Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 15:42

General

  • Target

    16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html

  • Size

    124KB

  • MD5

    16908f41dad6c5c7c8112f29c512ce93

  • SHA1

    23cac5218fa35f9d5448715493be8dd798251271

  • SHA256

    6273b3f1fbf34ce1e2c0075ff24dd875258f69c96fe95c0cec3b7e5762fd6865

  • SHA512

    364b022e8d99b5463fdfd13349287415ca31e4fc0a5b6d3e518dfd9e94eedde8a88d3cd8743bcf67b4d6af6262a414c73f401477dbb7e2eb7c57c28cca0e95ec

  • SSDEEP

    1536:U8cnGL1csWODWm6MSY0eoUHVZE6Oic1QXUPd:enA1csWKoUH1LXw

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa80746f8,0x7fffa8074708,0x7fffa8074718
      2⤵
        PID:1140
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:1708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
          2⤵
            PID:4068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:1972
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:4764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                2⤵
                  PID:1356
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
                  2⤵
                    PID:2680
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                    2⤵
                      PID:656
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7052680259057015608,155886022547389109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4636
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2764
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:3656

                      Network

                      • flag-us
                        DNS
                        zglpw.cc
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        zglpw.cc
                        IN A
                        Response
                      • flag-us
                        DNS
                        zglpw.cc
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        zglpw.cc
                        IN A
                      • flag-us
                        DNS
                        js.users.51.la
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        js.users.51.la
                        IN A
                        Response
                        js.users.51.la
                        IN CNAME
                        js.users.51.la.w.cdngslb.com
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.222
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.225
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.223
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.224
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.219
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.211
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.166
                        js.users.51.la.w.cdngslb.com
                        IN A
                        79.133.176.213
                      • flag-gb
                        GET
                        http://js.users.51.la/19806731.js
                        msedge.exe
                        Remote address:
                        79.133.176.222:80
                        Request
                        GET /19806731.js HTTP/1.1
                        Host: js.users.51.la
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        DNT: 1
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Server: Tengine
                        Content-Type: application/javascript; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Date: Thu, 27 Jun 2024 15:42:34 GMT
                        Access-Control-Allow-Headers: Content-Type
                        Access-Control-Allow-Origin: *
                        Cache-Control: no-store
                        Access-Control-Allow-Credentials: true
                        Via: cache11.l2fr1[474,474,200-0,M], cache23.l2fr1[475,0], ens-cache11.gb6[506,505,200-0,M], ens-cache10.gb6[507,0]
                        Ali-Swift-Global-Savetime: 1719502954
                        X-Cache: MISS TCP_MISS dirn:-2:-2
                        X-Swift-SaveTime: Thu, 27 Jun 2024 15:42:34 GMT
                        X-Swift-CacheTime: 0
                        Timing-Allow-Origin: *
                        EagleId: 4f85b09e17195029544011312e
                      • flag-us
                        DNS
                        ia.51.la
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        ia.51.la
                        IN A
                        Response
                        ia.51.la
                        IN CNAME
                        ia.51.la.trpcdn.net
                        ia.51.la.trpcdn.net
                        IN CNAME
                        zcmcm.v.trpcdn.net
                        zcmcm.v.trpcdn.net
                        IN A
                        104.166.160.226
                        zcmcm.v.trpcdn.net
                        IN A
                        104.166.160.229
                        zcmcm.v.trpcdn.net
                        IN A
                        104.166.160.228
                      • flag-gb
                        GET
                        http://ia.51.la/go1?id=19806731&rt=1719502954211&rl=1280*720&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1%25E7%25BC%25BA%25E4%25B9%258F%25E5%25AD%25A6%25E4%25B9%25A0%25EF%25BC%258C%25E9%2582%25A3%25E4%25BA%259B%25E5%25B9%25B4%25E6%2588%2591%25E4%25BB%25AC%25E8%2583%25BD%25E5%258A%259B%25E6%25B0%25B4%25E5%25B9%25B3%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF&ing=1&ekc=&sid=1719502954211&tt=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1_%25E7%25BD%2591%25E7%25BB%259C%25E5%2585%25BC%25E8%2581%258C%25E8%25B5%259A%25E9%2592%25B1&kw=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1&cu=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html&pu=
                        msedge.exe
                        Remote address:
                        104.166.160.226:80
                        Request
