Overview

overview

3

Static

static

1

JaffaCakes...b.html

windows7-x64

3

JaffaCakes...b.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 09:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e26334f2ea91fb3d75105d702dd041bb.html

  • Size

    83KB

  • MD5

    e26334f2ea91fb3d75105d702dd041bb

  • SHA1

    4dca3fb40e15a0fcae4c82c6f22875b7660b7e39

  • SHA256

    4d880215aeb7036724cd2da3653e65dbce27ef3ad5d80e654b337f539b3de10c

  • SHA512

    8c63ddea7cd8622e19c4965003521466907ade38a343e7fad23f633bf61e7328d5a647518932c99993c7fdfe57ed429a24fd9ed73bffd9e20ac05ae703e3c12a

  • SSDEEP

    1536:SB3mIJgDyIPaFKG60B9r4Ejw3+pF96+XYAMzaLN4zhF24H1+JPgz9nIKF/EvgPV7:SH3hwDWcv2y

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e26334f2ea91fb3d75105d702dd041bb.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe241846f8,0x7ffe24184708,0x7ffe24184718
      2⤵
        PID:2556
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:452
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2688
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:3604
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
            2⤵
              PID:2364
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:1468
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
                2⤵
                  PID:1436
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3900
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                  2⤵
                    PID:1276
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                    2⤵
                      PID:5040
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
                      2⤵
                        PID:412
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                        2⤵
                          PID:3380
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17098684421338298604,18278640145651618924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3888
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3820
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3780

