19c7b03775abdd55c9e49959e6043ebce99e1e39887a54afeec5613b5578d79b

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9654d5b9656ac45f5dce866131c59a68.html
Size

104KB
MD5

9654d5b9656ac45f5dce866131c59a68
SHA1

c655c10138f88645856e3b56c2c4001936145114
SHA256

19c7b03775abdd55c9e49959e6043ebce99e1e39887a54afeec5613b5578d79b
SHA512

dfe1540b2317a07ae87bc675e6dda113b9dc2f9d262d33f88f6d3a8815bfa39789b44a147e5007f2f5237b35e3e81446be6e467d5e8d30126953b8d568d82711
SSDEEP

768:Si1S5y5v/oU+TKIMviU85l8pJodPhe6KuhATRTCMDslSdL/Du4vPqZx3jXae1/C2:Hg81/oU+T+imodPhiRTM3ra+wHMtdciT

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_280295530\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1081928497\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1988659912\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_280295530\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_531306569\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_531306569\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1081928497\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1081928497\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1988659912\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1081928497\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1615912904\_locales\en_CA\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877885916721878"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{0CB81092-F192-4D77-B8BC-D2C20F0C1C7F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 780	4372	msedge.exe	86
PID 4372 wrote to memory of 780	4372	msedge.exe	86
PID 4372 wrote to memory of 3480	4372	msedge.exe	87
PID 4372 wrote to memory of 3480	4372	msedge.exe	87
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 3120	4372	msedge.exe	88
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89
PID 4372 wrote to memory of 2484	4372	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9654d5b9656ac45f5dce866131c59a68.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ff89efaf208,0x7ff89efaf214,0x7ff89efaf220
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2312,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5248,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5264,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5808,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5916,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5916,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5116,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3500,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6392,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5588,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5860,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,18147536784720401333,16131578569014437060,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4372_280295530\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4372_280295530\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4372_531306569\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1ab41b082359e2802c580b6a1dce9407

SHA1
86dbec001820aaf23f9d8af0fd5dd3c9bf0c451e

SHA256
81a117e0861e0a533feb8cc1a309befbf0605834954c4754e635efc58561864e

SHA512
0b0063710ccb25dafc0b909a24d5ff37ef0948ff000133138c225235afdb7fc4b881fe32e6aa83bf27f6a7b822b4731b363b7d77db97452ac796ef170be4ba11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5900486ac4ef629af93098607b5d4a60

SHA1
1ee34ef51cc66a6eb4b52cb293c412b959b9d3f5

SHA256
82886909dc78a23a6bb6d4b4ae6f1d8cbb55bec87442fff836568bb9e60ddc17

SHA512
eab08174d4b11e45749ab20a2212b64041f362917947f965b0435bec1140906536fb1affd32add3e3a481bcc3807f7c4e5b639aee8c2b3cf12c8d29844120c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d1010e4c0d7180333cfcf725c394f0e0

SHA1
f3421a970e532a75cb6b6ff65a1d50dbb46895f4

SHA256
8021da3f191bab688d82610ab5d0e1c13558f165505a557e0a94458a845f646f

SHA512
199039d1828cd060cb6e147bdaa466fce7f4bf4e66dbdb63fbebcb2d0bae9f5ee56646d6c645b92e2cf9a5cd5528722f9f69bf3d1da275b465936906d8706c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5fc960e707225cd8d6eb0904fad27dd4

SHA1
afa8434f1d4fb7dfaa62647ca27412f61131ff5b

SHA256
ecf00943930600cc8ec3f3ac70633dc7b9f7b50829dc9b30949b7217918104e7

SHA512
a2a75f84708cb0873f78019eb4b3c8e8d538912dd6148868c7bcd3011447250cdfe381ad6f7aa840d17310db1443796201eae53333636778c55b4754cbf4563c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
bc801a64d0e51b4dbae3e6c100b31382

SHA1
ee1853fc7446bc892306e6c9c3e3c57956c0dc2a

SHA256
bdd6bf1acf46ee60fbac670fde298086eacf402fef0b621b5ffb0abf60beb79b

SHA512
ffead7915b52cf93854db5f2e5ca0dae8afc706918b792c881565881fc8aedcf6a59cf04e5d15d076d970ad2aaea7b87b60e43c843db3b718117de23cf6599ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
394a89539895414e9f316ee13d2f0d5a

