TokenBrokerCookies.exe
- File Path:
C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe - Description: Token Broker Cookie Helper
Hashes
| Type | Hash |
|---|---|
| MD5 | E0C12BC6350A1D5B72A1754C2A7055AD |
| SHA1 | 2EC54036935C0B6C0A876A6D03172EBCE2D5B229 |
| SHA256 | 5DFE25C783AF173B694F63EE7C2DB6B1B4D45E11733E5B564B975581DC74A819 |
| SHA384 | 16A73AED166787262818F0B8B2B311B1A6130CA48D3DF8266B7B936D45DE6D7375ED4F4A1ADECD038750C131D2B75D42 |
| SHA512 | E3FD6FB5142BA923D1507CCB1AED561E011369795FB242253E3A50964B358D4B8170E68E1829C6E85F04C76C0000EB8C1D338FD43FCA68F1019331273EF46771 |
| SSDEEP | 768:hRQZGR2y9rpfrg+qap0CvjhOT905mGxdtN2nk0Bsn8Jmxuo:hRQtyw+qap0CLoh05ZTtNABs8Jmko |
| IMP | 84B55C1ACBF51F4052167259D29B3600 |
| PESHA1 | 502A914AA65035F352EBF8D433E73F65A49A333B |
| PE256 | C682EDB47460628A2E40FC210FB8E415BCA17D29D3EE38E543D9464B645E6E66 |
Runtime Data
Child Processes:
RdpSa.exe
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64win.dll |
| C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: TokenBrokerCookies.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.282 (WinBuild.160101.0800)
- Product Version: 10.0.22000.282
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: Unknown
MIT License. Copyright (c) 2020-2021 Strontic.