f3c0b5d3db9bc39bc3faf3800ce8ed6a494db823237ce17aadbc73bcc71fe23c

Analysis

max time kernel
144s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_934efac5acb127c51ac19cae87a404f4.html
Size

6KB
MD5

934efac5acb127c51ac19cae87a404f4
SHA1

ad22f66577de7be60089e72440e5e5f513d5dc02
SHA256

f3c0b5d3db9bc39bc3faf3800ce8ed6a494db823237ce17aadbc73bcc71fe23c
SHA512

5435670215796a145e9d2f3f38910086a48599cca16fc12109ea5cb5f2da66115599bab2117f17f38bdb697a164e628a1c9e22ce1d430d9635e5ea47e6797d0f
SSDEEP

96:LatvXaQj64WsfLJT/G+oZy6wcpMax+wIC/W:LadXaQj64WmJzG+Wy6wcpMaoe/W

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1711982619\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_904000531\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1823892234\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_904000531\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1711982619\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_964713174\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_964713174\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1711982619\travel-facilitated-booking-kayak.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_2018990670\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1823892234\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5960_904000531\LICENSE	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877761891003658"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{067D15F8-FE62-4512-A231-15B12FDB7B9D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe
5960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5960 wrote to memory of 1532	5960	msedge.exe	87
PID 5960 wrote to memory of 1532	5960	msedge.exe	87
PID 5960 wrote to memory of 4632	5960	msedge.exe	88
PID 5960 wrote to memory of 4632	5960	msedge.exe	88
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4704	5960	msedge.exe	89
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90
PID 5960 wrote to memory of 4748	5960	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_934efac5acb127c51ac19cae87a404f4.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffc5853f208,0x7ffc5853f214,0x7ffc5853f220
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1988,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2312,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1932,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3568,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4968,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4876,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,16404207737645154223,7078652103060192841,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1711982619\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1823892234\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5960_1823892234\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5960_904000531\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5960_904000531\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2e08e1053e3af9c727de3402df4be999

SHA1
4344bf2982920f1e3d2061908abeaf81f22eb82d

SHA256
68b6e369e4c6bad41bf432bdb4753b0822d2a17662b5aceb3475d47955c6f190

SHA512
f3873a4dc1b50ffe530b46364de3007549ee96ee601d9f6b4df022e63c4c72c32c0629878ff94b2152fc8ecee9be9eefe505b7c1df6d7a5d92fada3a5864e63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8a03923a00de2a45626ecfb79e8305ac

SHA1
44bf935c320b0931b58279cca0ebbf03d5d77a25

SHA256
8dfef597e10235896d5ce50c0d91dd198130e059c84c5241ed739d50b7fcff80

SHA512
a5f7e72aa6db38d21f8ce4ffe2dc03172fc33259d1c59e39b0db21ecf5880b032d375ba22aa825b40362ccc54c43bc48416a460d3279f24b1cf73c9d1eb903fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8ebf64642e5d296b69a3ca065ee62ee6

SHA1
c4876955510e8b912afc941f5c01b3a9555ec382

SHA256
7faddb31b498f92df4ddb7c56922debed9c5255463e2fdf884215e68a45933fb

SHA512
04d152b8d7892d9ce6c2e48fdcd55061241ce424fb9b834ba822d4d47257f0db6a70cfa0c3816ccc3d860f75301861f33c8633e5874729feab1eb4aa6d8c7e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0d8706774187eccc4205a40a0328ea52

SHA1
c2fd6ad353785b174a16e65740a008dd3172175d

SHA256
dee90f80afcba12caacb290077aee6c481f8c9a15b5a946ef28120cf91238726

SHA512
3bf508a996fa54bc9298914e74f806b0eee21e63756106d0f2578fbc78b54bc3f565fa7b46037db0a126c329707a49dcd7ca7d5795437f21bf1f0501882caf4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ca05a87dd83576c44338ec68725f06a4

