc2ecbbe3a9
SHA5122f87022ee56ba03e06e271aacde55933e9f4cc83b314c5817a8391a5b15b23230d5baf674eeac792933f9bd5c2d6ea495a74edc581df76d3e7a9b0d506636271
-
C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exeFilesize
20KB
MD52dc139d82a2a5bf027bcb6a40f75b3f4
SHA153549df8a3a3115e316c5c34a79ceb8ca1b61b5b
SHA256eff3444317ceca3b4642ee4ad3ed947f7bb17e35976465fad686ddd52cfe8cc5
SHA512780d8c107ec2eca2f08759c01b2dc2308f92c3d466eac46132dc8e279b0e770b4fdfd7f6dc672c2512bff9d334e3357176e82b5aadf5f16e84b724c19876a7da
-
C:\Users\Admin\AppData\Roaming\Adobe\perf2012.iniFilesize
150B
MD5a6a97e5d6dc6a5306e269c267f68edce
SHA17217d9a9386fad675bf7d966e0b37c535f86488a
SHA256550d806901c92b91ea78cee49ee11f21a51c6065019ed2095c673ab6bce78cbd
SHA5122210fd122f8bab59c5ea6aa8ac22874d758f5c5a40ae4a8d374a5da6b20d56f9e035e83ad9c0859b5051eaf73baa43f581141b41b1ca57ae47ffe69b71eccda1
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e