dcb6ce00b66561b7b018af31382e97226816968fd79fc45cfac38577ea34163b

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 03:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a44e2294a235f81daf61d99c723e96f_JaffaCakes118.html
Size

20KB
MD5

5a44e2294a235f81daf61d99c723e96f
SHA1

dce9fdb1c00078c664894b7613b32d12b53b4d49
SHA256

dcb6ce00b66561b7b018af31382e97226816968fd79fc45cfac38577ea34163b
SHA512

0aea5542490112c09aef453731d166778b36f19c2cd1a63478409025cde497013f2e381200f857851b14082657fc65e05bb95bbcbed21009e5174cbb8f73a61c
SSDEEP

384:MAVmFsjo4LHtQbrCPNmJtk0exAaUvTX5+zHJ3XSaAn:3IiU4LHtarSNiveTUvTXeHJ3XSaAn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
3776	msedge.exe
3776	msedge.exe
4788	identity_helper.exe
4788	identity_helper.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 1016	3776	msedge.exe	84
PID 3776 wrote to memory of 1016	3776	msedge.exe	84
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 4852	3776	msedge.exe	85
PID 3776 wrote to memory of 1700	3776	msedge.exe	86
PID 3776 wrote to memory of 1700	3776	msedge.exe	86
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87
PID 3776 wrote to memory of 468	3776	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5a44e2294a235f81daf61d99c723e96f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadc646f8,0x7fffadc64708,0x7fffadc64718
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11257049625246341143,13310839544814475497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
547B

MD5
a64319f1db70fc36f8f929235471d6e8

SHA1
f86685a10b65653373f5a9710f9b6967ff33eedd

SHA256
f4c72695773f67fbe013a77105d4316c810c4418816a8c461354dd0b36b943f1

SHA512
88fe9a11c73bff919a175bb6d1059b54f8ac6f0a0ad90ba2af13f4f3c8a8762fcdab8b19a172ec18b8ce2307ad0a800f2131c0c85e4275b56e7dc5711498a71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
547B

MD5
26c72dbdb3c6eb34449dd92bc396dc10

SHA1
af38c640cb699e67c08a473b4c2141e0edd84c21

SHA256
327a5a94edde7080d3a9910b11c2b2d8506a7e257360ba819e513ff4a1a133ad

SHA512
62df070cc27697ec65db5bb9468dad96da42b84bbaad45da50d1858096974596fdbf5d60c003db8b030f34a77e866f839842173f90a335dc9115510cbf1a9269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67f78f8854d53e6b64c04cd9d5e65d26

SHA1
4551a7d526563991a502fd00f3cdcc398ef7eb9e

SHA256
444826110e0a55c4c21be51e6a7a2347036840273d04c1ef40bcc892faabb7e8

SHA512
72c77ea51756b89841b3a4d55952ac706c3ffd4a5392b38caad7f650d9d6e2cb7ec272e75962e60ce326864d989a3496d81124caafcb42cbee19bc2c31aaff3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ca5f4e6b043ca913784a59208fd345d

SHA1
913c31d22863248f033adfbf92a234e8591d6da1

SHA256
abd52b9eaf37800c0022c387193391ea803d4ab150e3ee4af211ffbf09b29c50

SHA512
053e2058624173e9e93fe23790949bdfa54e267eb5b3261c85a7552cb7c9570badfcf725d7667223169c6d30c22786d71a1917fa0f5b6539a06f860459a7b260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c6e5e7b719f339d0f027b4f257badc2

SHA1
9849865a15ea5a6880f8be290e7121be1ab0a883

SHA256
028b7c22fb269c06950d5beda4b490039189721e98c9c450a2e7b007307b077d

SHA512
047887e979d443c05e76501028144a45e77f3f6159997f0b1caa6209ed4f0f5910d135ab337bce39d80420b41ce74b4eebd01c88a50593849f7a0d6cf9e4d769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a26d835e4ed5a568f17d3bbdd0ec452

SHA1
9a1256a1d3f26b9b980a13246fa441eb61fb8512

SHA256
f051fa2defbd6219cb3e8370f7589a184e70ed3057000356ed76059c561bdd55

SHA512
84cf8472785c8b0c9a490cbc4cb3955dcb7c3b4f063c1879fedae3d4102bcf7d759fe66da1710b6d98497020e247a659da51802c90888b9755e6619cfb5d55ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11197264cc528b2cbbb070f2119af4c4

SHA1
081f532ecfc81fecaae68ff63ac5e773bd0e38bd

SHA256
d89242f97361cf91f00ccddcfba608fe6c2217973a596ccbdb9a5d0469a6ce96

SHA512
2948509ae5b5fb7481dff08a48f64ac7f67fa8cd836e6464b4fcaf51fee23428f0558eeed60ca92e412cf5bd5f5ae6451fd41d9e6577562f8bb8b84aa742312d

Download Submit