hxxps://purejoyaroma[.]com/v1[.]2/fonts/qanej

Resubmissions

22/03/2025, 19:39

250322-ydaxzstjy7 7

22/03/2025, 19:21

250322-x2mq1syxew 10

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://purejoyaroma.com/v1.2/fonts/qanej

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wfkrbufk.exe	HDFC CHALLAN.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wfkrbufk.exe	HDFC CHALLAN.bat

Executes dropped EXE 1 IoCs

pid	Process
5364	wfkrbufk.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1822179764\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_223608581\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_223608581\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_223608581\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_147103974\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_147103974\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_147103974\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1822179764\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_223608581\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1947755797\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1947755797\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1822179764\nav_config.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wfkrbufk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HDFC CHALLAN.bat

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871459940006877"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{5D9006DF-0184-439D-9013-41137714B561}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{3C980365-CBCD-4202-BC8C-74A30E423902}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
6028	msedge.exe
6028	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
1228	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3640	HDFC CHALLAN.bat
3640	HDFC CHALLAN.bat
3640	HDFC CHALLAN.bat
5364	wfkrbufk.exe
5364	wfkrbufk.exe
5364	wfkrbufk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4472	4404	msedge.exe	87
PID 4404 wrote to memory of 4472	4404	msedge.exe	87
PID 4404 wrote to memory of 408	4404	msedge.exe	88
PID 4404 wrote to memory of 408	4404	msedge.exe	88
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 2616	4404	msedge.exe	89
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90
PID 4404 wrote to memory of 536	4404	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://purejoyaroma.com/v1.2/fonts/qanej
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7fff5ca6f208,0x7fff5ca6f214,0x7fff5ca6f220
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2308,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2116,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4204,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4220,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4888,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3540,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5524,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6068,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6952,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7096,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7152,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7176,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6908,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7340,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,1590499211043802945,15198167053816960490,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7fff5ca6f208,0x7fff5ca6f214,0x7fff5ca6f220
    3⤵
    PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    PID:880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2392,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:8
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8
    3⤵
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8
    3⤵
    PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:8
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:8
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4508,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:8
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4716,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:8
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:5952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4888,i,5980979025290510039,10082706148400339338,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5712

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HDFC CHALLAN.bat
1⤵
- Suspicious use of FindShellTrayWindow
PID:1228

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:4868

C:\Users\Admin\Desktop\HDFC CHALLAN.bat
"C:\Users\Admin\Desktop\HDFC CHALLAN.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3640
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1888
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wfkrbufk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wfkrbufk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping6028_147103974\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1822179764\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1947755797\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6028_1947755797\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6028_223608581\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3c8c251fc3d83acc8aef5251814a9f0b

SHA1
c0f9e8143d05900855d4ef9e0a59537683076978

SHA256
a7d61f274a1d3d9ecc3ae0ff980b707a2eeec0802e278dd4bfe8bd62a0a4deff

SHA512
f8c7ee883b10181fe9ee037090ff7d6d1a227b044b20e7d7023ee6457df5afb4f6f5e4ca29fd17bc91659eb2df2a593dc3b6881e48402d1108d944f3fe8fc0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e7a3537903ae120995edda029c44b4c1

SHA1
d319a1f51739528c1f7a6ebd33f5f08bd5442b97

SHA256
35a5fdddc61a7c0ad44c8f52c2b92c80b50811baa8d6b9a085d6073f34fa3cb6

SHA512
41bae3e22fc4297112af27c9e5d8875fe7ca2dd3377d90a38c1e2d7d2fc4c730831e6dc7a89a3c81f779b44e0c9799493eb3798591b1a0e090a5a8b0ce44bda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f5615cd6916844df524fd51cb804be52

SHA1
e657e1923f5883dcd592255566edc9486c8d4464

SHA256
ea9d120c0cd3d08577b025cd515ddb830d356011c08aeda4c2373ad13302c0f3

SHA512
4b9509951b81da2469cc4492276fa72ebb342dac1433668d170c4815ae6a1bbdc9140b71c1622aa6d7548ccaf3cb06d9cfdaae1f98e574ac4b854d6a169cc109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
281dc1665a9f7314ad4d1db1a400563c

