16da5f43c15091e555a5c5ee659d257f16348428ba101331ec9810accbb1d16c

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_97fcfe0f47d47a91427140ae60382b55.html
Size

61KB
MD5

97fcfe0f47d47a91427140ae60382b55
SHA1

f1a6d8157c2b3023763ab7734c32c78d87539c14
SHA256

16da5f43c15091e555a5c5ee659d257f16348428ba101331ec9810accbb1d16c
SHA512

32a5d6bf1c31cdc39274d1448b35940e88db3e0c56bba92d835d7c58a630abe40c403ae845ee4b57e54a369f510b8b6ff5b790ec73a3b3d3c1174aa78b37e41d
SSDEEP

768:sfxcxeSil0kDxb3w24XFJjg3rekwm9laT0s/1E1iMkodXChONq+uNLgAsEPHetnM:sOx0ig3rekzEQKodShXHetnU0M

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_222834475\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_528125373\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_222834475\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_222834475\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1110103317\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_528125373\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_528125373\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_528125373\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1629283084\_locales\mr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877939029914931"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{D8F1181C-EA85-4B28-82D7-DA912C198409}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5800 wrote to memory of 1764	5800	msedge.exe	85
PID 5800 wrote to memory of 1764	5800	msedge.exe	85
PID 5800 wrote to memory of 1660	5800	msedge.exe	86
PID 5800 wrote to memory of 1660	5800	msedge.exe	86
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 4968	5800	msedge.exe	87
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88
PID 5800 wrote to memory of 5284	5800	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97fcfe0f47d47a91427140ae60382b55.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffe1c2ff208,0x7ffe1c2ff214,0x7ffe1c2ff220
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2040,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1400,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2684,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4820,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6364,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5284,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=1252 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=764,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1252,i,5744500336637996253,17248875882964813682,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1110103317\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1110103317\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5800_1461522188\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5800_222834475\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5800_222834475\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5800_618493085\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0a98ab0cdb2776f037cc71dc6edde396

SHA1
5bc37774955ea02d5840a5664d74fb97a7d75a31

SHA256
ca87abbddcfca002d111c75cce38ac69742b2f195ae8d30f8f786d7f29d85bd1

SHA512
efafaa36bb9ad4417b115b7476c1070592092bfa929096ff8565f90c640b73c23f6ffeb36dcdfd8dd958af93eb6c04885dfb910c61f9c36da593e55475fb772d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\a205d45d-7194-4432-b051-6dc4723e4211.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4b4ad0cdf1d49a6c0fee83981d8d08f1

SHA1
b9b26d1824abb38b8136a6a5edb1152a4fd0f756

SHA256
e73964540ed356e57c860cf3ddaa9c2a5f18ab349919c633408ac72e69ba77b4

SHA512
9f41b3e4700516c0090f79be2e10ea0f7735486a05ddd4c6e9108d4baded16c321b6355b4f9fb9f2faf4b693655c95562ec15edb0bb1f85e23191ff4d8eba0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
aa78be515516f717a318643aee5c0f7e

SHA1
20f31159d2dc4e43fa19e8b5de7a8ecd50c3b113

SHA256
c7f1edb93c14f6c420f4c83c09226a478da63669a373b82ad2e892ece340046f

SHA512
91505db337fe9cab8e0001c18d625a34eba33c46dd6fdf0546260d10cd30320dd9e34fc5394f592f4ac15867c1eea5521f460d7e8a4d9c6300eeacbfded4a6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c7c0312b3c3cc496710f2401a04ba7a7

SHA1
6c3f3f5324c3c58c7b0bb750f569fed2e0d21d66

SHA256
57939f224d5a711bea74cd74a294a8edb2ef2db1bb7947181322c26e328f392b

SHA512
425434fb9adbbcb35841a9f1e92d3dc39f468e6fc01cee1de3abdc36ce5ec2c33916bf6a20cdeb95547122d497bb3058bd1fd654fbd90647c49ed13ab017e563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
5f6cca567a291d5fddf36775826a974a

