hxxp://google[.]com

Analysis

max time kernel
147s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-09-2024 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\budhud.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
5356	msedge.exe
5356	msedge.exe
5620	identity_helper.exe
5620	identity_helper.exe
2144	msedge.exe
2144	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5356 wrote to memory of 5564	5356	msedge.exe	79
PID 5356 wrote to memory of 5564	5356	msedge.exe	79
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 5692	5356	msedge.exe	80
PID 5356 wrote to memory of 3400	5356	msedge.exe	81
PID 5356 wrote to memory of 3400	5356	msedge.exe	81
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82
PID 5356 wrote to memory of 2452	5356	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14014298216443006406,17309540647127301808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a302e5ca28d56036499cc9ec6331d2ec

SHA1
f3684e6f96ad68aec890653e0b47b4530ad43232

SHA256
4069323850980325f02275f30a384e081c2837cabc6b904d227dfeaae70ce81f

SHA512
f48c5114b38d637e5f19489a9764419fd008187ca4e0962e5c6e0e2481d5d2df56128eb687d8ccc04db8a9bcb147e3853fcfb1f1f0212b09e7f14f4f641db91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f80116f3a0452a930996d317673bc9bb

SHA1
0b7154c21a199241d606a337154048d5c8ba9005

SHA256
8ae9e3a7590f867ff577466d1437f972fc0144f5c31078746e1383afc02d8d34

SHA512
b95cf960842149605b038b2e8fc4e82d126fc521ccfb037ed2a3e2ad43eb84a15c06f6e3ddd5adf1815cd0f82a4b26c753021c8b636b8bff1379644fdd66220e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2c77c092635bf3ed6f39a3adf0c30d54

SHA1
120f4471786c6e7eaf19decddb915b9c29cff116

SHA256
4e5ff5f530f1aaccd406048e71383ce305d5ffa58adac5a76565e98b257b00c9

SHA512
2c5bd0d7531e8f9f7c1006031beb65a41a8b16701d5d0ccf8b79598958b3f536b18f38e0b128b98e12c91590bd3cff782c119df3291599244257501fd472b695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf02335023219bda54da2186614d988d

SHA1
960e47aefeb98759d4a65d5902261722b8563ca1

SHA256
e4628ad29872da8ef1c45d8e635df062ab7a6750f1d4dd5e04a5162a147173bf

SHA512
58ab7b15c0c96aa785a83b96fea12f154a3360e47ba88a91a6c9157f1af3d757ebfa8f694a06854312eb163409becb40c4d2c86a37c119fba05453b498a976c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbc16c61dc473c002fbf550e797fa8bf

SHA1
589e10e04620eab6e5018857de07a989b386b8a2

SHA256
68435400d0cf16cea74f03d070e58b9289873b970158e4498d5ce1fcabb6213e

SHA512
e1a8762cc0ca27f4002ef0aef84b267937c4919339325c7475ff6220151b9d1508d8f2773e02bf9cbc574ccc96f1b94d35c295de339b43f4febd3641ce4d73a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a43ca13e60240e9d9c6a39461ef509a3

SHA1
ee35b6851f50ed0bd90acc22dcdd60f4655a95aa

SHA256
81cb72df1b35c1b28852cfd766f7a6e8c7686ca6a11e68c86d7e9b554e7f7fd6

SHA512
f08c91564f01dd2920ff68bd870c2ede7ec1333aa327ead1afea1df85e0707db02725006e3ec20bf8164230a310332e3d4dc089655287bf2e68697ed4017c67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d42df30f43d67312a1491627ec48d4c8

SHA1
530487ba5229f78d502ea1892644abd8fc8789a8

SHA256
a16b2846eccffc87bb18fc759b43f577e982f1fbb5bbf35c582f3e614b3c37c9

SHA512
d19885f5b5e96aaebf43cf52c9bb8ebfd1838fb6949f6cae9ce9b3fdc9e02f372eac7391e4c0212d680d2ff6b446dbb03713dab90efa80cbb758ed7b6446840f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ce230d374c8fce7acfb9ba3016cbcb4

SHA1
a684a67ac90eb8256b4ffec3fe7ac2802c4e9bdf

SHA256
a51b11adaac0f7f61d67d976856c7ccbc93398dc94270a50557662edb29327bf

SHA512
5aa2dab68adbd38044c6673e71bc9c032c433d1294417797bde52769acc411f866110376599d3fe56784ba5fb7ced8318a90bfb16023415b5947ca112b35f2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98c1e02179d8ef414ec53c25fc1a87c0

