hxxp://gov[.]uk

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gov.uk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31085842"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31085842"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413558949"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31085842"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1293287763"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1308445019"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1293287763"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{78B4F45C-C105-11EE-9BE3-D2066D8F1295} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2760	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
4388	iexplore.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4388	iexplore.exe
4388	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 2860	1020	msedge.exe	22
PID 1020 wrote to memory of 2860	1020	msedge.exe	22
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 2460	1020	msedge.exe	87
PID 1020 wrote to memory of 4564	1020	msedge.exe	86
PID 1020 wrote to memory of 4564	1020	msedge.exe	86
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88
PID 1020 wrote to memory of 1276	1020	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gov.uk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae81c46f8,0x7ffae81c4708,0x7ffae81c4718
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,12552632169005043511,5749494560499027597,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2760

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4388 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
337f03bc28ef764c84c9475b9ec7fb26

SHA1
90aa96c44bd2f7a4e3ec4741f8c0a6b74f07c694

SHA256
23b7f558641a6d1731bb97a75336e18977c41c963ef4873444efa50832949ff9

SHA512
8aea58515876765978e81e8677673f8eab6e487ad2790ea69c953f3fbae86bb77f5fc6bbb3008f258adb048e9aa5ee710371f1ba3da5a40c0ddb0dc2189fbbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
4e12d20447a48ca7825f9a32998d234c

SHA1
124c8ddfbaeb96a867e5b1f3da2fd0790ed9b369

SHA256
fbc65f409e361d8635ba735eb11e75e49f4504df1d6ff7a183484c5e4224d47d

SHA512
c64e92f98adf04d406490289c02019cbd43ff5e4b88152e6a8736bf14882033662fd36b40d3d80d9e3dfee1e625d17e573d7df5a2b672855ef1d75a90b1a7bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
568fdd31fe90d7918f615b9a17a1ba82

SHA1
3641270c6ac7bde1cb8df3f07f184a6a81bc746b

SHA256
4699b26a011e58f4f4bf269c6d9b5b33eba0b3db561cf458837fe144daa4e3c0

SHA512
dc229fd7a145a76c052b50f49f07a30c34acb08d0b90cdc684240c12b3b963ef3132598b28a790d18a782e94a0ecbe364b7ea9ce8445d6ca608ddb0a058e16b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52609ffc662299a80fa6a72667a6d06d

SHA1
202b86fc48c4649aba57481f12375ba83dd1fff2

SHA256
a792dd09318a90e93ed65a88422417d2b14565a8f3e20b6a9e79a9991b1a74e0

SHA512
d3011d264956e13a312acf84f413348077e6ddea3a421ace070ca73924785ca18cb16cebea246dd417b87c25df0dbf9ead1a7d0e7c4810fb96286ade4b21a736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9bb64859bede102545b202b497210b37

SHA1
8555671fcde5057deff312971e153f3b34597e6e

SHA256
22294f3f648106db3ed092455205fa25ca748f4d8c41645666e0136418d49a0b

SHA512
090be310ee8f0602ed03aef2d45af0d541d02ae5a392a8c45a41f7ecabbba0f3591afcb17a553011a06de319aa2ddca59f844a86ad89e7c22494ebd09bc62131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8c6322f8583a732b471bc8f692ed4b1

SHA1
1456c55c08691e8cc0b30055a66cc6ae651eb951

SHA256
6d92eb32f55518e2c43fd12909584fe8293cfa8b7259c7483300ddfe3bc7dea4

SHA512
40d580afe7f7a6b55fa18756965ae334e83ee391fead9aa36786a2ee854ca523f5f6a55bc3359fd9a08a2274adebf23eb5e0a578f8213f25c4905a75abb9d664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J6M39GIU\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit