hxxps://azuremarketplace[.]microsoft[.]com/en-us/marketplace/apps/sentriumsl[.]vyos-1-2-lts-on-azure?ocid=cloud%20router-22155150694-174662719595&gad_source=1&gad_campaignid=22155150694&gbraid=0AAAAA-mUds40T9prpyKqhaleaE3a_yctN&gclid=EAIaIQobChMIyKqLnrDYjAMVYkx_AB2nmzHnEAAYASAAEgIvP_D_BwE

Analysis

max time kernel
243s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sentriumsl.vyos-1-2-lts-on-azure?ocid=cloud%20router-22155150694-174662719595&gad_source=1&gad_campaignid=22155150694&gbraid=0AAAAA-mUds40T9prpyKqhaleaE3a_yctN&gclid=EAIaIQobChMIyKqLnrDYjAMVYkx_AB2nmzHnEAAYASAAEgIvP_D_BwE

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
368	msedge.exe

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
34	2104	msedge.exe

Drops file in Program Files directory 27 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_662428058\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_662428058\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_420320561\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1335376992\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1335376992\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1335376992\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_840143826\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_840143826\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_420320561\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_662428058\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_840143826\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_420320561\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\LICENSE	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891366623392044"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{A1548466-03E0-4717-800D-E9DADE39CF04}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
536	msedge.exe
536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 4552	368	msedge.exe	85
PID 368 wrote to memory of 4552	368	msedge.exe	85
PID 368 wrote to memory of 2104	368	msedge.exe	86
PID 368 wrote to memory of 2104	368	msedge.exe	86
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3508	368	msedge.exe	87
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88
PID 368 wrote to memory of 3168	368	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sentriumsl.vyos-1-2-lts-on-azure?ocid=cloud%20router-22155150694-174662719595&gad_source=1&gad_campaignid=22155150694&gbraid=0AAAAA-mUds40T9prpyKqhaleaE3a_yctN&gclid=EAIaIQobChMIyKqLnrDYjAMVYkx_AB2nmzHnEAAYASAAEgIvP_D_BwE
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff95a66f208,0x7ff95a66f214,0x7ff95a66f220
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2564,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5032,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5180,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5212,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3636,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4316,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3980,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6708,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6752,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4024,i,6568969803167671135,9255378462272844056,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2984

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_1181181067\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_1335376992\manifest.json

Filesize
118B

MD5
e17033475c5d0632b8142e61eb70b2db

SHA1
fcb918489b441cb2b3239bd1fd582dc0fb55d939

SHA256
0f4cbee2aac3714f6be3ada73202950f897f18c1cec7e23cf29931502d1c1e98

SHA512
7a458be534f73d273f8c2be6258f4829e9c6924e9c58a51ef60a27989223085bda87d52e36e2a5fa9bfe58e54dbec3c245ad456ae232548ad1e6dc23a8f2570d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_1614795014\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_1896717476\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_420320561\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping368_840143826\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
576f64b8f21f4203eed3f6c7b065f527

SHA1
e0c4e8f914319e112a4b3562d2d6f4107750aba8

SHA256
c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

SHA512
af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
9a9369af1bc032e3718a9d0d16acd1ba

SHA1
2de1c84de3f25e5dd46ff49c98b3d8e6c410da52

SHA256
38e7bf6bfd76e27f17361bbfa9a401a9389769fe5d03ba44a84ca427191f5845

SHA512
a112bc901584359ae19533da80fcf7dafb4a79917cb4ff87bf387f870d2e5774866625590c8953203370216c023e98556c0d1d79d62e7554f6a2608a0b6879da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1dbdb8a8f99aaf74fa3aa218e494f866

SHA1
cc915fad9187189eaed90c750dc5ec4c70b44324

SHA256
9cc275e215789e4546882e7a94d3a26f51c0c009ea7a8591278ee4f85ca8929c

SHA512
a46eb668d4ba17566aac709c3090ea9563667eb8cb36f38fc9ee70c82dac104136384467967d61a1fa3357e1142fa62629ea61416cd690ca269f8ca6778727ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580385.TMP