SHA1
285383d5c0827e07423afe76670b895db72fbd63

SHA256
1c0ccae57dc11c037aec3a126aceb641eeaf3904656e2e2763b27aece2461d2e

SHA512
0406fabd90f8a9e1981b0bdb20ab9137f15a135f8bf42d4bf1df6a78c03f5ffd2dbfe61a64221f99ffc73093c0456b8ebcc8fbae50eec06acf5db8364c049b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
88e3981ae44cefddd5c6f95af5fe78ce

SHA1
a7cb45928358ae0fc772fc0728421e6801cc9c63

SHA256
485b7c339b19dea839a4bc12bdd30fc3422b56f385030f383d4ecc53a6d6f93a

SHA512
443d650e4c4cf7664ba0dbc43e94d8a5c527cff57343428856555b9aed10c3be15e3fd01e61f776d88b411ff9988343d5799c2b77b50daeed1dedcc2c35b653c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
405ef0bd6da8abebc45bb7d93a87488a

SHA1
451ac1fb627ae09a991453827d2836a614d6a190

SHA256
082ea220310ed35943fbea4b2ac3aa7a3e2681851db0fea2a43f4d6f1368676f

SHA512
c585ae6e79c4da36fac1e203b4dc91714652394d2ccdda6dd84348bc7f367de0f16a1e0aedb5c59d96b5a2b9142f492f6d9c633a7a53b9d838111a5cd609f89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
67KB

MD5
0e6652994f4dda1b8980a7ebd3b5a7e8

SHA1
1b8e746ba0a37f66b3a18fd8cf62d65d5b0c3168

SHA256
93cc94d9696c6ff0bbe4bf2657654c25a805bf8f9e154035cb1afc9ceaec7561

SHA512
9eb480f1fc2cafe6041997fef61cde572f30835ca2869fea6f981a11a182453a83bbf39e318f21c21cacf3ff2d7d60117e33c48a99d409a2db844f1c0afdd989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
191KB

MD5
23606db6fa65ba28a85340cc164b04bc

SHA1
dd3bb64ab4889b05d3fba67502b4fe9e40a321fd

SHA256
589920797caa7602cdbc50c2e262cf1f80403ac62edd91b0c8151a27228a5df9

SHA512
0b5be4cb8a8d36c778f0fbfe5fc042b66e9de2ccacf89a7e3f08343bfbd0e73ea7f0a35e4c346afc93ab62d1d3a492a5626008f639c130110208999fc2a1064a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ffbe91cfe35a311701375f7537dd99bc

SHA1
9a0d427d4644d21836654e9f3acbafb3db1c8329

SHA256
5d1920f0d875cba8155518fee0194962bc0599c029ebf07c42379c1fafa46bf6

SHA512
29d3198e79de24be5374688ad96fddc56964c82d6acb90fc2b4a64916e057cca6d9c253c1dd6001a1a2c5a0469c434f6e4b14e919c5946e01c300979f03a096b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e36b.TMP

Filesize
3KB

MD5
7eeae1d43c1d3ecc6249dc744b7e62ee

SHA1
af2fe2df28e38c516a22bfe7d13b89727754d7ea

SHA256
2254c6aa4e36c6658516d5bacd908e8121ea7caedf9b4f227e26f5c667d7042a

SHA512
7681b2807d0af55d2787f4cdadbf7b55a50e722e31070e5504e4514bb3ae69016ce2ff7e140f9c2a7092e0923d87565d891cc78d8022271f4277e8230fee0754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\06ed6d9e-30a9-402d-9d7a-f244716835fa.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
456B

MD5
f23d2df21a39aa8d814cade6c37856c8

SHA1
233e65707015a53f83a0d53db03a4af8fab21ea6

SHA256
c5ce9aaf8ffdcb8a00463a7bf24001885e0a792f110c8db74a1e2f4392cb0e31

SHA512
a7b50b8cafba80f6baca44b260f8379852c4176f3dd57168812f3b4b811d2ff340f09f8ce625cc2adecab2851cc33725cb729548a3da98b041387c7952077918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6bea2e2146c9a1312fc448a1a0279bac

