hxxps://flsmidth[.]helpdocsonline[.]com/file

Analysis

max time kernel
290s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flsmidth.helpdocsonline.com/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
4504	msedge.exe
4504	msedge.exe
4472	identity_helper.exe
4472	identity_helper.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 396	4504	msedge.exe	83
PID 4504 wrote to memory of 396	4504	msedge.exe	83
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 4756	4504	msedge.exe	85
PID 4504 wrote to memory of 3872	4504	msedge.exe	86
PID 4504 wrote to memory of 3872	4504	msedge.exe	86
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87
PID 4504 wrote to memory of 4824	4504	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flsmidth.helpdocsonline.com/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff52c646f8,0x7fff52c64708,0x7fff52c64718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1720169418715625857,4173838258267572663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5e67dba84e59367a1d46e32465d72200

SHA1
a9b4fcf2a1ef6df6c30d72b05e9815f538d9ba62

SHA256
9409d1d0b2729d0cfe542a145b91c1566feba3f17f7929e43b288ec58c68eaec

SHA512
9157c8a682a787ff4b8ce2a09c9981997556a8bdd7a03b275faab3aaf0469068a3bc4f110d603b113f6ac83fba6e9faca6a0ce67ed8f003fe2f89be49ad046bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7bc4ec9a411619b94a974b760bb49b3d

SHA1
d670f50eab64a7066d11b41984a046a0a3f21c39

SHA256
10afa1a5e77608666473da4b92b8c18f65725928b24e822622df9908f3d8f652

SHA512
3fda4f5a4ead562fe035614c74bdc8ef290ca45785e00772b9b686fda79328a20681af7fbf088b2b48889dfe335f99d1d7a645ecb6accb94f1c8229dae905314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
893a1729cf6d0519a1ba074fa7ca645f

SHA1
64803ab81f18823ae53b536c52166f2b810162ed

SHA256
96536be9461d444f735d9dd9a41bdd946c087f751739e01e8850ffce7469a51d

SHA512
0f1ba2a6d37b898681b422e203ea384f56748a256ab657c70a90d64385dc1e6f37878177c7274067c26d5a199ff480f0e41652acb4af03bdd039be880ba8da0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c068c9473f6b367b60d0deacea11f88

SHA1
d38a6fc75008223badcb9a5d604ec35dba7279c5

SHA256
6fdc4d7db2759266dd2e84604fca1ca9d8290d238ef8ba51c00d5dbc32284f05

SHA512
aafbd9f9a0b8ff446d004efeeb0513e0e0386395cd5e8f209786251ab1c9f80cc87328bf3b2b4b0ca9ddf37ddf3b77f39138e8c95b81e2d1b3fc01f587232c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81745c935d40f346ce43d2cbf3352a7b

SHA1
6a02cda4ba2f5bcecd731b9c45502ea68e15b18b

SHA256
1dc5f4fe701e4678d321135c90dd1267b35a268346e2ab73d704bfa14af552b2

SHA512
71854b1ad07a0370ee3e16ad3b2bcfc86a38c8bd618a49751a85706202341451a37c11ff5dd758707c0906b80aeb17a78e01f079eb5eec085e542eafa9c7fc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
5e31791179122df4d4fa751e57613e94

SHA1
b0de6058fcb0ee736dd4962f971f226c56348bbf

SHA256
b126d9f1a7e1743e6773eb9606b505055d987bb19f282c1e0fc7f8b23bf049d2

SHA512
5d70b382e26ad6fa4cf450896e40985a7dd4ed0d98c08581817133e22945ab364644aa3a3b8757880bab4500718f30a8b6d96faf8c7ff377eca7947bffee474c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc37.TMP

Filesize
540B

MD5
4811a553b22f55e88b42460020c6eca3

SHA1
9ed43a392bd6dcaeb315f7ac02a6d67aeb286fd0

SHA256
94c80b6f6cc287f6232c54d07743f66c226bbf2e58678a77c84d80d2d7c4953e

SHA512
dc7d9974d6f553861db3e8fa03433d4e8cb89c31e4a0a2117a3e9b7298bf666658c798dcff2f2d05d0ef591b2538d22d552cb23bf86f57c08cb8b696ca4d7d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f10ab72381bdc42e2af24395f780587

SHA1
c225c1620be2f6a24a9fb5fd7f1a0cb9687e9822

SHA256
13b158e25ed3097524e4af3e1f309550bf9bff5f1e5a9223ff92d68c23bbe6eb

SHA512
b12669a55b7f8490ea8e554e9e7f67cdc5ba0f7597dd9d8b0aaeb81aef114d97f9205230ea17e2d49d3a76aa29625adf7f1fb07410768042a4d3f02e966e0ac0

Download Submit