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            www.turkhackteam.net
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.turkhackteam.net
                            IN A
                            Response
                            www.turkhackteam.net
                            IN A
                            104.21.48.1
                            www.turkhackteam.net
                            IN A
                            104.21.64.1
                            www.turkhackteam.net
                            IN A
                            104.21.16.1
                            www.turkhackteam.net
                            IN A
                            104.21.32.1
                            www.turkhackteam.net
                            IN A
                            104.21.80.1
                            www.turkhackteam.net
                            IN A
                            104.21.112.1
                            www.turkhackteam.net
                            IN A
                            104.21.96.1
                          • flag-us
                            DNS
                            xslt.alexa.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xslt.alexa.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            whos.amung.us
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            whos.amung.us
                            IN A
                            Response
                            whos.amung.us
                            IN A
                            104.22.75.171
                            whos.amung.us
                            IN A
                            104.22.74.171
                            whos.amung.us
                            IN A
                            172.67.8.141
                          • flag-us
                            DNS
                            img43.imageshack.us
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            img43.imageshack.us
                            IN A
                            Response
                            img43.imageshack.us
                            IN CNAME
                            imagizer-cv.imageshack.us
                            imagizer-cv.imageshack.us
                            IN A
                            38.99.77.17
                            imagizer-cv.imageshack.us
                            IN A
                            38.99.77.16
                          • flag-us
                            GET
                            http://www.turkhackteam.net/images/smilies/wink.gif
                            msedge.exe
                            Remote address:
                            104.21.48.1:80
                            Request
                            GET /images/smilies/wink.gif HTTP/1.1
                            Host: www.turkhackteam.net
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 301 Moved Permanently
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: text/html
                            Content-Length: 167
                            Connection: keep-alive
                            Cache-Control: max-age=3600
                            Expires: Mon, 20 Jan 2025 10:02:22 GMT
                            Location: https://www.turkhackteam.net/images/smilies/wink.gif
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xte9l2xlTVmBUQDxbQSkr4BTQykKl69TwQ2OINvjbbOBodb2doM9jx559Dq9VOvWIeUeRtrG%2FYXe1ySgPIXH3HjUfghTUFcEGsm2LdjEOOGtqYnhNWtPEtWjWv7dLdvxVzzDRJWMjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Vary: Accept-Encoding
                            Server: cloudflare
                            CF-RAY: 904de29ddc3b951d-LHR
                            alt-svc: h3=":443"; ma=86400
                            server-timing: cfL4;desc="?proto=TCP&rtt=47302&min_rtt=47302&rtt_var=23651&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=374&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                          • flag-us
                            GET
                            http://www.turkhackteam.net/images/smilies/smile.gif
                            msedge.exe
                            Remote address:
                            104.21.48.1:80
                            Request
                            GET /images/smilies/smile.gif HTTP/1.1
                            Host: www.turkhackteam.net
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 301 Moved Permanently
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: text/html
                            Content-Length: 167
                            Connection: keep-alive
                            Cache-Control: max-age=3600
                            Expires: Mon, 20 Jan 2025 10:02:22 GMT
                            Location: https://www.turkhackteam.net/images/smilies/smile.gif
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iH%2B1eHh2AL%2BQvT9NnkX4ap9IRHedcAboZJQeTVy5RlLN1PM9FPK%2FNuteImIiRXuE4OuPy9%2BSOpgk%2FlCVznAaOVer61jhBwizYqxxSJfnW4SrImXsCb6fSG6MS4kxkRwcwoi7bCrBNw%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Vary: Accept-Encoding
                            Server: cloudflare
                            CF-RAY: 904de29ddc3a951d-LHR
                            alt-svc: h3=":443"; ma=86400
                            server-timing: cfL4;desc="?proto=TCP&rtt=47317&min_rtt=47317&rtt_var=23658&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=375&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                          • flag-us
                            GET
                            http://img43.imageshack.us/img43/523/naberv.jpg
                            msedge.exe
                            Remote address:
                            38.99.77.17:80
                            Request
                            GET /img43/523/naberv.jpg HTTP/1.1
                            Host: img43.imageshack.us
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.2.8
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: text/html
                            Content-Length: 570
                            Connection: keep-alive
                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
                            Access-Control-Expose-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
                          • flag-us
                            GET
                            http://whos.amung.us/widget/zuoemhd0i7fi.png
                            msedge.exe
                            Remote address:
                            104.22.75.171:80
                            Request
                            GET /widget/zuoemhd0i7fi.png HTTP/1.1
                            Host: whos.amung.us
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 307 Temporary Redirect
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            cache-control: no-cache, no-store, must-revalidate
                            location: http://widgets.amung.us/classic/00/1.png
