a222bdf089f24ea1da86f7a6a6335acff90fc329ee9e0f7a21003fa42624869e

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

999网址导航.htm
Size

101B
MD5

75570b806f2c9930812b6b71c4f0d26c
SHA1

111d0df233a973b15c7448bf96246d491655b0fd
SHA256

afb5671178dc0edb69866c5cf996dcc237253187dcd4338265643fc904b94781
SHA512

abf90fb21a2060ae6d2263da533ec2858ed46383d9dbf8769e7e4b0a5ecc77b6517a26d143d05f88807e2b1832fc982876dd32465bc2fd3f6680cc906bcb4e89

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3872	msedge.exe
3872	msedge.exe
4696	identity_helper.exe
4696	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 2952	3872	msedge.exe	85
PID 3872 wrote to memory of 2952	3872	msedge.exe	85
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 1436	3872	msedge.exe	86
PID 3872 wrote to memory of 3788	3872	msedge.exe	87
PID 3872 wrote to memory of 3788	3872	msedge.exe	87
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88
PID 3872 wrote to memory of 3772	3872	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\999网址导航.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3a446f8,0x7ffaf3a44708,0x7ffaf3a44718
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,75416670388589015,8635452453633459931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
84418c428f9534c89139843779d88644

SHA1
910633a95b6a9292e816fc33fdc79a387df4a016

SHA256
0d0f12f422d75ff28454550b331f681e59b3d9543f1f8494de6b7207af571339

SHA512
24a6971e8859dbff391bc1132aac5d7342d1530b8c9c0acbe8b92d5f35cbb545cae0cc6717834b858b89ece8efe3560b45311d6d90a8450565b18ff07696a5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8b26d438dacc1720c47c6fa2b5a084c

SHA1
6f05d2388afc2d8a50b178f019dbc0df67d3b99b

SHA256
1fdc0822b4ef6b5e074a3ba1278804ab3295c8973c3ea00f79b4e8e859e03b5a

SHA512
0c44e82280df89498e26cea186b2fb2bf2e76a994a4167fd6ed62bb7bb0f9c78e132fd3d2e355b0b9237498d4fae1377fc7c19cf47c48849b81f9ff29e015370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbb0e7dd1dd10fe9b6d04ac90b777dbd

SHA1
089e89d018be93de845ea679a0f7ea1a8c6f841f

SHA256
4cfffb83ba6dfd7f90af77cf0af678d0097cb8adb3385a7428444fa31bb400d2

SHA512
c7505e4b4413350e397adc30d255b9cd072d6944645eefda85b483e5f8100d91a944a99d93badc9a48f60e248daf5f2465e2c3283549320a28c46f8f0d12f404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a40f1507-d8de-41fc-b76e-d48082652e56.tmp

Filesize
179B

MD5
d08f805a37334431c2efedf0bb27d1f1

SHA1
002c654f36fbdcee7617292e0afee878631f641f

SHA256
a210964361741b08ad30b692f7f88296c4373a6e674270df70a678a54dc05f06

SHA512
7b129227c13bc8c777e3753f06cd75d32c68f3a390c23e47744b9fa36e39653d0ed11c48abeb848c0eabe7111e730aff4069fbc839dcaabc2d1d7d025d6bc4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
beff4833f5b2d3b6f991391a4e69fd77

SHA1
95496e6c33bcbb5d7574da72b5ee1b00d5824fa2

SHA256
4a31377ced05f49f9b44b415995c29e9186bdfab851215f0e2b6b01f130273d0

SHA512
7c9cc66ad912b00113972295811278486050eab839c828b0edc79f74aaa4e3ea6f15c6b3c5a46c8db5acc5c96f7e434a39593ee3fd8e204461143e1b6431499e

Download Submit