SHA1
ca63f80b43f3c6b8466d6afeedbd729e6c39fb21

SHA256
3ae18071c1686bc256876510dee9d1778a36d1db41eaea06465c055bac355ef1

SHA512
7d37d133eb23478d4145dc45473d56dfd5e648a9b80833712545de6b255ff74a80625d3fc5ab030268b57422ae4491114278bdeb7e5ef9f9e805ba805bc71a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4404_518475461\CRX_INSTALL\_metadata\verified_contents.json

Filesize
1KB

MD5
738e757b92939b24cdbbd0efc2601315

SHA1
77058cbafa625aafbea867052136c11ad3332143

SHA256
d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

SHA512
dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4404_518475461\CRX_INSTALL\manifest.json

Filesize
962B

MD5
e805e9e69fd6ecdca65136957b1fb3be

SHA1
2356f60884130c86a45d4b232a26062c7830e622

SHA256
5694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a

SHA512
049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Filesize
429B

MD5
5d1d9020ccefd76ca661902e0c229087

SHA1
dcf2aa4a1c626ec7ffd9abd284d29b269d78fcb6

SHA256
b829b0df7e3f2391bfba70090eb4ce2ba6a978ccd665eebf1073849bdd4b8fb9

SHA512
5f6e72720e64a7ac19f191f0179992745d5136d41dcdc13c5c3c2e35a71eb227570bd47c7b376658ef670b75929abeebd8ef470d1e24b595a11d320ec1479e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content_new.js

Filesize
10KB

MD5
3de1e7d989c232fc1b58f4e32de15d64

SHA1
42b152ea7e7f31a964914f344543b8bf14b5f558

SHA256
d4aa4602a1590a4b8a1bce8b8d670264c9fb532adc97a72bc10c43343650385a

SHA512
177e5bdf3a1149b0229b6297baf7b122602f7bd753f96aa41ccf2d15b2bcf6af368a39bb20336ccce121645ec097f6bedb94666c74acb6174eb728fbfc43bc2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
cb70f6642fefddb90f6f1d967aea8ec8

SHA1
c772ea2ad3c53f8d9b9ae2340a10535bfefc9b6e

SHA256
23afef775e8322a3f0c5a826fc892bb44671ec02b6c2299fc2dfd32247bcbd45

SHA512
b6d907e4d02ef0cb72abe52205d110f7c2db2850e7f27f16d2578dc768ce71ee60765fe87ba42e2680dc0f3e37ba51e7d5ee9d113f797b372f0005b5ce0e7407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e8d6c511bf91dd475805e21e38afa05c

SHA1
59e295c0b4cd68c8a1b1e8b5575a476a638dbcc9

SHA256
c0cfd7ac89a11e4d39a03ffcc8d0fe947b0a2978af707d2d6d65111835b389db

SHA512
400f4535295601191b61a6e5bd6383d5313f97afe9b9b2223be82b1b00308a85c5c2dbaeb8fb9b966a6eb5c37e00919090c3bba8caf44e340eae4d9967ce605a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0c90bc0767737bf483b68e70120f8108

SHA1
431c0aaaaf831bb8f0d5652ed6bd52c5ce4e92dd

SHA256
2d53849ad7e772e296da05e27ccab67c7ce6b921fae6a2c4d6e38ebd851b6b6d

SHA512
1a71d2273d43e7a5ba0d423754b81debc2bbad0a5dab5acf64ee9c334076309f783654bd1f0cf6969d409e3f6d372e4381dc4f940415c009eddf859b607369cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d77e4684e42a5b45d9b85a4110c2f5cb

SHA1
b6f24e17663e4eca45ef07c3c351bf5f81bd1609

SHA256
6dd54c99ea23c0b656547a06216273ce7bdd68a84be11e2d3c3606f6b1446f09

SHA512
0d88018654788b9463f369400ab8dd1bc7078e642f3fcd412089725fb9014390568bd69142612d0eaeac7890359c60b464cff70bd2f0a980a1b9a63d3962467f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8a2880d91ec5f677e60437a41a574e8e

SHA1
d30996ce9b500247f4df9084a8a2ec3345a14401

SHA256
b73c385acbbf7bbcf694ec1d698d00ec36391b890a7240cc8fe916a28cfa2312

SHA512
42c2b7d79a935c8b138f0bda77e68b920bb3db9c13d3d26ad8530f331148162213ce29e719630c3e72ea99016a86494b256133eae55a8aaadf57e4c4d1b20e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d250c83aaa42ab722010d6d6c1cb7d11

