hxxps://assets-usa[.]mkt[.]dynamics[.]com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2025 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
4024	msedge.exe
4024	msedge.exe
1100	identity_helper.exe
1100	identity_helper.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4060	4024	msedge.exe	83
PID 4024 wrote to memory of 4060	4024	msedge.exe	83
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 4576	4024	msedge.exe	84
PID 4024 wrote to memory of 1772	4024	msedge.exe	85
PID 4024 wrote to memory of 1772	4024	msedge.exe	85
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86
PID 4024 wrote to memory of 4464	4024	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://assets-usa.mkt.dynamics.com/a7c8b2c3-13d2-ef11-b8e4-6045bd016e2b/digitalassets/standaloneforms/56e937c9-71d3-ef11-8eea-0022480a45c7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10181611897218600513,2071549760712603341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ee2471f-913a-48b0-8486-f14124057e6e.tmp

Filesize
6KB

MD5
07cd7b3b8ec065532f8b974306dc638e

SHA1
1f688d0956b9cb928a55e5959eb76fbaa1a182c4

SHA256
c87bc5b38717d493b70ddb2507ebbafe70ca79f7463e77122720e5e919a777e9

SHA512
14e7d1ec1cdab5b5d59faa0b4ff5a35c23864fa4686b7090dda24ef78ff3a8b44aea0c1e102c185c983e774999d2ba9215f7ab3bd877f811076565d8bb5623a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5a92972cdc6fb0a2c6b4d2d5bf728bb3

SHA1
acfd6e8d91eb75aa8d8d14d59764befcc13f4cf3

SHA256
518fd1c2ee25164a467b5ed322fdfdfe0dc3093670a55c36b60ad734ed6e9b5d

SHA512
c638087334545116acf5e9454a1cb8d8ae89f10efdf1e7e870bb648d2feb55ae3d07ee382ae54bd6fd56ca7b32b4b074eb9912867c3dfa8742d7e21d0975687a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
819B

MD5
057dc1f04916716d7a92ce5d3608fcc5

SHA1
066d88a5cd3a50a61b253ce7d7300659307723ab

SHA256
43416d956406c5cb485bc0317dbc3e99d3f95611dae6e41598dd8df6e3b34590

SHA512
a93cc1ada1264097619ad464ba7e2253072918e4bf67986bc73b7aff1af16f1a35b1ae02c9b6787f09b1dc0627846af2ad369ec579d51f70eb7c3164372d7a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
726B

MD5
8ab7810567e054f21428e71033c97db8

SHA1
7f74c80b0e8f0724b0a7f9aa87cdcd5f5ea3b722

SHA256
d18a7cc482df2a75a92f091d8aa92878221ea807a197105fb9bd2d6a9da0ec7c

SHA512
6bd2f15f48b8449b465ec7646aa543d1ff2055ce991af0cc06f6270f55e875a5eecb6633ebd60095b68583f12de520dfa11971bfaccea21f591fb45fa9bff20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce1dc909dceda759ef75c906b26992ed

SHA1
f11dd12e9cbaaad800c6dd0c6f72bc5055998b69

SHA256
a4cd596b450b275cc2867f440c3beefda70b88cecbccf002cd6153de796aca25

SHA512
401e094ec0913f4b46cad814c987adeed4499fb8ce277620ff54eba5d7b112c15bfd9de2e6b302b8de4de228e987610deb25a2622b8e6a95f8fa9fd0023b9f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8b9c5b45f6ea79678080ead22703ad0f

SHA1
916ce629bdf4138bed356ea9a1e41627b8d1ca11

SHA256
d74651e8c877dfe9618ff09b0d26fedc8a14855f0117e1343cb4ea9373bb1e7f

SHA512
c82a5488352f22dcd3e13ab08a4f8bd72686ca0a5769bddc55dbeda306e052973753660f8d6887b1c91dd266be9528d4a600482fa82bf4f0d4e987f916c81057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf9f.TMP

Filesize
539B

MD5
105c2eb770e2ec01859766d28c59e34e

SHA1
40ef9baf921d3f89352c25b25dc3b5a7012a9da5

SHA256
97e5f8660064a1c4eca0f81ec827af0401053f14353e95499ec86cefbf5add7b

SHA512
ffd25f6870e4f122bbd84f1abae58020f831b10cecbc7df2563a66feab8d8b938072b6bd1487f2616c58347eda303d591038e2caece754f0c6b647e73346eaab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8fff2b1b7f4124eb27efc8d83e310d54

SHA1
cc001968d88be7d0da8d544d33f0a848d1f91dcd

SHA256
b5b8fe3140ee137b7efcb48e499d15bb87a7aae4d3496c8f560a183ae64cbfae

SHA512
115be7f941ca301d580c94c470655618539f9034b83abb332d241bd9edcd5069dc23238a79881ae30feb0c9418799dc3d35d918b5f44d7d27d09524af3cf5795

Download Submit