                        GET /go1?id=19806731&rt=1719502954211&rl=1280*720&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1%25E7%25BC%25BA%25E4%25B9%258F%25E5%25AD%25A6%25E4%25B9%25A0%25EF%25BC%258C%25E9%2582%25A3%25E4%25BA%259B%25E5%25B9%25B4%25E6%2588%2591%25E4%25BB%25AC%25E8%2583%25BD%25E5%258A%259B%25E6%25B0%25B4%25E5%25B9%25B3%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF&ing=1&ekc=&sid=1719502954211&tt=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1_%25E7%25BD%2591%25E7%25BB%259C%25E5%2585%25BC%25E8%2581%258C%25E8%25B5%259A%25E9%2592%25B1&kw=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1&cu=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html&pu= HTTP/1.1
                        Host: ia.51.la
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        DNT: 1
                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Date: Thu, 27 Jun 2024 15:42:35 GMT
                        Content-Length: 0
                        Connection: keep-alive
                        X-Ser: BC199_lt-obgp-fujian-xiamen-33-cache-1, BC226_GB-london-london-3-cache-2
                      • flag-us
                        DNS
                        222.176.133.79.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        222.176.133.79.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        qm.qq.com
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        qm.qq.com
                        IN A
                        Response
                        qm.qq.com
                        IN CNAME
                        ins-9sprbbri.ias.tencent-cloud.net
                        ins-9sprbbri.ias.tencent-cloud.net
                        IN A
                        43.159.233.101
                        ins-9sprbbri.ias.tencent-cloud.net
                        IN A
                        43.129.2.81
                      • flag-hk
                        GET
                        http://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt
                        msedge.exe
                        Remote address:
                        43.159.233.101:80
                        Request
                        GET /cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt HTTP/1.1
                        Host: qm.qq.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        DNT: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 302 Moved Temporarily
                        Server: stgw
                        Date: Thu, 27 Jun 2024 15:42:36 GMT
                        Content-Type: text/html
                        Content-Length: 137
                        Connection: keep-alive
                        Location: https://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt
                      • flag-us
                        DNS
                        226.160.166.104.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        226.160.166.104.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        226.160.166.104.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        226.160.166.104.in-addr.arpa
                        IN PTR
                      • flag-us
                        DNS
                        104.219.191.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        104.219.191.52.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        104.219.191.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        104.219.191.52.in-addr.arpa
                        IN PTR
                      • flag-us
                        DNS
                        64.159.190.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        64.159.190.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-hk
                        GET
                        https://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt
                        msedge.exe
                        Remote address:
                        43.159.233.101:443
                        Request
                        GET /cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt HTTP/1.1
                        Host: qm.qq.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        DNT: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                        sec-ch-ua-mobile: ?0
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Date: Thu, 27 Jun 2024 15:42:38 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Vary: Accept-Encoding
                        Content-Encoding: gzip
                        Server: TAPISIX/2.2.2
                      • flag-us
                        DNS
                        81.144.22.2.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        81.144.22.2.in-addr.arpa
                        IN PTR
                        Response
                        81.144.22.2.in-addr.arpa
                        IN PTR
                        a2-22-144-81deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        101.233.159.43.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        101.233.159.43.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        p.iqun.qq.com
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        p.iqun.qq.com
                        IN A
                        Response
                        p.iqun.qq.com
                        IN CNAME
                        p.iqun.qq.com.cdn.dnsv1.com.cn
                        p.iqun.qq.com.cdn.dnsv1.com.cn
                        IN CNAME
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.87
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        114.112.216.174
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.115
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.111
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        123.6.25.199
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        14.205.47.136
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        123.6.25.85
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        112.84.131.219
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.82