SHA1
7cf0375894b808d0bd0820472515abff5426459e

SHA256
cd8a9d7785861af03287fbe4039cc7617732a4618b313b1b210d95dae8b13419

SHA512
ebe04de7e5dee0696e73f4410bc56d206ed1c2502c0f428d334b3238827e2fa776a4c81d63210595b5489db8c65c14022daf2050a7792a3beb703830f90b2b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c4fc1f5b513b3ca77f1b75b8323a4c4d

SHA1
3b4d459a47700391ca4a00de7250d10bd38d3cdb

SHA256
46a7050e001622b42324b65f02d7856311c65f35399724075bb2dc3639865da5

SHA512
a8db36515aa3a0a3d2300d232fa86550a6eed22838ce51287506ac4d323aafe0edc3979c18c70a9fe4b441800ed6a1ba4d72f2009864e4c69d30553b3e0e376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
87cfe67a54b9b8500c934dd2f3d6cc0b

SHA1
69241691472e22a57a0ad06b8e3dc45a4e5b70ab

SHA256
94ee820589c85ac04707ed45b13bd41c869584c0fa8778d9770e611483c4a885

SHA512
a328fb2a18b93470a49d5b318acd700a41e862e4b0228fdd3ab72d5bc6c09ea1d5285a7fc07076f484e4ea80909948e5ab593ee21542d551c1b6c9e8e67be738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
052fcefc8fd362432ab7fe8dedadfbe2

SHA1
f2e3fc73eadc5e66d86aa25a67f8ab183900a137

SHA256
89f5998d192537753272c4fcc1f2bac6412711044ba87613a702d973f5ea8e25

SHA512
7cbc5886958384ae5c07c5affac6eb9be4c09b566cbc8773294fb0784aae8661eb26a2002517485791e6b5af382b869dcb22e8bddcd98cea22b8041dde1ba0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
0af3604f339d391618d3091163bfc207

SHA1
72cc09c36429f8ed222d4379464ea22324a269bd

SHA256
3181b6788f0dcc042997e2f683b52083456bb447960eee179967ca344bca3dba

SHA512
558be44ba05d646f6e73e956693319045435a40ff13efe5a245654c28d55ddf5dfd91388a486af8dffeec572c3a92a288740ffda524155157cfe157759d911e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
08b8c73cf99029449582ea360fdf7ed4

SHA1
894fa43252d3d275b0ca92407dba55ba10b9e644

SHA256
75276afd53a6989aea9ffe27c6d5cf038d1c7ca90be2a4bcb284dddd3d9c38d3

SHA512
eca2757b98e5529f623ddfacd70b95beb07a662f73792be6cb4589a7d9b5e63ea46ab4bd553f28ba7f238481d01ec8d7938573dd7c031d913d68cdf77e15f361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d3b45cb25d5c3d535420821b6a8eb488

SHA1
74c06c67960116065e883ab4c86505a90e0d5d47

SHA256
3064202c2eed6ac4bc8e9b42a6594d8c31b6bf09d50fee5f137c0ca229d6872d

SHA512
cf6946fdbeab4555dfce50b601bef9fc5d3b2170f41fbdc7bfc0161a8136fd929546422230fa7acbe896d50db56aeb005c927f20d890814a0e13d307b0cfd1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
cd9af3ba1bd9c3bd8814feae7240715e

SHA1
ba5c80da5bcb13469db2152bd00ba2900e2feb1a

SHA256
ad43a825fde1f664ac83278bdde24476c57ae85aed65327b05ed475cd9379dc2

SHA512
0da264e2450e203b2a2a1fb528038ecca6f41825347306735f4d5f023d53c2858b9a856a8273bd8e299f5638f4ef75b39ddb37f33758b214601f3d2a5ec69b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
89ad5cece70394febf51eedf631bb048

SHA1
131f3dd3cc60b3cbee6e3662119d8804e85ae9b7

SHA256
3b50ac823e5bad58e6911905b306fb9b781b4c07942d7ff6c8aab852b3f3ba96

SHA512
cf280c25f1969fc7add8cfbda94197513be989cbbfe5474d7d240386a4e1351d4b49cd58c80209deddae8c66004d4ee73da538fc241c9f9a2e16d21ce934186e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
37dd8a9c3b4fa370f163d79b8d0e0892

SHA1
236f4992a455aabad352c18b9a7a592415ebee5e

SHA256
57323cd301587e3750349d1857cb58862dea65a604993a08bb7ca2ca26a78a5b

SHA512
2c63fd545115bfb296e26984009c5857fa02093964e07eaea7a042dc6a57236e08771abcfd4dfd39a5ac3a8a3111e3180564e036668c19b9ea0275b5b4d4374c

Download Submit