                            cf-cache-status: DYNAMIC
                            Server: cloudflare
                            CF-RAY: 904de29e2a1963b2-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://www.turkhackteam.net/images/smilies/smile.gif
                            msedge.exe
                            Remote address:
                            104.21.48.1:443
                            Request
                            GET /images/smilies/smile.gif HTTP/2.0
                            host: www.turkhackteam.net
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 301
                            date: Mon, 20 Jan 2025 09:02:22 GMT
                            content-type: text/html
                            location: https://www.turkhackteam.org/images/smilies/smile.gif
                            strict-transport-security: max-age=31536000
                            cache-control: max-age=691200
                            cf-cache-status: EXPIRED
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvN2sjaVVF1aLWYCdlwntiNHGNzT4Mlfee2qjOmUxdTrOMY10M3HiJCg1f0tkiRX65Y3Ix9c70picRKG1v8X51ZS1jqENu9UtKmgU51TDpKkGwsWtyU1hhFbjnMfpv5eSy3Yil2REA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 904de29f790f4179-LHR
                            alt-svc: h3=":443"; ma=86400
                            server-timing: cfL4;desc="?proto=TCP&rtt=47479&min_rtt=47475&rtt_var=17806&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1049&delivery_rate=57166&cwnd=251&unsent_bytes=0&cid=5a19827b8da30197&ts=94&x=0"
                          • flag-us
                            GET
                            https://www.turkhackteam.net/images/smilies/wink.gif
                            msedge.exe
                            Remote address:
                            104.21.48.1:443
                            Request
                            GET /images/smilies/wink.gif HTTP/2.0
                            host: www.turkhackteam.net
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 301
                            date: Mon, 20 Jan 2025 09:02:22 GMT
                            content-type: text/html
                            location: https://www.turkhackteam.org/images/smilies/wink.gif
                            strict-transport-security: max-age=31536000
                            cache-control: max-age=691200
                            cf-cache-status: EXPIRED
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWyCaOiXCXdefa0Tp3NBTULBxpat7bynv7rTpQ5UjonGZgNMzuwX4Tud4ic3bpcdfULND9zlela0iIGTA2xMWx4ok3rjruDY90J5hjuMkVa6Y7uHV%2B6nPEO8646ABWN4yNn7ZFdStg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 904de29f79104179-LHR
                            alt-svc: h3=":443"; ma=86400
                            server-timing: cfL4;desc="?proto=TCP&rtt=47479&min_rtt=47475&rtt_var=17806&sent=9&recv=8&lost=0&retrans=0&sent_bytes=4378&recv_bytes=1049&delivery_rate=57166&cwnd=251&unsent_bytes=0&cid=5a19827b8da30197&ts=104&x=0"
                          • flag-us
                            DNS
                            srv.sayyac.net
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            srv.sayyac.net
                            IN A
                            Response
                            srv.sayyac.net
                            IN A
                            31.186.15.180
                          • flag-us
                            DNS
                            140.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            140.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            13.86.106.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            13.86.106.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            60.153.16.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            60.153.16.2.in-addr.arpa
                            IN PTR
                            Response
                            60.153.16.2.in-addr.arpa
                            IN PTR
                            a2-16-153-60deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            171.75.22.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            171.75.22.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            1.48.21.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            1.48.21.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-tr
                            GET
                            http://srv.sayyac.net/sa.js?_salogin=thtorg123&_sav=4.2
                            msedge.exe
                            Remote address:
                            31.186.15.180:80
                            Request
                            GET /sa.js?_salogin=thtorg123&_sav=4.2 HTTP/1.1
                            Host: srv.sayyac.net
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
                            DNT: 1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: application/x-javascript
                            Content-Length: 0
                            Last-Modified: Wed, 16 Mar 2022 13:03:07 GMT
                            Connection: close
                            ETag: "6231e00b-0"
                            Expires: Thu, 31 Dec 2037 23:55:55 GMT
                            Cache-Control: max-age=315360000
                            Cache-Control: public
                            P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
                            Accept-Ranges: bytes
                          • flag-us
                            DNS
                            widgets.amung.us
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            widgets.amung.us
                            IN A
                            Response
                            widgets.amung.us
                            IN A
                            104.22.75.171
                            widgets.amung.us
                            IN A
                            172.67.8.141
                            widgets.amung.us
                            IN A
                            104.22.74.171
                          • flag-us
                            DNS
                            www.turkhackteam.org
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.turkhackteam.org
                            IN A
                            Response
                            www.turkhackteam.org
                            IN A
                            172.67.211.30
                            www.turkhackteam.org
                            IN A
                            104.21.91.65
                          • flag-us
                            GET
                            http://widgets.amung.us/classic/00/1.png
                            msedge.exe
                            Remote address:
                            104.22.75.171:80
                            Request
                            GET /classic/00/1.png HTTP/1.1