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        116.153.46.40
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.214
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        60.28.220.246
                        6xgc5hin.sched.sma-dk.tdnsstic1.cn
                        IN A
                        42.177.83.134
                      • flag-us
                        DNS
                        cgi.pub.qq.com
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        cgi.pub.qq.com
                        IN A
                        Response
                        cgi.pub.qq.com
                        IN CNAME
                        ins-05tp7vzl.ias.tencent-cloud.net
                        ins-05tp7vzl.ias.tencent-cloud.net
                        IN A
                        43.154.252.110
                      • flag-us
                        DNS
                        isdspeed.qq.com
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        isdspeed.qq.com
                        IN A
                        Response
                      • flag-us
                        DNS
                        p.qpic.cn
                        msedge.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        p.qpic.cn
                        IN A
                        Response
                        p.qpic.cn
                        IN A
                        43.154.254.32
                        p.qpic.cn
                        IN A
                        43.129.255.47
                      • flag-hk
                        GET
                        https://p.qpic.cn/qqconadmin/0/b095d8d0ad144de3943f5dcba95a9624/0
                        msedge.exe
                        Remote address:
                        43.154.254.32:443
                        Request
                        GET /qqconadmin/0/b095d8d0ad144de3943f5dcba95a9624/0 HTTP/1.1
                        Host: p.qpic.cn
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                        DNT: 1
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://qm.qq.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Server: NWSs
                        Date: Thu, 27 Jun 2024 15:42:42 GMT
                        Content-Type: image/webp
                        Content-Length: 7556
                        Connection: keep-alive
                        Vary: Accept,Origin
                        Last-Modified: Fri, 26 May 2023 10:51:55 GMT
                        Cache-Control: max-age=2592000
                        X-Delay: 8467 us
                        X-Info: real data
                        X-BCheck: 0_1
                        X-Cpt: filename=0
                        User-ReturnCode: 0
                        X-DataSrc: 1
                        X-ReqGue: 0
                        Size: 7556
                        chid: 0
                        fid: 0
                        X-NWS-LOG-UUID: 17a35715-7232-40ee-a40a-ea380712fbaf
                      • flag-hk
                        GET
                        https://cgi.pub.qq.com/report/bnl?data=0,11780,0,pc
                        msedge.exe
                        Remote address:
                        43.154.252.110:443
                        Request
                        GET /report/bnl?data=0,11780,0,pc HTTP/1.1
                        Host: cgi.pub.qq.com
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                        DNT: 1
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://qm.qq.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Server: stgw
                        Date: Thu, 27 Jun 2024 15:42:42 GMT
                        Content-Type: text/plain
                        Content-Length: 0
                        Connection: keep-alive
                      • flag-us
                        DNS
                        32.254.154.43.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        32.254.154.43.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        110.252.154.43.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        110.252.154.43.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        217.106.137.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        217.106.137.52.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        217.106.137.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        217.106.137.52.in-addr.arpa
                        IN PTR
                      • flag-us
                        DNS
                        86.23.85.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        86.23.85.13.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        206.23.85.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        206.23.85.13.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        206.23.85.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        206.23.85.13.in-addr.arpa
                        IN PTR
                      • flag-us
                        DNS
                        101.58.20.217.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        101.58.20.217.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        30.243.111.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        30.243.111.52.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        67.112.168.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        67.112.168.52.in-addr.arpa
                        IN PTR
                        Response
                      • 79.133.176.222:80
                        js.users.51.la
                        msedge.exe
                        236 B
                        132 B
                        5
                        3
                      • 79.133.176.222:80
                        http://js.users.51.la/19806731.js
                        http
                        msedge.exe
                        720 B
                        6.0kB
                        9
                        10

