cb301b0ddeb1a92f0dc6d1f81d4e35154dd7e4d40fbcffc9528ba249219de897

Analysis

max time kernel
139s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_94b3cec23ca0b2760883a2dc76e751ff.html
Size

80KB
MD5

94b3cec23ca0b2760883a2dc76e751ff
SHA1

d445f7ccd58b9b937e7cb84eb3395e3631798c8d
SHA256

cb301b0ddeb1a92f0dc6d1f81d4e35154dd7e4d40fbcffc9528ba249219de897
SHA512

2ba5be96ab8403eb54f1833fa8c731804eb024c2de4d179f5f867203278082ab43fc257704eb4810820633c0f15324d97cf413a82d7f0df751e301f8fc12aed3
SSDEEP

768:S6bl+bvIZjG6FnYMZmRlG5d8vRvweIrFQ/4iQGwxV+3bAg78491:S6p+0UIfgc68rObm+1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5384_926544609\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1855934962\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1855934962\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1991530668\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1801872724\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1801872724\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1855934962\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_2005956861\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1991530668\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1801872724\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5384_114051313\_locales\km\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877814576684555"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{0A1FD450-D8D9-4E2C-9CE2-34A7F3AB13AA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6096	msedge.exe
6096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5384 wrote to memory of 3680	5384	msedge.exe	85
PID 5384 wrote to memory of 3680	5384	msedge.exe	85
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 5404	5384	msedge.exe	87
PID 5384 wrote to memory of 5404	5384	msedge.exe	87
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 3068	5384	msedge.exe	86
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88
PID 5384 wrote to memory of 2032	5384	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_94b3cec23ca0b2760883a2dc76e751ff.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x280,0x7ff86b04f208,0x7ff86b04f214,0x7ff86b04f220
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2368,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2420,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4880,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=564 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6912,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6800,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7020,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,15349737115430600623,15917902068564087574,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8
  2⤵
  PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1801872724\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1855934962\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1991530668\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5384_1991530668\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5384_2005956861\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fb7ead74dc51147eff79fe0eccc9a149

SHA1
bf41d1f3484a9a61336acac7063ba461b7147310

SHA256
514e0ad219bf63b885c99a3c2c7b57365237101ec2fd47c92243474f24f490a6

SHA512
53aa2be0e59913523b2c7475497b2f3a29cf821ab7563e451a681837e5374fb1383b3ec920762e2aa9b90d0854fd31663ef3140837e584279ef4164496e39864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d71e0c4b49539d1f965fccf8bd14f04a

SHA1
6a70fce6dd850f9d9ec32adc4d35c4074beb7cc2

SHA256
be1b88993f0b1110936a75a1fbba64c0acc08cfc206b38688730026ab6b077c5

SHA512
cb5742d6a9c53bb4263d007b042b21043a94666e6bd2b3db94e11c084df7200f7f0c2baf69e69a0bf3e2f2b9c3b1b05182125a563a4168b784ab930d737eeaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
944462ecb2173b412b7bbde3fbe69af9

SHA1
21afc201bfa308ffe609e6a4a534b9e36a842547

SHA256
406f3cd5d85ec494c5c4a773726c92ee98ed1e99e507df9cddf97c505b414988

SHA512
40d6c6a5ba36b93f8e6a46d3e493f2fa06ec767dde1e885b51bd6f05699c050cc26b6fc4fd72ecd508b4b8ba86cbf662faab9fc05f505db341a76fc894db5a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2ad84b9edfa4a239037f27cce5442d7e

SHA1
13e4b5b859117ea9c4d70c37959d48bb52473487

SHA256
b6406f10ad6173ea0e46509e97eda5b38034a6dba998d2dea9d10b0d7ff163c4

SHA512
477cc087d4a927fc94dcbd661e825d0d8b2bc0b607be440b216ac8118881e4e8a1618f29ae5509e37912de43179d37563f7e88a89ddbd04a6a6347e70392601b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
373310706a8a43390ace39c894460b43

SHA1
d7a1e2c11e65bc6ffa1c3be45a7fa820e4751d4a

SHA256
de020348aca59ff90a60e4563ddc846392260ad0786b83d95b98dcc70ac6ba38

SHA512
74c848969b8ecd475c7903ff3c19c5f519e66f6fb7d1703e13ac4dfa0d4fc39db49c7c48fe1654500b7764b3b6ddc2224012ef11fbe3dba3a0385f24b6a1495e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
32238f8c803618252f0cfa1d534d3ffe