                            Host: widgets.amung.us
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Mon, 20 Jan 2025 09:02:22 GMT
                            Content-Type: image/png
                            Content-Length: 1349
                            Connection: keep-alive
                            last-modified: Sun, 13 Jun 2010 09:03:09 GMT
                            etag: "4c149ecd-545"
                            expires: Fri, 17 Jan 2025 20:18:16 GMT
                            cache-control: max-age=2678400
                            access-control-allow-origin: *
                            CF-Cache-Status: HIT
                            Age: 305046
                            Accept-Ranges: bytes
                            Vary: Accept-Encoding
                            Server: cloudflare
                            CF-RAY: 904de2a05a1763cd-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://www.turkhackteam.org/images/smilies/smile.gif
                            msedge.exe
                            Remote address:
                            172.67.211.30:443
                            Request
                            GET /images/smilies/smile.gif HTTP/2.0
                            host: www.turkhackteam.org
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Mon, 20 Jan 2025 09:02:22 GMT
                            content-type: image/gif
                            content-length: 1061
                            cache-control: public, max-age=691200
                            expires: Mon, 27 Jan 2025 00:23:19 GMT
                            last-modified: Fri, 11 Nov 2011 22:34:08 GMT
                            strict-transport-security: max-age=15552000; preload
                            alt-svc: h3=":443"; ma=86400
                            cf-cache-status: HIT
                            age: 31143
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e1oCPi7no4D8oT9VAdXGrgDyYX%2B9PAnL%2BvyerKizVmlD45oisUX%2Bh5qsFmW4gLKHIUkZyN2ldRmQGhy33%2B24RMBhixC3Udj55XKKShtO7u6wX60frMos3byaNlRAm80ZDXLj7JbLPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 904de2a11a629433-LHR
                            server-timing: cfL4;desc="?proto=TCP&rtt=47570&min_rtt=47398&rtt_var=18119&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2904&recv_bytes=1049&delivery_rate=55638&cwnd=247&unsent_bytes=0&cid=2060ccabf9dd42a1&ts=97&x=0"
                          • flag-us
                            GET
                            https://www.turkhackteam.org/images/smilies/wink.gif
                            msedge.exe
                            Remote address:
                            172.67.211.30:443
                            Request
                            GET /images/smilies/wink.gif HTTP/2.0
                            host: www.turkhackteam.org
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Mon, 20 Jan 2025 09:02:22 GMT
                            content-type: image/gif
                            content-length: 1062
                            cache-control: public, max-age=691200
                            expires: Mon, 27 Jan 2025 00:23:19 GMT
                            last-modified: Fri, 11 Nov 2011 22:34:08 GMT
                            strict-transport-security: max-age=15552000; preload
                            alt-svc: h3=":443"; ma=86400
                            cf-cache-status: HIT
                            age: 31143
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5hLRVS6cqJPYeq12Lg1yiFz4yHN8%2BeJU0JkWUnP1qyVmKfUUj8WV2rnVBpSbDkZTofGFnY0hQx4vR6xan5NILCN18S4d2uJ%2FmiB9Adj14VVM833NSzGQBBElQgv1gP34yrNb9v4Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 904de2a12a669433-LHR
                            server-timing: cfL4;desc="?proto=TCP&rtt=47570&min_rtt=47398&rtt_var=18119&sent=9&recv=8&lost=0&retrans=0&sent_bytes=4727&recv_bytes=1049&delivery_rate=55638&cwnd=247&unsent_bytes=0&cid=2060ccabf9dd42a1&ts=98&x=0"
                          • flag-us
                            DNS
                            167.173.78.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            167.173.78.104.in-addr.arpa
                            IN PTR
                            Response
                            167.173.78.104.in-addr.arpa
                            IN PTR
                            a104-78-173-167deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            17.77.99.38.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            17.77.99.38.in-addr.arpa
                            IN PTR
                            Response
                            17.77.99.38.in-addr.arpa
                            IN PTR
                            imagizer-cv imageshackus
                          • flag-us
                            DNS
                            180.15.186.31.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            180.15.186.31.in-addr.arpa
                            IN PTR
                            Response
                            180.15.186.31.in-addr.arpa
                            IN PTR
                            reverse-31-186-15-180 turkticaretnet
                          • flag-us
                            DNS
                            30.211.67.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            30.211.67.172.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            58.55.71.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            58.55.71.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            154.239.44.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            154.239.44.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            200.163.202.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            200.163.202.172.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            241.42.69.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.42.69.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            32.187.41.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            32.187.41.23.in-addr.arpa
                            IN PTR
                            Response
                            32.187.41.23.in-addr.arpa
                            IN PTR
                            a23-41-187-32deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            43.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            43.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            175.117.168.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            175.117.168.52.in-addr.arpa
                            IN PTR
                            Response
                          • 104.21.48.1:80
                            http://www.turkhackteam.net/images/smilies/wink.gif
                            http
                            msedge.exe
                            696 B
                             1.4kB
                             7
                            6