                        HTTP Request

                        GET http://js.users.51.la/19806731.js

                        HTTP Response

                        200
                      • 104.166.160.226:80
                        http://ia.51.la/go1?id=19806731&rt=1719502954211&rl=1280*720&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1%25E7%25BC%25BA%25E4%25B9%258F%25E5%25AD%25A6%25E4%25B9%25A0%25EF%25BC%258C%25E9%2582%25A3%25E4%25BA%259B%25E5%25B9%25B4%25E6%2588%2591%25E4%25BB%25AC%25E8%2583%25BD%25E5%258A%259B%25E6%25B0%25B4%25E5%25B9%25B3%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF&ing=1&ekc=&sid=1719502954211&tt=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1_%25E7%25BD%2591%25E7%25BB%259C%25E5%2585%25BC%25E8%2581%258C%25E8%25B5%259A%25E9%2592%25B1&kw=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1&cu=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html&pu=
                        http
                        msedge.exe
                        1.9kB
                        676 B
                        9
                        7

                        HTTP Request

                        GET http://ia.51.la/go1?id=19806731&rt=1719502954211&rl=1280*720&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1%25E7%25BC%25BA%25E4%25B9%258F%25E5%25AD%25A6%25E4%25B9%25A0%25EF%25BC%258C%25E9%2582%25A3%25E4%25BA%259B%25E5%25B9%25B4%25E6%2588%2591%25E4%25BB%25AC%25E8%2583%25BD%25E5%258A%259B%25E6%25B0%25B4%25E5%25B9%25B3%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF&ing=1&ekc=&sid=1719502954211&tt=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1_%25E7%25BD%2591%25E7%25BB%259C%25E5%2585%25BC%25E8%2581%258C%25E8%25B5%259A%25E9%2592%25B1&kw=%25E6%25A3%258B%25E7%2589%258C%25E6%25B8%25B8%25E6%2588%258F%25E6%2588%25BF%25E5%258D%25A1%25E7%2589%2588%25E6%2580%258E%25E4%25B9%2588%25E8%25B5%259A%25E9%2592%25B1&cu=file%253A%252F%252F%252FC%253A%252FUsers%252FAdmin%252FAppData%252FLocal%252FTemp%252F16908f41dad6c5c7c8112f29c512ce93_JaffaCakes118.html&pu=

                        HTTP Response

                        200
                      • 43.159.233.101:80
                        http://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt
                        http
                        msedge.exe
                        811 B
                        582 B
                        7
                        5

                        HTTP Request

                        GET http://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt

                        HTTP Response

                        302
                      • 43.159.233.101:80
                        qm.qq.com
                        msedge.exe
                        236 B
                        184 B
                        5
                        4
                      • 43.159.233.101:80
                        qm.qq.com
                        msedge.exe
                        236 B
                        184 B
                        5
                        4
                      • 43.159.233.101:443
                        qm.qq.com
                        tls
                        msedge.exe
                        2.0kB
                        6.0kB
                        17
                        14
                      • 43.159.233.101:443
                        https://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt
                        tls, http
                        msedge.exe
                        3.0kB
                        21.0kB
                        24
                        26

                        HTTP Request

                        GET https://qm.qq.com/cgi-bin/qm/qr?k=hoOfPHEBqZ7MsJTpB4LBudI92s-IX5Jt

                        HTTP Response

                        200
                      • 43.154.254.32:443
                        https://p.qpic.cn/qqconadmin/0/b095d8d0ad144de3943f5dcba95a9624/0
                        tls, http
                        msedge.exe
                        2.4kB
                        13.3kB
                        14
                        19

                        HTTP Request

                        GET https://p.qpic.cn/qqconadmin/0/b095d8d0ad144de3943f5dcba95a9624/0

                        HTTP Response

                        200
                      • 43.154.252.110:443
                        cgi.pub.qq.com
                        tls
                        msedge.exe
                        1.0kB
                        479 B
                        10
                        7
                      • 43.154.252.110:443
                        https://cgi.pub.qq.com/report/bnl?data=0,11780,0,pc
                        tls, http
                        msedge.exe
                        1.8kB
                        5.8kB
                        12
                        15