SHA1
4f2af860f7af8dd456715f4454431a72555aad1d

SHA256
e25cd1b9f07286055e8042548b4f602666edbb5a87adaf23ee7db9169240eee2

SHA512
783c58ddca9f41932d4dc98568cbe7afc6f89d0fd50752747dfead04fc91dad82ea5ab64af399547d050f6ec7c5fabd09eda2d4167a8acd1af5070828e5dc9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
7d8c13a0d400eb332eb0d053235925bd

SHA1
d3e012cc995fb25c3968621afbbb432b6720ba3d

SHA256
6b4a2a63be52b4c2d31c3b5ab61724cd5dd2b5b42a9e8fa469369472dd419f82

SHA512
6b9fcb2b64438a2089190ca95bf2360fdb891fc2989b8f4811a099166e6e0fd4ed407b0a87d1a3323bdf11b96467e3bb995df9fe17452e29420f3b37b6bd8681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
7bff5446cadbae76bf92770dccb9db24

SHA1
18101660052b072e3bb0273ce93f8974ab8d8820

SHA256
2b843436b3a10025959910d9fd0153f34309fb372b8d37a27487a816229edf49

SHA512
3546b4452d57b3dde303a653e922d2dc7b25b3c2f00519eba8ac5968cb4d80d7ab192b1dca8b68b0fa7681f165eacc9f0743bb354ce80ef383e5733a755b116b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
60fa2339cbebe56c7d4c475607a65d27

SHA1
facf61a813eed9ae92f70345679b8166d85b3b2e

SHA256
9d024c3a0ac6a7aeb36939cb4a1cc8ad5767bc20ae6647a3afe5c2335194bb5e

SHA512
82a78b0fe7805dd4d210552c417bbf10b49b4462899026be269e0092caaa898aed187f0de280934c0ba2438090ec290f69835e243789cdca9f84cb2053ca18ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
f7f7ae54ac05f69e1a4b13e2c7aa5da5

SHA1
9d7056a356235dc378c201bf51dd9929a39c158d

SHA256
0ad5ec46eed0b283c664583505f925f1d9d99ea27f7c20692890b0113893d37b

SHA512
4928769f7c811f58aa9c43bde7d7bb263ceedb6ec3f059e1b3da575a7c0a8c7c3147d2b6aa7c8cb574fd8890575c388829cb99d8089330e2e58578d7a68a529d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
21da78000f8478270a3724dd595bf3f3

SHA1
3de28dec5bdb801f8b71a19604d96628af364e5a

SHA256
e45bc5c442e629c4826e57b44606cbd3237173d161407e00e29878328e5aefdc

SHA512
97b06b5c75a04d3c79f7a29136af92feb5f280cb2541941d5492c5dba78b5ac4f497c33d1d5b42bb1e4280ac353c17bd3ccbe5996fd6442a67fa7f7d9e7b6ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a48b5f7ed20088c63e5695fff23070af

SHA1
a2cd209974172825290f0840f9ece23b8a38c547

SHA256
31deba2ac68ba2253cab743b355148b44d75ec93756c08a5a3fe46575d1d31fe

SHA512
79639ad719fa0613a3ebae823119b53fee21d60c3559727667c141f0bdff829492b24cd676037db23bd6fc6f4eeeb936eaffd955ce8c8db629ccf0112101a63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
dc95ee580f9bce93aed9acbbff13f759

SHA1
0af398e4677222fe00bdbb4fa22c417ee5e452ed

SHA256
182eda5b4516b06b76397a047edf16737bbc3acbda6f47fee3b3a781bd017189

SHA512
56ab93f5f68e73783e7c0ffd776c2f6426d58bbb5b84b50f23f56f192d5edafe94fafddad4f2678ef1d33a641d3c873720f18700f6b5dbe00eea28250a67e93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2b37f45a140fca76631d58edd84f42c0

SHA1
e7547cf159500d979bf0a6d102c7b8916686b17d

SHA256
8c041b9955636c14695ad6faf836ab2f09aa9d7363dcb978f948acf4fdd1e592

SHA512
2a23f8471e9c9eccbbe6c94ad5c8e649f006dd475759402982a9c4d855d85247faf1309ee94f2826748cfefe695a9d5255fd64f9624f25e81edb8d85b547d938

Download Submit