SHA1
f209674f01e40fb60be7c308fbaea2f6d80d7ea9

SHA256
58a89af33f19eab751d6f3030cfce87d9234b30c8388af7a2ca1f330849578a9

SHA512
fa0ba339c6afc0faf39e3bc791eaee5e363881e5e34f571472fc378497e4494a87f39dcac9312ad5b0dc0fc4d4a43c04c07f5abd3c374d94e48adeff91c003fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
8fac5e08129b9d6d6328167a57ad8a15

SHA1
bde5bd760443129c8bc8a417245c0421ce4e59cd

SHA256
89a654a6b9d901c98117b5e02c086f5d04b510f58897a781dbd98779253d73f6

SHA512
1acf5d67feff2e848cc4c16e9be51e55a46d80ed7d6b7b6631b258f57936388fca8fd3f070ccb35c002d175ca57e0e2e28dc4b20a78da824d552d51220505342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
b2f682b71fdb5f8e6f4957213b82e6d6

SHA1
2b50f19a40c211220a801cbf8c8cd8c5a347e4a8

SHA256
a43aed8a480a2b3af759afb5748a205699419f8d5b27fe136cbbce0fc4b6e50c

SHA512
5c309f0ed4d8a757ddd13c72254371474919f0dd8afbb00f9c3938bee305b9d3da31dbc654b0856ef27e0617c961ef1cd6e300cb3f0d74976b698741b401df8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
b3f197f63ab0ccedcc22f2c989c0d730

SHA1
e224e12cdc1765559afab4ca4addc57bcb93f311

SHA256
33b0a2bc12c40d8d44e842e6426737fa0f4153dc4d3092f0b9a6dd64cb453750

SHA512
22596b9cff7d391529d15bda6d24cbd8a5f3d660025f5cb7f8d2a07a0213fbf913896828d72257973fa6867e3cf1760c8be7b1d4efa4aed337bff9e22346b14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5a42639e4e79010c98cb6eb9c98dab40

SHA1
85dcd1bc04e4b4f69583a7cab983e7bbf3cffe28

SHA256
a9551cd8302244bd4be831c3a490c58e26269406bd7cdf54f484fcc89cb89955

SHA512
eebf6f9011cb2e6be8c8844892a0d65a4a030aebc1aaf17035022e95de14039f20b1d0ba72c309ad274676b3da2ea004593128a47dc80b7c673238738eed633a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
683c9dd364c8c9dd9ae0cd307fb3b163

SHA1
e147bdde3d3a82da09dcd30a9d56f6e0a0551ffb

SHA256
21058c3289774a299a9f6ddb9935a41f1d0a8ae0fa486a1cd4b5f66d37b05b33

SHA512
3c87cb8507a886e400ec3fb618b0ec2dbbc0e4e573ce9fa6e094ea2f61eaa0709612b3aab88983ff622645000a0ab62a4e30beccdb03b69c99422c224a1f908e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
5bcb202cc2c5b3a407ab0f1059b44235

SHA1
5797d8dec97b0de8a1215b1eedccab7d45247d6c

SHA256
934b4f435afa277bf2b6f76915aae6b391d366bd46766bc017d5536761bd7570

SHA512
93197c76a3608d4db9eb960db1140fe9645c7bceb26fce279b9ca1d9c365558589252cc05142b48f465ea6ccd4e986dceb64cfa3da5bbb80b77eddd324735cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6dbc18e2d93d738a613b4d90a520e202

SHA1
f62b5d8f62b11a316e4e867cde0907c6554ad80c

SHA256
0b6ba0a1b77b793828f052a4af4f68bfa1196654dcb56b3f872cc71089569e35

SHA512
2a8bfa8b19e9deb22de1aeaa0279adcc75c2a6c39d7310e6c83895b84953fbd2316bcf7d4de6421ec5a0dd74b6b27ae5f9bbea975d48fcb94f7229a2513cb2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
11KB

MD5
0af991874f31b2737196c06b65e1ec42

SHA1
eaa3b0cfc6dfa4b34640c571b14b8347715b1038

SHA256
98146bde959836fae42f50d2610b4e13b805a191273705d54fd04f4780a07e18

SHA512
9f695bbd7c56126bfb0332511bb6963be6e845d74dab1cbe4a1e06bf715f48f300f745d44a479c78e7d6c6ac4ca0bee660741236b2a8621c78be4b4a65a7b51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
fb4d9f730506e687cb4026abf70ac78e