                        HTTP Request

                        GET https://cgi.pub.qq.com/report/bnl?data=0,11780,0,pc

                        HTTP Response

                        200
                      • 43.154.254.32:443
                        p.qpic.cn
                        tls
                        msedge.exe
                        1.3kB
                        5.0kB
                        11
                        12
                      • 42.177.83.87:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.87:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.87:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 114.112.216.174:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 114.112.216.174:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 114.112.216.174:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.115:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.115:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.115:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.111:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.111:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 42.177.83.111:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 52.111.229.43:443
                        322 B
                        7
                      • 123.6.25.199:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 123.6.25.199:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 123.6.25.199:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 14.205.47.136:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 14.205.47.136:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 14.205.47.136:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 123.6.25.85:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 123.6.25.85:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 123.6.25.85:443
                        p.iqun.qq.com
                        msedge.exe
                        260 B
                        5
                      • 8.8.8.8:53
                        zglpw.cc
                        dns
                        msedge.exe
                        108 B
                        121 B
                        2
                        1

                        DNS Request

                        zglpw.cc

                        DNS Request

                        zglpw.cc

                      • 8.8.8.8:53
                        js.users.51.la
                        dns
                        msedge.exe
                        60 B
                        230 B
                        1
                        1

                        DNS Request

                        js.users.51.la

                        DNS Response

                        79.133.176.222
                        79.133.176.225
                        79.133.176.223
                        79.133.176.224
                        79.133.176.219
                        79.133.176.211
                        79.133.176.166
                        79.133.176.213

                      • 8.8.8.8:53
                        ia.51.la
                        dns
                        msedge.exe
                        54 B
                        157 B
                        1
                        1

                        DNS Request

                        ia.51.la

                        DNS Response

                        104.166.160.226
                        104.166.160.229
                        104.166.160.228

                      • 8.8.8.8:53
                        222.176.133.79.in-addr.arpa
                        dns
                        73 B
                        133 B
                        1
                        1

                        DNS Request

                        222.176.133.79.in-addr.arpa

                      • 8.8.8.8:53
                        qm.qq.com
                        dns
                        msedge.exe
                        55 B
                        135 B
                        1
                        1

                        DNS Request

                        qm.qq.com

                        DNS Response

                        43.159.233.101
                        43.129.2.81

                      • 8.8.8.8:53
                        226.160.166.104.in-addr.arpa
                        dns
                        148 B
                        128 B
                        2
                        1

                        DNS Request

                        226.160.166.104.in-addr.arpa

                        DNS Request

                        226.160.166.104.in-addr.arpa

                      • 8.8.8.8:53
                        104.219.191.52.in-addr.arpa
                        dns
                        146 B
                        147 B
                        2
                        1

                        DNS Request

                        104.219.191.52.in-addr.arpa

                        DNS Request

                        104.219.191.52.in-addr.arpa

                      • 8.8.8.8:53
                        64.159.190.20.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        64.159.190.20.in-addr.arpa

                      • 8.8.8.8:53
                        81.144.22.2.in-addr.arpa
                        dns
                        70 B
                        133 B
                        1
                        1

                        DNS Request

                        81.144.22.2.in-addr.arpa

                      • 8.8.8.8:53
                        101.233.159.43.in-addr.arpa
                        dns
                        73 B
                        130 B
                        1
                        1

                        DNS Request

                        101.233.159.43.in-addr.arpa

                      • 8.8.8.8:53
                        p.iqun.qq.com
                        dns
                        msedge.exe
                        59 B
                        357 B
                        1
                        1

                        DNS Request

                        p.iqun.qq.com

                        DNS Response

                        42.177.83.87
                        114.112.216.174
                        42.177.83.115
                        42.177.83.111
                        123.6.25.199
                        14.205.47.136
                        123.6.25.85
                        112.84.131.219
                        42.177.83.82
                        116.153.46.40
                        42.177.83.214
                        60.28.220.246
                        42.177.83.134

                      • 8.8.8.8:53
                        cgi.pub.qq.com
                        dns
                        msedge.exe
                        60 B
                        124 B
                        1
                        1

                        DNS Request

                        cgi.pub.qq.com

                        DNS Response

                        43.154.252.110

                      • 8.8.8.8:53
                        isdspeed.qq.com
                        dns
                        msedge.exe
                        61 B
                        115 B
                        1
                        1

