hxxp://pornhub[.]com | Triage

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 00:46

Sharing

Report Analysis Logs

General

Target

http://pornhub.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "97"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
3804	msedge.exe
3804	msedge.exe
1044	identity_helper.exe
1044	identity_helper.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4036	Process not Found
4608	Process not Found
4984	Process not Found
1012	Process not Found
4300	Process not Found
348	Process not Found
440	Process not Found
3440	Process not Found
2476	Process not Found
4060	Process not Found
1784	Process not Found
3540	Process not Found
2192	Process not Found
3972	Process not Found
3712	Process not Found
4540	Process not Found
3488	Process not Found
5112	Process not Found
4560	Process not Found
4216	Process not Found
4324	Process not Found
3936	Process not Found
4792	Process not Found
916	Process not Found
3896	Process not Found
2760	Process not Found
1340	Process not Found
3744	Process not Found
2628	Process not Found
2840	Process not Found
1584	Process not Found
4724	Process not Found
2184	Process not Found
1744	Process not Found
3572	Process not Found
4720	Process not Found
2616	Process not Found
5108	Process not Found
4148	Process not Found
1088	Process not Found
228	Process not Found
2988	Process not Found
2292	Process not Found
4636	Process not Found
4188	Process not Found
4852	Process not Found
1740	Process not Found
1288	Process not Found
1716	Process not Found
1440	Process not Found
4664	Process not Found
2828	Process not Found
4164	Process not Found
2852	Process not Found
3320	Process not Found
3648	Process not Found
368	Process not Found
1132	Process not Found
3620	Process not Found
4972	Process not Found
1472	Process not Found
3864	Process not Found
4784	Process not Found
972	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4352	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 2100	3804	msedge.exe	29
PID 3804 wrote to memory of 2100	3804	msedge.exe	29
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 1272	3804	msedge.exe	87
PID 3804 wrote to memory of 4592	3804	msedge.exe	88
PID 3804 wrote to memory of 4592	3804	msedge.exe	88
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89
PID 3804 wrote to memory of 1348	3804	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa19d46f8,0x7ffaa19d4708,0x7ffaa19d4718
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15547076504622830980,8341243148071848360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3958855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
79a3d71637c779de664334ce5a703bac

SHA1
7dfa709b55de9013d37b59d583e6f0d9f532e5d1

SHA256
3fa121e9c7a639ab124336726906f7d777a7d490638de11fe2e89218629f570a

SHA512
c7f14a94ef4f1a2af608c6d5dbdb7697290dc053e1893620c2298897da4218d6fe8f2c412d95a541787698d34241701b7f1b816b145baf3ecc49913b0a800011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df63139bacc325b43c6456a0cc4db304

SHA1
e1a4d4d5c47563e7af425cb5f9a049d0326d6c8d

SHA256
c3fdee5828b80467089c688539bf0e1961e1c63f16cac0a0202f1aca00405304

SHA512
a3da10f77d56d9047057431d1568e5fbc1a035b0800f16827082397b8456581729b4755ba635d1dba6670a88064ad71e6ee3a699b3c71c0f39734cc297f191dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ae949c0399c49ae4903925ca42f1c49

SHA1
841063c20742e2ed9607451db7d2fa36107940dd

SHA256
dc63fc4c4716743d32bbc045b6a8244f8d6ee5c8f95d5e04f7f8c608df629d3c

SHA512
a6efe5afb6b2c6908eaa36b48f5b1572c4e9fe65b90d6266588130dda49ce9899b97d79c12ae586b9c914fdd8032c6f1666ed288c6b2fbf75350ac379104317d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
596cfc68b1b783353b581b373829000e

SHA1
f577ec33440736461e6e9bbb02e539b549ee1efa

SHA256
86ecd6f4cf121a791a380f70ffa22a3fac48046bc28f3061926f5fd165095d6c

SHA512
a67ff343c351d81a6e2132ee62ad56b41948765395b8acb7ea08cc596c2b8d428587cedc1dc2014ec3fd0d76e59c7c0bfae037476ebad73c3f075a291c16ce93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57be7d.TMP

Filesize
48B

MD5
686e82c93e0219fac0df7e6640736872

SHA1
9f7b8dba962b95af37827415d2073edd2abd2849

SHA256
ff528a06b95c7a5b67e3153cd6f5a6303e2bcff076aba208b0f815dfe451f402

SHA512
13cdba39c71f6aa3fa20e97bfe29ccbd0685dce1b027f2902a9c73771fc771b5f8819b570fe7c9e8582f6d6bf28322c24194e96a673e651d94d20f7c51e58f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
879611fe780eeffc6a033c281532f872

SHA1
2b47f560baec01c8daab4ba7dbcb20159ca699c3

SHA256
1688680ee5bf4a60293aaf9ac808dcaf81b8a5950780c9ac47e1b8db8ed4c37b

SHA512
6459fc84800835d672aae3bc8e20e2b922135d63eaccc5e7f363d7b61f229802a06dab37f2fd33b27ea664e4dfd4036dcfa2a7ce975ca5056cb1c47521e4b960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
110524e04749cb38bd280c6bb44d29ba

SHA1
4dc6740fd4f88227a7ec8a05ab10a2b36c710119

SHA256
82155f58539c247ff14ec01a8881c303ccfe20ca64c54742da1849e94e7d3e86

SHA512
1975e7d68db83215936b9288ae3425166678e12a8e9a71d0be753faaa04baf2523ba9294174c13fcd7bcc9ad21c9e538980586347c884fea544512c309302d2f

Download Submit