hxxp://myapplications[.]microsoft[.]com/

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://myapplications.microsoft.com/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
53	1968	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1205680592\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1911661995\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1911661995\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1911661995\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1760212706\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1205680592\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1205680592\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1205680592\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1760212706\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2464_573541365\_locales\hr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873983159987457"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{07E0C3E8-23DE-4075-BB3B-BAD7211E1512}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
828	msedge.exe
828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 224	2464	msedge.exe	85
PID 2464 wrote to memory of 224	2464	msedge.exe	85
PID 2464 wrote to memory of 1968	2464	msedge.exe	86
PID 2464 wrote to memory of 1968	2464	msedge.exe	86
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 1912	2464	msedge.exe	87
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88
PID 2464 wrote to memory of 2852	2464	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://myapplications.microsoft.com/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ff9b0b3f208,0x7ff9b0b3f214,0x7ff9b0b3f220
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1412,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5008,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3808,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3920,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3768,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5352,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3396,i,18237941032635673419,9976124990020802820,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
  2⤵
  PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1138565342\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1760212706\manifest.json

Filesize
118B

MD5
3004ab7c9e3747e5109246e7f6b3859b

SHA1
ac4c574c03611b8bc675e878a1be8124bc32fb48

SHA256
1cb88f273e7906a853670161b6c75fabdd67f67c91b96a78171e2877b88eee96

SHA512
f81e8de5d3010bce31b311de7545353b72a9befd01249cca99e870f141090ba66913991c458f4b5cdfb80902fd116fecd54981cc0a0f4049102247c273f905e0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2464_1911661995\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f096d0b52f8bc744c4271f673028a63a

SHA1
48d3d4e17048f904b540daf37edbb57ae7c38270

SHA256
f18cfaeac56fb9bbe022be52b15442c574e79fa58772fa5108a154f38484c952

SHA512
7dde105c4187d9cfaaa98e32a993cd696af6bce3c4e2b5fc2d04e47fc2c39bc555968812ff0c30df316f7297264f6915eea99f3ad7f7181bc19d320e2a65c9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e5cc.TMP

Filesize
3KB

MD5
ba61f23754219f986dcc9d94ca46f86f

SHA1
9aa558a4d65ba33f42f6acabcad5a953993d3b1b

SHA256
8d266a3ac96dab604eeafc09ad2a1324fa2a9fe2047287afc47704f4319d0df2

SHA512
314a2f2995daf3622c5cfaabeacb55af717fccaa75af37dad5659fbbb72b2dbdcc99b29f7df4298c3d0ed17a2e5dadff184ffed20e66b6d08d8540dee6e44245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2d7454c6c4928ec35a7d6d99a355aa0d

SHA1
4fbfad1d0ba95a4f840112eb8737890771a73872

SHA256
ee2517af185302e8646e7d99883b2f7e2bff5e5e015e767c037c352790a6024c

SHA512
fe83b79819532094cbc9d8feefad0e83f7e87bdd71a81a0ed4728d6d64b2096bb602aa284e6ae07ff1facf771f776cb29a02273c03b68067569ae862f012ceea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1eb99e3bac089907df111b1d0ce442bb

SHA1
91533caaca75428fa9777b63b818f564474d79c8

SHA256
e7877ab868d2e254b8e78b801dbab791834bb1fa29f1645115025363cf5428c6

SHA512
7b0d8abb22d230d1fd43b96dadcbd80db2538bd02903c5f62ad1d79d5e6fd50e50978a752fe6ca74d40c9ec9e9ff2d06d3cca0dd0f38f14c33deca853c1e7704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
76c77ebab124f2ad775b94d54a4376f4

SHA1
cdbbbadfff12aff2a3217173fcb559f084113cdc

SHA256
b5ee3ae7fdad45d57e0703af1f5f83a6cad42f4dce8d1c871d3b962f3625ff9c

SHA512
b40173d5eba1c5f1bf8cffcaa0646a4e6ad9fccfb93036f0e05f9a1c30e50527681ff7741c7ade98b86fc99c4fc6e3cf352215384e83da2882d4e70b7c641182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
47adb49fcdbaa66388aa55cc014dd414

SHA1
05daba17e2246f87ddfbf656ed44eac76af235c7

SHA256
8932e37d28675a4bdf83e112272a002d8d43d0a426383b83269bee98e687760c

SHA512
bcd873065a7db789225bc9cd615ac04e2171fc93ca5b2b0e16615ac09df9653842d282c587e9dd12877f41d29cc0de4dc7d0e6d2c7b10c1884c151c49d9b9db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
210a59243e934f2317ac9d0197f55253

