hxxps://bluemountcapital[.]com/ldk/

Analysis

max time kernel
130s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bluemountcapital.com/ldk/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
3916	msedge.exe
3916	msedge.exe
2984	identity_helper.exe
2984	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 3660	3916	msedge.exe	83
PID 3916 wrote to memory of 3660	3916	msedge.exe	83
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2060	3916	msedge.exe	84
PID 3916 wrote to memory of 2860	3916	msedge.exe	85
PID 3916 wrote to memory of 2860	3916	msedge.exe	85
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86
PID 3916 wrote to memory of 2712	3916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bluemountcapital.com/ldk/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14864674378452081263,14766929798609262493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
18e8ee89459a27a645ebd85522cef0fa

SHA1
8e81a2b602eee589b68bbebff61ab9f8ae5542ba

SHA256
20306852300b429093a577bc46b587cac602143d0e98b2be52ca0999eec2f6e9

SHA512
ccf6d75e9a3205ce0cdf768416443c559aeaa997cb5e81d132d34ab74d6f1b4b9f28224b0d9569902f4020a26e7bd0ed2727cf7d71e442bb25bac4515af68de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
d310826e1689a70ecc87632e4f0d8674

SHA1
6c2e86ee24540f09b4a4f35dcd33f4889c1ed581

SHA256
c58b2ac7278ae5d2f55830e5b2d1f515cc10589363024740d76ac377b7312bb9

SHA512
7a654be2ca84fc58272900f431572a4d14d5af55122ca3ac5b4635a47d460dc61062cfa9c0c5c9fc4963fce1bf25527c4c5e6d8640a0e19b66214c39a31fae67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6038fb10324d1d6a80f01ffb71a3ff87

SHA1
75e78013c10489a503fecc618474b7d67dd24310

SHA256
72da918ac596a4c85049504ad2a1e0b6f42910e360ea47621eb4e175e497e009

SHA512
2d81f9635ddc8c31ea87628673af96dacf6b4aaaeaecc182ff7279c00f0d369f869b79c745d2a9614e91b07b7802f1b3d16548eee360c0274a3b5af537d7c911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d0af10c8a42a1b2902839c78a941f679

SHA1
602082a96942b7b3bb1008128e6987049632c3a8

SHA256
28e06632bf9ee865b5d1e6deb1312516fcbd1ecb70f1adcea3bc560cb033659c

SHA512
bbdb3319f7543bd33988f8d8e65539f4e4a74f2a0bdfed96e464e2df619711ed23816a1ab5ecf7ddfb6179fa821347a764fe85d4610ba36dc818ff5b0b9e52e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
47d8983c5e97588412edacf46e75980c

SHA1
89833c2d5196ecc3f89c669df60c5b0353400af3

SHA256
71b47f74b19719ad0cd9d0d44b9e1fd7ab4e6837af264f122b42f9f3e0eff48d

SHA512
90c952e16a8f0b0aab102cce3c2c952e05700570f0b150073d83be75af8bc3a232e294dc77b16deced4e9967e6fa18ed55293ace63ad89ca63096249c99fee09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583e7b.TMP

Filesize
204B

MD5
b190794f2d37e565768b963b7c4f8988

SHA1
b1321a5e661fc3a7615eb20a0c9bc59f4d4342fa

SHA256
589ad9fb613d26e9222b1719044df12e85877b293604647f0b6e6aefb6b675de

SHA512
8bfcf06bfed97ee515ad03c5f13c9d5c8a74d83a1246e4dfdc5e54a8fbe719234b1ac2e447c346cc682b95edc893f47fe1de42723200ced418e29e02febc2ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d93a3f5c-535d-466a-ab34-e56f003ad3c9.tmp

Filesize
6KB

MD5
ad3c777de65a98fd90651aea752fcf8c

SHA1
a86c48e1b19588a38d624a33cd0db200bb0a440e

SHA256
f8c86f8cd94bed45481eed7040f01177544b9317fa78547266778a6cb44089b4

SHA512
2371e29cc963de91483e69a66fa1175de51a1c45329049aaa77a683b18d6dafed47bb734bd8d38fbd6d9460a808390467519f29ab4e2badac39d704d5f96d73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
959fb638aa566bca70258b96b6b2853f

SHA1
703558f362e488c7797c8e72f0c82d181cab5f04

SHA256
f9e65fcf0e50b4d38dde80aa0f15c6bd221f8b0f55c8687558c8aa95bf1bed95

SHA512
07f7debce486fb913855573bc209b48f2948440be6ba3dd1ac3a3adc7952ab5ed34d2a8243cbf8ccadd3a170e2112dfbc6d69d1a938160e49bffd36776338a28

Download Submit