SHA1
7d3131592ad4245a66069b4d4c22efc6ec2ac4b9

SHA256
f7cf42ddf9b064b4e85189dd123dd98c5713a9820593bc3231f4f5a6558559c4

SHA512
7e5f75d7d0d73f6a1a2f2a692f588c7f07b638396cd500492aaf44ee5490a531e4e0b1603540dceb1edd7fad0047a96fa3cb50c331fe152fefc09c8c7757854f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
b9675169a421518f43b8faf49c9a8386

SHA1
719bb918bedb371a5e4d79577a91e19f1840f0ee

SHA256
bf7b2815c08cd2610376329eeb726f624fd0882ea6727d0ffa29c0bfde78f824

SHA512
4cefa0e8e5ad0520a02f69abace21ba6be4ccd0fb9009923de823eb7cb122117f9e7ab1b5c3cae00e278d151f0f9332e0818f5850c40f20579b68c746e38cbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
894B

MD5
d2ec22e042ab735650d58adf27577fcb

SHA1
f4d4882b5d0248682a7de2837a27ae8e6e57e62d

SHA256
6f5e00043cd2b73c90a04564a89bba127f30056f55a84f4bde3d5c4789d04d2f

SHA512
2b65b694397f01a1ffa2ec9afc1a4f7d4022e1486951491d64920ebb464cbcbc850f2b7f879c99d1af14d41cb6f92df83400ae25c3d519ab4c7b3914cca449e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
57c725cf2346a40cefffbcde84bb2ddd

SHA1
bc08d9d9e0d57d80fdc22b5cc8f905d6688ff709

SHA256
44bff8c960ed7bf7dacab677035784e6ffd0c4381cdc35abbfdb054bbaae9ce4

SHA512
f04feb9137c8c0a557b92fd6099f53a0ef814673969c170310e16f496697af09eaf3bb493baf7e32a9ac76334b5d059e6bc12e59499f55a8e50a80ede44c3bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2024.8.10.0\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
ebec3dd0b1fe5dc717fedbe8b09ab335

SHA1
2f55507f01c005be97bc33fe7b9488d628c5de26

SHA256
d8f680d9a9677b9cad4271e927b33828fd1fc62fa9ba137924877520f1024be1

SHA512
bd7c35e7ec7a8900555e59deb938353e9d90e5b47c27523af126bb97d482eb8e298a6990bcc434b71d06fc4e8d7e97b52d847b888ceca43fba37d351249694ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
8254e2c8378dca076dbe8ce5b752b57c

SHA1
4f519293735841357eb2a1a480d86d3996721cbe

SHA256
d26259c42a84327c9824f75cad60b7de48c71b2de28933350051ad27ec5f2f41

SHA512
364d529361fca86b08cd3866407c91f2367967e0b052cdc34cb4e6e1649e1f285edbd43d56cb49ed600d1f6a036c1028f9c4fafc1969f55b253df63b31b424c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
5ca8a9b40502cc6956b0e94130789b3c

SHA1
57a38771cab11707de8b6d90437d0483679d4176

SHA256
12a1919dc17e1bc3eef460f6962ddeb28bcc156f320c5dc0b2a56a39425c486b

SHA512
4e924487ba5f79aceeb528c3b2d665899f1153d852742b5b8e5612340a74512452f438b04b7e966f1dce000de40fd15bdd3055736eaea7cf8130781b84ffdcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8e7dcd5a55646a28172ab74fad8fbd8e

SHA1
f7c0cfba72eb191ef6e65ba92250c8dfebac890d

SHA256
3b9005152756b553c08f9c8161780e4f80c0796b4bf6e42e369d6450d19ddf72

SHA512
86aa0ec8645f3f69eef9ad1c085a481c869ce5636041e9f89bc6dba725dce03825209241e74ae0dcb4a52d50fa611fae0e36ce1fa4b9c48d0bed59262e4db21f

Download Submit