SHA1
857cb47c6a867c0d37f9a94409e295b82c4731dd

SHA256
52034877c930f71c61d786d0a0858d1373120eab65e4aaf9834254ddde6fdd7a

SHA512
38fcdc54cda71eaf0396c850001064f12b635cd43ddd5b097900629587ebf5c0640713107ae073bfcb4d4878a98cbabca6f7cfefd8ba3aa5cb0b69d873c050e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
7114d031bd18506649e8ba39a987a986

SHA1
26f8dcca58441b0ebe37c396adb0233a1cde200a

SHA256
631024862b6ab699a6659f621f5d1e7a91560d9fe7bd57f31e322bc7c73d184d

SHA512
514bd04d7622cc31d86ca9ee9a9f48f5b8474485d0cbfdefdf4576ff8106f9c922ffe7073079026086386c18764cef0082919381dc936e49fbe668259cb2c35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
79adbc7317dcdb73fd3f3dc073ebf42a

SHA1
5260b63a50bec5035f3262f39da9031751a8f3d0

SHA256
669e3376e04e5d21dbf4d7c14a4d4ddc65722ae3294986779d3c5c3ac8322ad7

SHA512
a1c57a11aff444ce4c2b83da93c118057d2626513be350c1124c4423678fabc9e441ea53063a804aa284cd0958303db3922ffb01a62f404a705f924304468872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
df3e6e01f418a133e088cfbc13687ee2

SHA1
c729e8421a43e5464c66167d000f4f29410e749a

SHA256
f51108a5540e8efc1037083154568b2375b534a1412b150b462647d0b96cbe06

SHA512
7c86406a54a96df1becc17bc361f015ec32c968ba02689ecba207dbc5b404b60d871acd1dd666ea6dbb85da59c2c076b3b61a566ca175c5ef726ecc5eccc6d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
35a5f6c8337cfca8cf173d1a30d86284

SHA1
c846360caa7343b121d93d028219bc03c8667a42

SHA256
d940090dd972a89610478919f6e638f2c4ba9a5267f4e295e70dc4e8694571c7

SHA512
a6a41d27ff87f9154be26f7e2942a3531758d958ae18d6ebf7d57b0612775be916290b124155a3dd3eceb464b5a2d7c133fafe4d9c258d9317e3f08dfe96736d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58d116.TMP

Filesize
467B

MD5
8a0de4dec0ab4934a4a4dba148536db2

SHA1
479a1ae8e76779239af759c14e57faac33e841a3

SHA256
317898594eedf7031777d1658b880706bec23f85cce0cab312f3c5a7038007ee

SHA512
6fe63577d8fc7b37ea01c3eb082d25962998086a2db800c5e3438d0b27c21dd7b8124a810a5b7929c14bf7eb6c11d1805a217979305c0418998e3a9e8bfba100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
21KB

MD5
e4dfd0504387a1ebcc4a48846e44a23e

SHA1
a5a91da421e3d8728ae857694dbeb24ea72b7866

SHA256
d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6

SHA512
94a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58d230.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
4981bd2e0e2e816ac1b6024ae9918b19

SHA1
a52593284d36b02e60bfdcec9f36fac18406df25

SHA256
596d5f74e050fb22e66c2fc5f33d555ac1a58e18896875792f761ea9725c1b36

SHA512
43049c8ee3ec923f1b48c4f8a49bb6631b5c1a04119aa41f956115a46fcafee05075196208c840afeef9910a8c8da2020d72482dfa0d644eb66c631e642a9f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
08db0266ba2adc2c3f6468d6c0b697a2

SHA1
c51cb1ac2cbb0245d0d5cb522ab445acab0a82a6

SHA256
a8d767e90b7f65c14efed7dfb483db069cd40dd83dddae6381eeda4f8bab79b8

SHA512
d0fc32a2916cbb0eb766ad5acb403bc4d9b5f24c05f6289c1019b4e087e8d893b62b26da2b3218e81239eb0799af22d547e034dc9534c8ddc5851861e78225e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
e56059b594099a670a452420348d98b4