                            HTTP Request

                            GET http://www.turkhackteam.net/images/smilies/wink.gif

                            HTTP Response

                            301
                          • 104.21.48.1:80
                            http://www.turkhackteam.net/images/smilies/smile.gif
                            http
                            msedge.exe
                            697 B
                             1.4kB
                             7
                            6

                            HTTP Request

                            GET http://www.turkhackteam.net/images/smilies/smile.gif

                            HTTP Response

                            301
                          • 38.99.77.17:80
                            http://img43.imageshack.us/img43/523/naberv.jpg
                            http
                            msedge.exe
                            600 B
                             1.3kB
                             5
                            4

                            HTTP Request

                            GET http://img43.imageshack.us/img43/523/naberv.jpg

                            HTTP Response

                            404
                          • 104.22.75.171:80
                            http://whos.amung.us/widget/zuoemhd0i7fi.png
                            http
                            msedge.exe
                            689 B
                             667 B
                             7
                            6

                            HTTP Request

                            GET http://whos.amung.us/widget/zuoemhd0i7fi.png

                            HTTP Response

                            307
                          • 104.21.48.1:443
                            www.turkhackteam.net
                            tls, http2
                            msedge.exe
                            943 B
                             3.1kB
                             8
                            6
                          • 104.21.48.1:443
                            https://www.turkhackteam.net/images/smilies/wink.gif
                            tls, http2
                            msedge.exe
                            1.8kB
                             6.4kB
                             17
                            17

                            HTTP Request

                            GET https://www.turkhackteam.net/images/smilies/smile.gif

                            HTTP Request

                            GET https://www.turkhackteam.net/images/smilies/wink.gif

                            HTTP Response

                            301

                            HTTP Response

                            301
                          • 31.186.15.180:80
                            http://srv.sayyac.net/sa.js?_salogin=thtorg123&_sav=4.2
                            http
                            msedge.exe
                            653 B
                             608 B
                             5
                            4

                            HTTP Request

                            GET http://srv.sayyac.net/sa.js?_salogin=thtorg123&_sav=4.2

                            HTTP Response

                            200
                          • 104.22.75.171:80
                            http://widgets.amung.us/classic/00/1.png
                            http
                            msedge.exe
                            685 B
                             2.1kB
                             7
                            7

                            HTTP Request

                            GET http://widgets.amung.us/classic/00/1.png

                            HTTP Response

                            200
                          • 172.67.211.30:443
                            https://www.turkhackteam.org/images/smilies/wink.gif
                            tls, http2
                            msedge.exe
                            1.8kB
                             7.0kB
                             17
                            17

                            HTTP Request

                            GET https://www.turkhackteam.org/images/smilies/smile.gif

                            HTTP Request

                            GET https://www.turkhackteam.org/images/smilies/wink.gif

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 172.67.211.30:443
                            www.turkhackteam.org
                            tls
                            msedge.exe
                            897 B
                             2.6kB
                             7
                            5
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                             90 B
                             1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            www.turkhackteam.net
                            dns
                            msedge.exe
                            66 B
                             178 B
                             1
                            1

                            DNS Request

                            www.turkhackteam.net

                            DNS Response

                            104.21.48.1
                            104.21.64.1
                            104.21.16.1
                            104.21.32.1
                            104.21.80.1
                            104.21.112.1
                            104.21.96.1

                          • 8.8.8.8:53
                            xslt.alexa.com
                            dns
                            msedge.exe
                            60 B
                             142 B
                             1
                            1

                            DNS Request

                            xslt.alexa.com

                          • 8.8.8.8:53
                            whos.amung.us
                            dns
                            msedge.exe
                            59 B
                             107 B
                             1
                            1

                            DNS Request

                            whos.amung.us

                            DNS Response

                            104.22.75.171
                            104.22.74.171
                            172.67.8.141

                          • 8.8.8.8:53
                            img43.imageshack.us
                            dns
                            msedge.exe
                            65 B
                             123 B
                             1
                            1

                            DNS Request

                            img43.imageshack.us

                            DNS Response

                            38.99.77.17
                            38.99.77.16

                          • 8.8.8.8:53
                            srv.sayyac.net
                            dns
                            msedge.exe
                            60 B
                             76 B
                             1
                            1

                            DNS Request

                            srv.sayyac.net

                            DNS Response

                            31.186.15.180

                          • 8.8.8.8:53
                            140.32.126.40.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            140.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            13.86.106.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            13.86.106.20.in-addr.arpa

                          • 8.8.8.8:53
                            60.153.16.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            60.153.16.2.in-addr.arpa

                          • 8.8.8.8:53
                            171.75.22.104.in-addr.arpa
                            dns
                            72 B
                             134 B
                             1
                            1

                            DNS Request

                            171.75.22.104.in-addr.arpa

                          • 8.8.8.8:53
                            1.48.21.104.in-addr.arpa
                            dns
                            70 B
                             132 B
                             1
                            1

                            DNS Request

                            1.48.21.104.in-addr.arpa

                          • 8.8.8.8:53
                            widgets.amung.us
                            dns
                            msedge.exe
                            62 B
                             110 B
                             1
                            1

                            DNS Request

                            widgets.amung.us

                            DNS Response

                            104.22.75.171
                            172.67.8.141
                            104.22.74.171

                          • 8.8.8.8:53
                            www.turkhackteam.org
                            dns
                            msedge.exe
                            66 B
                             98 B
                             1
                            1

