d8ff4ccf101bcd6c1e578cc93d99565dbd248fe4e26e9e2327e95c7bdd8b4bb0

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html
Size

141KB
MD5

b5302c62955d60701caedf69f864c7dd
SHA1

323aff8eacaa416295b2b04fa2e28452761120d6
SHA256

d8ff4ccf101bcd6c1e578cc93d99565dbd248fe4e26e9e2327e95c7bdd8b4bb0
SHA512

7702ebd88ea6488683077327a73ead79da9053b7c83ea713febb7a3f9d10b06a7410fd655522f87768eac9a0414b5a5a0614442a56bcc3ca7963a497794d98a4
SSDEEP

3072:PwXK/OQrDOZg8YWLSSKoUQJMsgLxl6FxJ:VWQA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
5568	msedge.exe
5568	msedge.exe
5496	identity_helper.exe
5496	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5568 wrote to memory of 4052	5568	msedge.exe	81
PID 5568 wrote to memory of 4052	5568	msedge.exe	81
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 4452	5568	msedge.exe	82
PID 5568 wrote to memory of 3312	5568	msedge.exe	83
PID 5568 wrote to memory of 3312	5568	msedge.exe	83
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84
PID 5568 wrote to memory of 5536	5568	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f4718
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
790B

MD5
a7becc27c2e1b583ca23ff965ed05802

SHA1
736b9c1df5fe51b2c5dbcfcafaf4cfc3ce39a569

SHA256
284961321a31f927739300f2824151275eb63171d191e83afed1a00c222c0e82

SHA512
63139feb12b5407eeb9c85a689f1e04a7ea02c46de2746009d59ce29ca768e7e140782e124717864515074d171e87c5df944415e0043a490dac89408a2586c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
790B

MD5
12a119d7cf916ce63aa387b245125f2b

SHA1
1370d666e2e4772425d8e82d0a40dd6008c859d4

SHA256
eb075117ba727901603b21e2735fcc68add018707e860cf7f8144fde80404446

SHA512
ccabaed8dbfa81ce8a8b3009dd66a69eb5dfdf7d0fd78ec4c99a707d29bb397dc26cc6720d873f8016f488d79ef28814b7d88b0716961f65ed9d181a6926c87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad168bda2afac8dc167280fef132ad06

SHA1
ae36a7560b743bb18bf12b5ea5fe6ae67d67809b

SHA256
ecfca6f8015cc6fb35a4d8b47eef6827650bef3e7f6d8a756e3beb25484f1443

SHA512
1a7a52dc71e39b387deda9e6f2f3ac225123729c763ec557ecefdb0a74b2239f92f07a6a0a42566517f654113c0f5536ff35dc9c7aef71d7ffe2503de77fae7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64c6563dab6db4d16fc7bd4c701be746

SHA1
772410995970257a9bb46c203304e6714ec7e885

SHA256
0bcfb83ad91651655c37064c20eb09725bab98727c1937975140621cbbf0c404

SHA512
319d2e9d6558d7632d3a4461909cef11b2dde71073dd465b0712fb03f9950c08185647dbc13a5294da53919bb36d86542255b10b03271c191ee594cab2adb0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
890f4c2c56aa0b1bacddc1c167ed569e

SHA1
200eaec62cc12d06e1bf05bce4d729867464163f

SHA256
384d7fc9cbc6bf1fc668a015a21f1c0cd81c7553974603540f5e30350489b682

SHA512
23734342f60c30c195d5b6ca021294690bdfd22632171e9ef348075af9cc4ad7d7fb4828a9385da62e3208b0b623c09170271e2ea8f8ee4c986a4745da4d736a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d69de1276f305e61a3ffc4000f8c901f

SHA1
da590bea1c0b1a7dcc068b45401ecefedb99da75

SHA256
2585435d53442a9ff501cf0b647f55c1783815238a606e0d9ad23ccd3b06087a

SHA512
88a5efc2606fd7985f6ae270b779a32be5d8427f1ab9a66506b2c57d2b7d96250639b860f7ba0ffcc27d2b5844a2e740f51143862dc0ca6f56bfad24a43419ee

Download Submit