130f729c3bc491fab16c3b9aba2b75edcf98bbaa42cbaa5b775ddd776ff5e7c5

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9356f753be4888650256c3937d2c53c2.html
Size

48KB
MD5

9356f753be4888650256c3937d2c53c2
SHA1

34cb4ef76014d75078d73b3954b4fe5860f6ea30
SHA256

130f729c3bc491fab16c3b9aba2b75edcf98bbaa42cbaa5b775ddd776ff5e7c5
SHA512

e44283aa39a77d66ad33db488299e72e2735bdf8925ac3ff126221c4488b359a89d12e6828d178909bce8da76e73c21be927da859277f89920182f658dc972e5
SSDEEP

1536:KGw4IKkhqCOZyP47jFi4o/LzM+W3tyOSX+lSvvxstqJr:KcIuclgtyOSulSHxstqJr

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_256906393\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_256906393\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_1042272221\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_1042272221\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_256906393\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_256906393\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_256906393\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_1042272221\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_206419624\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5928_889662921\_locales\lt\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877762585717921"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{868B0635-233D-4161-AFF3-67B9DFEDB1FC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5928 wrote to memory of 2376	5928	msedge.exe	87
PID 5928 wrote to memory of 2376	5928	msedge.exe	87
PID 5928 wrote to memory of 1604	5928	msedge.exe	88
PID 5928 wrote to memory of 1604	5928	msedge.exe	88
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 4520	5928	msedge.exe	89
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90
PID 5928 wrote to memory of 3616	5928	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9356f753be4888650256c3937d2c53c2.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x294,0x7fff425ef208,0x7fff425ef214,0x7fff425ef220
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1940,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=276,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5144,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6196,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4996,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5516,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,9614097608444839202,2530052538200122620,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5928_1042272221\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5928_1042272221\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5928_206419624\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5928_70943959\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5928_70943959\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bfaf8d3391f0e9f0f3477f164f842660

SHA1
34c6e4c91b09c4ba8eb47d62536625adc4402d1e

SHA256
8c8c74c49aff82350934c3bb2594f79fe8d78bc7fba4a6c483cd6cc9ab46d03e

SHA512
c0089edf8e716ecd5a82874279f0ca995186e9e8a7763fc44bb1c234a47f87fe3efa1108fc2ddd3719868f4ab33451233c742e2c7379725c70bfbc47c3ce5aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
69864e4dda63734943a4809a6d5606f3

SHA1
ff535efc3965c5be1446bed5e4fe48457044ebde

SHA256
53a1e067f8c4964a977ee75480f20892d95f44eee4b478f3f964a575b3089038

SHA512
f2143bf2212a4488bab8be14ae01f56d0922054d20879ea1c14c7c801997995f908ae318283ca78a17116a6513cbd9369f7f7bd95642156b3cdf66fe92e53147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b30487933ef9f58383d1fad33d0e5c38

SHA1
e4ab2b44c6f6d3568b2ff3b093d50c4bc108d36e

SHA256
d9ea8f227d591049b96df57175ac0c722e97d2b9744cefb233e05bbba42ce49c

SHA512
8448025f08842e8288b6a4f9a76f8a26c4274aeb25fb5eefd1ab0b55f9d8dac99a2800d45bc49bfeec357ad44f1dda896c91980a87e6a66ac5814c232e9960c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
45a3ad4e8608155253ab6ee3bde83eb1

SHA1
cc8f77b9a803fa8dc4cdfd6b57274bfcc5a5e824

SHA256
83990a3b248157883d36227f30941844e38bac358a642ed36de0b303f64fb6d9

SHA512
49b60a4afe94843ca73bceb02b9642587e08d352beb17127b56c65c55b549115c03a5c0107ac030ebc1534822ef5a917d5bec1d29475f7e6aa4ef5c9607f67d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5b687a38f45478053ff87987fbdec8a2

SHA1
b7124ce66c11e171720463808954bcc67a4f23ac

SHA256
4e3ec112bfe8022131ebcc0d6faad7491eb4d2168eed463e7299e1471f23b278

SHA512
0c074810adaf621b5f105786374d3f5b0ac6aec14002d41301e966cab67a7c81037a636308229916802cbe97d2a6c4e1d8c612a80549b8b8db8b190ce5012c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ca9be6da9d6e5ba07fc45c050b6537b9