                        DNS Request

                        isdspeed.qq.com

                      • 8.8.8.8:53
                        p.qpic.cn
                        dns
                        msedge.exe
                        55 B
                        87 B
                        1
                        1

                        DNS Request

                        p.qpic.cn

                        DNS Response

                        43.154.254.32
                        43.129.255.47

                      • 224.0.0.251:5353
                        382 B
                        6
                      • 8.8.8.8:53
                        32.254.154.43.in-addr.arpa
                        dns
                        72 B
                        129 B
                        1
                        1

                        DNS Request

                        32.254.154.43.in-addr.arpa

                      • 8.8.8.8:53
                        110.252.154.43.in-addr.arpa
                        dns
                        73 B
                        130 B
                        1
                        1

                        DNS Request

                        110.252.154.43.in-addr.arpa

                      • 8.8.8.8:53
                        217.106.137.52.in-addr.arpa
                        dns
                        146 B
                        147 B
                        2
                        1

                        DNS Request

                        217.106.137.52.in-addr.arpa

                        DNS Request

                        217.106.137.52.in-addr.arpa

                      • 8.8.8.8:53
                        86.23.85.13.in-addr.arpa
                        dns
                        70 B
                        144 B
                        1
                        1

                        DNS Request

                        86.23.85.13.in-addr.arpa

                      • 8.8.8.8:53
                        206.23.85.13.in-addr.arpa
                        dns
                        142 B
                        145 B
                        2
                        1

                        DNS Request

                        206.23.85.13.in-addr.arpa

                        DNS Request

                        206.23.85.13.in-addr.arpa

                      • 8.8.8.8:53
                        101.58.20.217.in-addr.arpa
                        dns
                        72 B
                        132 B
                        1
                        1

                        DNS Request

                        101.58.20.217.in-addr.arpa

                      • 8.8.8.8:53
                        30.243.111.52.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        30.243.111.52.in-addr.arpa

                      • 8.8.8.8:53
                        67.112.168.52.in-addr.arpa
                        dns
                        72 B
                        146 B
                        1
                        1

                        DNS Request

                        67.112.168.52.in-addr.arpa

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        a8e767fd33edd97d306efb6905f93252

                        SHA1

                        a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                        SHA256

                        c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                        SHA512

                        07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                        Filesize

                        152B

                        MD5

                        439b5e04ca18c7fb02cf406e6eb24167

                        SHA1

                        e0c5bb6216903934726e3570b7d63295b9d28987

                        SHA256

                        247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                        SHA512

                        d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        5KB

                        MD5

                        496e74d483e73c43856c550fa194289d

                        SHA1

                        eb54cff07bfaa92d0109ec93642e4b60c2a7d04a

                        SHA256

                        91133de7b8585daf1ab4fad9fab48e708e642033919c59532ef3ab7fd7e14393

                        SHA512

                        e53ab1ff8e43dff3d79f4223a58ed17b63d0ab44dde222c1982a4095ae00cfc1cd84c5d43f0aa08eca478c6280735f8e732ad4505e6ffe908cde654b78041213

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        0df763f8ff24cf06735c7bad70b19813

                        SHA1

                        4c8cb25243738dadbc9c4453b7ccded3b9767156

                        SHA256

                        24b13cd8776e7ff2344dca3d612305244ea9b2fc9a0cbbe8e7606a75cff813b7

                        SHA512

                        4d73da3be9da7addaf623fd5ccf23031f472cbe59e9c1b23989f469637e1eef10a25b3dc5c64fff39a12e82d1f46281c711971f58003025846045107fa31e68d

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                        Filesize

                        10KB

                        MD5

                        e1eeffbc2b81f91bbb6a2634874819aa

                        SHA1

                        e7529e8980bc7d4ad4e6ebbb4e2cc27d164c1714

                        SHA256

                        21ff6c79698d301e7193d593ee8701d4d730554b16661a0fba0319f3605a5591

                        SHA512

                        c61522a03b75ae863cdbdddbf25cc050fd698239d845e0408436b83c08199ea2dbdaa8fc03425ad21ec2b7da8eb0d1dbaa8c24c389943dcdfe75751c3ea52dab

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.