Filesize
3KB

MD5
6c42d080e06b915b26773fea9c4c125b

SHA1
5802b7da3c1bbdcb0a2552422e20ce63d8fb7411

SHA256
8495b5260a227095ee7f6157dc73904d0aaffc8f714ad74b30633106f2e101b0

SHA512
09ce7dce222a50132a967dfc0f073e8d9c899f43460a5a327640ecb65a9c058dad165a659379127f3d16bacc617845340a5df73cd965d0596c905f0e5ef40b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\7ab1af74-d010-48e4-b157-9402b12e85f9.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b332517086ebf29101a89068e65803d2

SHA1
2e961ee3818f8028cabad9475125f579f7f92eff

SHA256
a81d76567fbf5335df39842ab38f21c403f1e7a9e8b8addc8662befc40235fca

SHA512
cbb998ff66ac98c3a8b0278a54e88304ceeda842fbbce39e2f398588f26248060c0b499e941db9666b21bf3b7830b45d71c53a97f4be527285c2a09332c099b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
508b1515d5179bab3aa1e0d6264a592d

SHA1
095a4ed8f82e0d6d9c95fa643f4727c856862216

SHA256
2cb50da2c43740e1d49b20d0047544c1fa76e225869f3f0532ff034829e0b2b0

SHA512
4adef670cd39b12f55c7573f21df3c6e1afc04566239e089740ab9b9823139e627ab719524fb4f0d9b3cd3120f09a778d91d23d5fe808d9a862ba3968827d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
82662e2fc7803b595e10a4c74b0f8b16

SHA1
78c3392553b4bd588cf642d1f91db32a3ae62d1b

SHA256
329d472198a56dc465d2fb08d46992a88e76da64d190c11a46e0ee1ae0dbb269

SHA512
aa83e89d67f4979f434790513da776e2f671b6f14b4424c3f8400f5f6b728d24a5db88b116776c09adf2974e869141af5ec1758dc2a9544fcaf3937587717d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
ca13fa2cb82c2f19087e537e4e15ef71

SHA1
99d0f92c43fd96015a7c2d9e999eb2b5a8437360

SHA256
9e73a2139d6266a0702725a4cadd310ad326011e165aaa7d4fda11061814d678

SHA512
b1f43f1bd824d7ee52567a9162d381512720d1d3cf68d27ed1b15366d100e41b6c47645f40d1ecfcc0727b8e75c0aa1f31532e6fb9b22272631c18099671c808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0da127fe99730aacbb75a1e2cadade2a

SHA1
8b623af50cc1741dabd5b42f0500fc33673a2482

SHA256
7f0f2cd17665fe5ed23f4118875b5e435f09e0942be8adcc8bf8745888687177

SHA512
3e1d614c08ad0bbbf56fc8009250329a195a52feef739a1e83f0a85a46b7110314f4989c3a6287e0cc40a26b785dfce25f199afea2fe48e062407631b6e70547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
77b624a1b14901602d415b802d41c2e6

SHA1
4a681a99c852a109acf07ec284fa2143f79a06f2

SHA256
942350c2f22a73212b1afd8ab3c4cca60570a6e84e4d395ab51393165fde6cb1

SHA512
97bd4387184d19c58a97dff6c2c4715637ed3086cefb601cd76ed86425862020bcec50c71d51727f6f03715adadcaa9f54c5855e6b7200e16e958e42f939e290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e7b08edf8efdcadefed2bcbed4bc2f64

SHA1
64461d0c692d5edc8ed39c1753326a1c2fd44cf0

SHA256
d3255e3906c612de5ff269bddbf17b6bd525560844c83ee50e6f5a4e2ffe1314

SHA512
dd49d068e262d18b50c105ba9805e1895a17b21bfb397229abe89ac2e1ee38fa1bcec55d2754b7b82f9d7be6a25fcf82b767d5d80287d5cd00dcee38cbdfd9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
ff4ae2a69594b2077a4783885dfca3a0