SHA1
302af6e1fce35ed0c860a2d7eaf8e4eff241edc1

SHA256
17cdb824eb456f1350d8a47ed3d99c298708df95638a39097f081a8b05feaadf

SHA512
aea2bc5ed13a7590817af9699c0ce6ac6ace8bd86195cc3dbc7b68558de239ec8e52ea735689e023bf6b477b1b87df1235aab4dda2f5375b009d5fd800096ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f25f73433b6bc9d1c4279df9d3be4b3d

SHA1
a960cc941125a3880cac5ccd9b9e6017e06ac2da

SHA256
5086902f0f7a5ca39a8ad25b04e0656ec1c2c18f367bcdd51c325c974f70d15c

SHA512
67d95c67c642625dc14283e2c3e9287f0ada9f9344d1e7aafedb0a5bb6ca0b0e73a73e99e5597b634eca20ea6586dcb82d7080051412dd625f26182ae6510b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3ec7862f559ebded52f3da05ad857658

SHA1
0e7189164e0d30fd052bd81ae0b2cafc11b148dc

SHA256
d10c6ebb2ed8af1fb823e18361118362c71e873976ba725f235df5495fec48f5

SHA512
58f9d723b046b193eb08e2c3abe39d817d06ed7086e963ae8d273cc3353fffe7f4c249263ade3a63011695018d479508df868fc67bab1677006e3feea7e209a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
6a80c06b356f15e084e120039fc8637b

SHA1
c0fbf70374ba62e36bbf1c64add05694b189033c

SHA256
186ed2a2218b4e4b99f7abe114c1f55179f38152a29db16ed0df6943a392af40

SHA512
7fff0f99f6d86ed3d6888c37594f442765b8daa6f2eb5e935a2fd2d5669d4b0e873ebf1275efbef90dbc2c08873da480d542179edd325789e9662a0f0f6b165b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
df5029a78f496187d77978fdd58f0399

SHA1
ad6bd51d8a1049ae0d269891733eb5777eb26af0

SHA256
45388d03dc7d67568dc4bdc31f2da549e86e2862da63a6e63a45153ef3309eca

SHA512
1756fae147dbdca51b427ca8157907986e91cde7c847d1ce3c8e93b0bb49d0667f81961d816e6bf0aa646a5c81ff98b2b779a9fee79333e5c50a99e31134b838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
86d9ac357ea26f2edb3f7a2d81a04618

SHA1
a28d629aacab653160acb416f97697edff278162

SHA256
d3c86e7a421fd30e15eb0c646eea51b1e6b9ebfcced3cb489b9d55228da92f97

SHA512
05ac9d43fe96b8bdf7d5b3c6c739af6bfb77b9a42660df1caa845cbd17db61ecef8dd163ff14ba882dc8718dc918bdf054ace46b6b319d78e06f7d363ebef53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fe333fff92f94f125eb12f0f1b0e5f8b

SHA1
fc60d22804c6e8494be7ea621b8c59a22f353b3f

SHA256
82d2d10ea6c0f1a48d21375acdfb74ac4679ed9902ee49860f9bff413231430c

SHA512
5dd8ae6aa0f3d15df2539b2e58e4a409c66660bcf1563e4a8c321879b05c021278555264f340e7eadb0c3fcb34fc92aab08c695be8b68d13130099db9f9c092a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
440b335dfff6a37198bcd5152ff91f90

SHA1
5d14ca915fe6b422d6b4f6320b245257c1c0a20f

SHA256
ae4dc41b20b666b657e2d789737145b017893cdd6c106727ee790298fdee6a2a

SHA512
f34b8f5e20109f436df35540803abec2eec23107f49184fdc619253fbf5dc4c34baf45f776b52d427f5a384cbe66f2c15c63e255b50617f68914d5622ad6468f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
8adbced1a4ad76456d1a5e6e485d5324

SHA1
922478f7ddd23bb6cee4f7d4f487a50b1857bcb1

SHA256
c627627ac2cf0327c21bb7eced673586e465e467b3693802d828ae0193b9399e

SHA512
10d5dd63cdf750be98111f77a5b947624d72623d2ed40b7272329da384a9afb2267a92e3e9792bf2baea48a2539193fdbea031753ad844c8534cd32125b1b69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
199b36254ce4eabe875a6b341ad93233

SHA1
d030a65f4df327a03c17b6b38a67346147ac5892

SHA256
a1f8b94c988be74b4eab768ef91754fd15f2552293d1d9862a4e4d0696e84a76

SHA512
59aecd7f8731a94bd8a03974ccc0f82c321a2e30d88f90364a1f50eb2d624369bb7b24cd0ff6a12859310aed4027728db4b928943f02bf19d0e36cac02be7b84

Download Submit