SHA1
f3a0a343bffe2ed8c3ca922aea2fb8f86c3330c0

SHA256
c72161be111b376ab54f18c86592973cd75082803ff4947a72000104dcb097de

SHA512
80f4ad7bf06a391eb844584843aff24f8eab0ce2e404f2042d901b77c298066e95d06cc0e13bd8a11f754caa32e613cc47d956580ec640dfc1d656b1766a8c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
1b4b781a331568dff4f3d033061e61ec

SHA1
12cc60cdcd3ca526f29a2a97e265321233406fe7

SHA256
51eae7f1a45442f68b5d687180607fc4e6ec1bc3a3380e02f1b544d4f11b99bc

SHA512
cbe973d3b590a56f4894fe0f7c814f41f8c8712df5f625e785aed3546c9857887ad3e2d0266f5f33e7272414a20706dba48fe899c16756fc3f958d7f5e0efe36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
2d36594008acc7a66d001fe30d9f83de

SHA1
476128303a20617b9090c5ba82ef481bd27a38f3

SHA256
39ef01415abd198c3dcc55c09a645ad13f237bb525e9ccabd8d39d53c40a4172

SHA512
199a510770f23fb020034213c2c93d8d411b22b4e11a28c6e26c35bf64c9dd80285b9a7b3979d9ffbff91c56c0ec412f26268c32cbbd6ee8daf8b757c94a13fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
a562ebeb5dc7e50eee52fa80a5a7f343

SHA1
b9fa8b42e42e31303e07480db9c0bc02bb114006

SHA256
ea259e90c4fe2a3ac3209ef5d4e2b8bf89c4a701cd7c6ae82134e12f4c30b50c

SHA512
8e1b17d1d6ea40aac934be8cdd9d3e55464d22ba19d093a7c90f7ef58d9512a88906d53baffa0b1d360c3dcf10b2942c56c95109ae8fe9d13f2843afb93d6df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
986dd382b694e1b0c8a449b77c84cee7

SHA1
6cf87fc8ef2538fb9f9dc623d750253bbc9fcd22

SHA256
2ca597fc67d59aab9d7189c80d3c60e8af7e46ac96502b92d8eff54f297d8220

SHA512
ea3c6b0e6b2bc393ed6c6dc85a663eda333db441d8964af717523d5e996ffa77bdfadbf701638e5bc6c9f7632c9172d5c45deea5cac89a6062a23db818d3935c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
2316d7414f64d1441b8a754ea8ed5fbf

SHA1
00624205a141001defb8e635d7e172cb8870d81b

SHA256
4c896ab17449c3872f8caf95a74afbecaaf3371dc49759c797cdbb14e6106ab5

SHA512
ee24cc005a4246da0a720abbc806f2f38edc591bae0f8b931e3a69e6a7c0e51fd8b3b325af1841fbd2cc5ab04af8216b87dad9c03f9af172ec2e6efdb384ffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
196b77b97481b848a60fbb0239fa5f50

SHA1
31ef3149b6a4cf4cf99816b3d344946abc18ce08

SHA256
2fc7a5eb4f8b8ba935255c53707add8b3389c50ec2984855e12345195db189da

SHA512
8f94c6a09cb3155bc4b17da58ca7cdefff700b0976a48a07ef7d5bef77e2b6fe57562f66c4ffbaa09e5065f6f4daa3ba87f3e68c16e23b26cf973949401a02d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a45935dd-4431-4113-9978-42e3b568e6d1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\eea33a77-5182-4eb9-bc71-009222468868.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4404_1056601240\CRX_INSTALL\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4404_1440992405\a239fac7-14e4-4ccb-9d94-9133106f7adb.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\HDFC CHALLAN.zip.crdownload

Filesize
333KB

MD5
57f4405f389bc9b25d48667509166738

SHA1
70179157b9e24fd4295eeb3e586fb650aec7dc56

SHA256
5f66a88744746018929af0add4d19434af4759be047cfed6aec018471673b768

SHA512
d611dd3c6c46e5292e153e411c1cc2902ceece0045253090e0885366b6ed1c535aea8f2f70df29fdbc413cd3a25bd2f3cbbb27e450dd152cfb8362852e9b2ecb

Download Submit