SHA1
484477b3db3dfc89a55bccf493c15e43b9ee321f

SHA256
aff678ca59c0af66adbb59914336d6c6815378aaa43a55f38fe386af7db23329

SHA512
c4852586bb57fd5df01f8df4986370165a862b9a906e0d07085bdcbea97d3ddbb5517872c142488a8545a9ff46bde82db1e00115a7cedd9d6e5d57dea206f08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\673622df-81d2-440e-9aea-46c0dac2aff8.tmp

Filesize
902B

MD5
852992715ff953d72b33fcdb098b56e9

SHA1
2410f33d22901512a2a931e48d412fee44a8351e

SHA256
ab7c10e6e6b186dae7a8f233b8bf4cdc117ff381c5b85db4fda625b1117b3531

SHA512
ca040448e40f10581721f8f944c3eeb0fdab9a1ae38a7bb7203029ee59072e5823679339340c7602be03784bc64606936f0cef1287c685a551f77f44cb944a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4f8892b5497230083b4d10cd34dae1cd

SHA1
87ff4d91e24dd39efcd32be79bbc0349c04dbc8b

SHA256
7845277aebbf04e6caf1d25979cbbeae54a70d3e823e32b1a2eeb89af1ce6acb

SHA512
dc46e102750e0e712a20f65b65441e6da4140fa519940205e6cf88f8400d60caab8cd487807b8f82a280e8819e9b6a2d11f0c705125fa759efdbf8fb5ff4a3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
6a93410922bb63b7b633d720fd034ca1

SHA1
d2a925534e26d1d26d2ee8367e7b7f0e0268a264

SHA256
dc123168db2029cfaaeb295f1b72ef928a66692bd8297e5c8b9983f6c03087f3

SHA512
417c6d7746d040bd7eddb4c2482afe9f5076e13fa30f37a8901c2ae714416f40bac385112a0810c5b91c4a733b3963f3192c41e32e91a110278b9a0b934d41da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f45eee99702a83665141f2cf3e08519a

SHA1
2c738ca6c2ce35d262a011d615e13a6be7ea1d7c

SHA256
2d59505edf6ef2c91cdc0558428fd68f22fd0cca3e30376a3bb0b74e059a9c02

SHA512
3ba69b848f104e11d414712dfe7a48f6e402ff1f1909e05c267312bb26bd0b8a4862b66ac921977af0db0ad65104013bfc6e6f115f175854f020b7a794511577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
ca914cc222f8c5305c0fcc7f4dae33cb

SHA1
5be6037a760b734bea42ac578b6581dcd788a8fe

SHA256
4fb28ffe23709188f1a119c4aaa3ac43e6e8b391e8a5b118eaf3580ac5b769e0

SHA512
2c959f24101cb40845a2bb9f0f317ab1fa1c5e57dcc4d9a18e9e22b9b6cc07f060a782962c079b40dca82348633aa8e7db05f6848cc62abf12106e1d2596d7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
638b763671a8857a38a03f01924a8789

SHA1
ddf28eae9d416e4d246c7c0c3aca1b13d7a4089e

SHA256
10a272898230c2fd5f1be26217f7c78e572d79348e2fa6699e997f359965173c

SHA512
f2091d0013af0344b5fceee22f2367f93cc0e70f0a895e3a589ccbd7f1296971c60de8362258efa1e50ced5b790c263171cf03abc7b4a16ce3ab9cad1678fcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.25.1\typosquatting_list.pb

Filesize
628KB

MD5
c26015b2460d1acf6859aad730dc8f4a

SHA1
9c772753b62eaf995e39ea5ce1ef86454b58f169

SHA256
5d816db5713aa5d2fa0c1de5461729250439d7609d95bd65623c0ea62da192c7

SHA512
ef72f6e7a4ac1eab4c59ef0d90f884e29880a305ca262869b87a90462897d182a45b38fb074d704205a422cb886214c05aea6d0701715917b3092cb15559a6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
df3a7d1e66046d667cf41e91eba2fabc

SHA1
5fdfd6dc971bd34742867ae7204193f6be696a37

SHA256
1be098ceab327317931a3451aedfec8c8699b0c7971d0fb20e8d42e5fb2faf83

SHA512
71a15b4b6b4536defe117fd542933d4915b0af1ea1764068c6587b9189b2b79abc5a791f7970d7c9c245ffbef0fe3ba7eb52181a184d31b90a9c9a11aa76fb88

Download Submit