SHA1
b231b02711fc07bf44bb1c7e17bf4cfc3e414895

SHA256
9d7694a50a7958b63dfb1b7fba18dfec60c936d0f14bde7995cd2b86b4994761

SHA512
08da659e0f2f06b3b0d4b44e7ab4f89c0aaec133464f00a1c40f3aba17d543c7648a005e112647f82f2776c1b4d4f47a89442ccbe301e253fa5bd03ef2a78c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e0343c089d8ca0e027804b1f937952dd

SHA1
761cba039eefe925b214a981839c7959738e4314

SHA256
7b7de94082368136fb11678a1df1965e821a1e0558b47623ff3b7860d034d1c1

SHA512
f96dc130feae368b737c5215db6b189571294291c0e8bfe4820f11e5ea03573ced0355c34ba40b0120968751620839c47681dd9f896d842b979eace6ba896bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
d45a77e98e911cb5cfc7caa454b67769

SHA1
7ed5eca56936162ca587781d0fb63a1ac4996fbb

SHA256
3548bc93548cd8529664f51b64867392f9752470c81a5cf3cf5a779a68a75aed

SHA512
8feccb813d82feb1924fdde6fc7f1076db5bfb0f1dc22186863419a163ba92dbff88cabc49cd2b525520bf7c214360e968f916fd6aa9df14c355fee771a7fca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3896b5ae0cec84acbdd45758989155b2

SHA1
dad62cc618e9901825dde45474361d5c1c74ea39

SHA256
407f9626139bdf28c1ea1d49381ce6c2f4813ebe15563c488ec544f80a3918ce

SHA512
eb5c0b8f031cdaa00747caeb90f7747b0d34646843545c14e98a65587fc1396214e48b3bc6fd240e6fce0c4066847b0b820cb858fb49d1795abf9111dd5c37e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
09190a6bd096d47a2a6e64d57459c963

SHA1
a74cea07bb79dde996b04c8b498eb90f0ff5132c

SHA256
b0865816dfb2dfb672159e5eea4b7a0195d1a078847e3630b104ccc3a559cb00

SHA512
a4f5b2971e1306da7bb4d282240c4e34e942e4d1e06df08330aca845f399eb15b4a5ebd6cd7a55f261fd6450ad544477f7668189845b9c035949409528b46ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ae9b796f0834416ab9f7b9b3c72a1533

SHA1
faaa2dcf763cb355b94b323c5676ab73dffdfa91

SHA256
d0e6b57f0d4066300cf12d435ec76ec14aacdf5ba787e26d3fbf2899bf4a65ac

SHA512
494e8fd7b078c6e0a0794bdbf6854eaa991ca32800876bb56a236d93a4bdb52f60a0ce13d6eb6422c36011edc44dae003530038db102a9d08b5fcb8e6197d73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a982cc56485083448fe344b7cf092339

SHA1
70fb1b8ba1b08bc3630b041fc2dd24071e81f0dc

SHA256
3d847c9b816c3bf761492c1e321b34721470a87d1f95b6d0b606764adcdb82a4

SHA512
f39d47af8f112fe83e269420f8578cab5fc3aa07c365445b6969f5fdf66b47294433ac4593f2d23b233e40e7491b3f455ff1c7f40e6789bd426d2fe778f6daca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
8d46d80208fd855e646c47fe63b883bf

SHA1
13814e7257948a7745107567c550631951eb6465

SHA256
bb4393d42513311c9a0ab5265769db1af2154fb8c5b90d4326394a11c73acc1a

SHA512
0984a48d0b8c654e7325a6ae69258409534d3f00c801733d9cc892f57922b566e863fbfc3c3ff9314bafd3efb7e5b199b7617fd573321a8c330eaf457ac8c6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
364fa5d213f248023da65e56efc56ccd

SHA1
6d03f423de68cdd3238921bfa475b9c74bff900c

SHA256
15eb1862f53e97b04f0fd378e8e22d53855caf848465bb8ee4c278b5c4880d4f

SHA512
7cc69f4b73e86fbfab1b46fda180742328c617f4feb4c0977048d0d470150465836447462d50029fcf7c1bc7a852dfdcd9565ae1e5c64e5ad4f732dc3aa508fd

Download Submit