SHA1
f379394f82902c31b58d7d30e3d882f550247f4c

SHA256
a5edd5487f6538ee0ebb6dbdd91b3fae87ac6cbc02dde7ed1d2156eaeaacb7ba

SHA512
eae399f96c851d3d7291a7e973585af08028940cea213b45f7d257a14192677e49aebdc023edc4aedc8e408eb0e92a77c92cb692c7708d11746cfb88e5dc949b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf53d8a8585f35f219cda6c7428643b6

SHA1
85f35e4523b8ed1c7d89fc38317e740951472ece

SHA256
5b39fb8ccb12c4836279d17a229edd8c9e7f311efdf2e8e0c53a46684bbbc977

SHA512
08815543e32fa2e4297ec361d049ec2f8610c4ae5451186dcddba07e7d426991d9439412f28ebb6f3888ef76edf2e403274556898c1b3cc3cd1f15e7e3c683d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f48.TMP

Filesize
204B

MD5
fe9ff9a3f006cd3da9db3e3599911fdd

SHA1
834bbf2e6ce53d1e2ada7f0ecfab58592c68857a

SHA256
0cafab7ab817199a8738141a6b11ec28f747be918dd9f2678b11173e354ac8af

SHA512
b0d213de11e1dd8c5bf406d89badb0a7808ae53da715159b5f61f9d576389fb8a4f09aaea342fd9eb749e0d69a11315a62f921b5f82e3b55e5983c2b1d58d31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db3ab7bc-86df-41aa-bad4-75a4b973e23f.tmp

Filesize
7KB

MD5
16126a416c31c9110334a5ecd9632363

SHA1
bb5d3eea1d8c330cee8ce8d15d0f5ece3c2a43f0

SHA256
9ac303eb87425558772ee494c52e9ddca4cdd83edd4e87d795945d9313fa4049

SHA512
047536939e8d2295f174c7c22e8c6ea18da6c8d7516e0e529d5ff23072471167d143595e2fbcb7d236c25585635d0050439b6bc65f9907acb98054f40ffe22f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
016e419de48e69d81e959bd798b8b36c

SHA1
7a4e0426972b5d8a404f56f332cb6579d32c9f9a

SHA256
aa0f5297e8fc5ae0ad26013518aa4159b0d432e1892956a4b90fc4d6844957f6

SHA512
c4cf9f7a870d42cde2816749408acfe8e89359eb095565cc947cd48c4bef450abdc055560a28923a1a509209f7bc4fb5ab10912d442cc2abd614f4c233c26c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b8988661-cf5d-46d3-ba57-5e8e3c4ca0e8.tmp

Filesize
10KB

MD5
6ed14f99ca067d646aeb667b5c333d76

SHA1
541e0b61e20fa2085e1a35b5aee2c77220415edf

SHA256
b4b9a49c8cfa222a32edfa32587bf90ce02911a8447481052f07b087cccf76a4

SHA512
1a00f8516b89b99f7eb5c2697b684e762acda0eb540e1bab2bf8f73531fd128d29e94105cc562d26825f31545874babd8d47a52f38d06af2afa126e119c1cfb5

Download Submit
C:\Users\Admin\Downloads\budhud.zip

Filesize
7.4MB

MD5
3136b812f674d87b9e55c96d1b10ab85

SHA1
6c6942f1d2a69db1dde2e3891977645293b42bdb

SHA256
6e2ea7365f9ceb50c2ce76d1283208ff4b33727b73815c94dbd7afadd564edaf

SHA512
42141f8831af733fe5717c52bb8176d22f97a33c7bbd21119b43d112c55a0f19622653b0f521a507d2ea514e50716786175829d000392908e47b0563a496a544

Download Submit
C:\Users\Admin\Downloads\budhud.zip:Zone.Identifier

Filesize
94B

MD5
d6f96f55cf204dec66e3f1612fb43d09

SHA1
b4e090bdefa52ef960425e87f82f75a1b976b947

SHA256
1c398d9174df84d6b475594a43e1b10e2370254839ad8f9faa4b07a486431baa

SHA512
4d0d0c34ba82392221b8f195fe9ea97b40042206d68953001b4346af34ab0ee0cc87e839ec12b7e8f7aef4fabe4e40913cdcdb8410b3b427b22c74da48e4b61d

Download Submit