SHA1
0c04ea1cfcab6bc76c2fe0e9523a64a1e00a3e6d

SHA256
8d55f8a1cdde9f0aeec39ded3b12fddf1e5ee31b0e6c36842a948acb0c585d03

SHA512
28cb3a25c91402a73aec6da32468245b2d50509034739409e0304996545c4a0838e7dce7ad12b46ab2588788bbbd985e1de247d585c1ba5a0371589b94cae4d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
a8ff652031f287eb4ede2e6c10a40b97

SHA1
8139fac27d8d174b444e407165624d806f086626

SHA256
d538e975cda344dd21145e49c91c96e8d302181881424459fdb30603ca0a2de6

SHA512
5e770d0a02f47fa940c70ffffdf35d84ef36fe3af09eda2eb73d23893d3a1ac197756cc48fe67a8ee74850f22f610309cf3a87fc2f32abf444252fc8c1a26695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
29dd230b26fda557b1b5663cec7a2987

SHA1
976367e3a70ae6b4ded79c02ce5f5e5e7ee17ac4

SHA256
55e897a739da0b474935957f9ef6e3cbc2c3e415766037b9b1d14b62ebc54e19

SHA512
10e821794f1d5c46617f6f60d49c9b08a84088914538c4d821258fad6580cc40851cfe6bb78a48dd6a9f32ace231ee0d745096f97de6aa59a2185bb4b5500ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
96292ad3d06f2c4a9fb87504177dfb4b

SHA1
e3a5ae4122b0536d05729af741ac9b0a842e9569

SHA256
4c6a6108a0de2c2f318576bead7031721f30a6f08b08a5c5870c68e36317af9a

SHA512
9a8a20f18dab1b2d7e428d5db677db519d11cb27e537c41c1c74a0e2b57a1066723fa500d75d886305b3fb3b79e5de49c870f37d3f18e4204bf4c57e104415c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
51831725382b00f91d3f66ef61069d00

SHA1
b4d87f94226a9ec88815b0a61da349b7c576f322

SHA256
eb6a2bd13c4f40e1fb6e7d86ea9dc53541dce454cc8565babe9dc4988fb863f3

SHA512
b5806243dad577de1e5c28321dcc8565c486e7f6421ab90632757f15fc0b0c0d64066d309c782514f69d7f539f7670d6dd648646c94f2a7de7009e16b90df0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
fda711f2715ce519baa8fff94109abc2

SHA1
d6d1324efec41f7e3a087631381e3f46347b64f8

SHA256
de313c70098aceb5ac200f5d392111f6caefcdbb6a383c401a7ad09cf8cab531

SHA512
1c99d28123b1fa3a9d6038e77f842584d02ce15476bc735e6797def0b042d5af2645095bf76f88440f052ef85fc3fdebe07eca4cb8eed04a887dcfb7833501c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
e68338ec8c00c087bbd4a5640cba94bb

SHA1
c4105511578273c10caafdb98529a9835362c599

SHA256
0dd0ddeb6a4ea97a3b3c654c58ca4bc168334c8ca3679e3d134d18b9604c386a

SHA512
09a9186db4971697081a878842a3330671c2abe532c15c0b6fd57441ed6f92bf7f295dcaf70cd00ce6c3036529ee97e5966204af6c6892bd4a4c3de32df91266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.14.1\typosquatting_list.pb

Filesize
626KB

MD5
cd8f0547b4d0459fc40caa32edd2ae48

SHA1
f2a2267b07c94eee76441654294d4bee793913fa

SHA256
b7ced53d106f852e82076b850fe7794ddeaeaf137818339b95a35ffc170277a7

SHA512
0f1790dd996e27dbbf75a6520279941dcdd002429595e02646ceddae317f87fe34ca01049735ed753904ceccc1ecc24080e22c34ba6343ebb155c8e7a89085d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8b9569da5c3413aa859f54049f44f6bc

SHA1
0c7b1de3849ec42a7fcc16f1d8cf5cee3d3b1fc0

SHA256
5bd2086af341d4004a90c6bea649042cec564d114781f755b60f1a9341c80f51

SHA512
ae526e2a72ec4e51142a8c2799a3e692e04425a14e2bf27617ec561648ba53d923f6936a61eeeaf4dcee4bd084c53001bceecc2ddeb4f6fd07228c7e2a4bda0c

Download Submit