                            DNS Request

                            www.turkhackteam.org

                            DNS Response

                            172.67.211.30
                            104.21.91.65

                          • 8.8.8.8:53
                            167.173.78.104.in-addr.arpa
                            dns
                            73 B
                             139 B
                             1
                            1

                            DNS Request

                            167.173.78.104.in-addr.arpa

                          • 8.8.8.8:53
                            17.77.99.38.in-addr.arpa
                            dns
                            70 B
                             109 B
                             1
                            1

                            DNS Request

                            17.77.99.38.in-addr.arpa

                          • 8.8.8.8:53
                            180.15.186.31.in-addr.arpa
                            dns
                            72 B
                             123 B
                             1
                            1

                            DNS Request

                            180.15.186.31.in-addr.arpa

                          • 8.8.8.8:53
                            30.211.67.172.in-addr.arpa
                            dns
                            72 B
                             134 B
                             1
                            1

                            DNS Request

                            30.211.67.172.in-addr.arpa

                          • 224.0.0.251:5353
                            453 B
                             7
                          • 8.8.8.8:53
                            58.55.71.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            58.55.71.13.in-addr.arpa

                          • 8.8.8.8:53
                            154.239.44.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            154.239.44.20.in-addr.arpa

                          • 8.8.8.8:53
                            200.163.202.172.in-addr.arpa
                            dns
                            74 B
                             160 B
                             1
                            1

                            DNS Request

                            200.163.202.172.in-addr.arpa

                          • 8.8.8.8:53
                            241.42.69.40.in-addr.arpa
                            dns
                            71 B
                             145 B
                             1
                            1

                            DNS Request

                            241.42.69.40.in-addr.arpa

                          • 8.8.8.8:53
                            32.187.41.23.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            32.187.41.23.in-addr.arpa

                          • 8.8.8.8:53
                            43.229.111.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            43.229.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            175.117.168.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            175.117.168.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            8749e21d9d0a17dac32d5aa2027f7a75

                            SHA1

                            a5d555f8b035c7938a4a864e89218c0402ab7cde

                            SHA256

                            915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                            SHA512

                            c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            34d2c4f40f47672ecdf6f66fea242f4a

                            SHA1

                            4bcad62542aeb44cae38a907d8b5a8604115ada2

                            SHA256

                            b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                            SHA512

                            50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            266B

                            MD5

                            47d0b22df24ee3fa67570b0f3473efaf

                            SHA1

                            37ad6e964621e7b20160d11f941a512af26408a3

                            SHA256

                            2151fc50fa718cfa763e0c351589fdf2c075a66a614bbcebfa488cdacc231159

                            SHA512

                            4512d786bb895dd916df77d11c8a17a469aec2d430728346c0023e10089fc9405e9b8a70e07ad468611df31eaccdd01ec87afcabbe7692cfd9f520a3c8a90b52

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            ddcc6ef2c78a106fe5bf5ab7fe51e1e8

                            SHA1

                            5fa232ba81c2a46c1f58edf37a465c60158f233e

                            SHA256

                            5ae429363ce20fa00e3c5489a1ee4b9b9573a1c9f253009f3e0a5dfa9487f541

                            SHA512

                            83d1b018fb7f9c2c587948ff6374a936a54a37852fcb4b660ccf61edcdf19fb3cf2e2f57733936a130620b914a2a7945adc41b83596481343ff03a5cefa56cc0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            b12c256ce89bc61104e8c01b4de0e359

                            SHA1

                            8263faf37bfcc8b4ec7de871228ee0ae8388db7e

                            SHA256

                            c472adf7b598988ebbe13b3d27d1aefa6876c70f4069551ca15dcd02eb417214

                            SHA512

                            cdfabbb17c57e9081df60ed0a2561ffc3f1f8170908a8ed8dd25cd89552f0d899699a06e03764bad27f909533dcacd5a13feab20a08988c77b4c8d60cfc405a7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            b1b8f406498cd1d9f91cf22336b3224c

                            SHA1

                            455d113a5f003d08da69f20c156e887ba36d5a3a

                            SHA256

                            59ec474f995658c60ff56551fd85b640915e427abdc7466bd5e55dbadc6f5583

                            SHA512

                            01bd36b411a1678a1c2540d592c0d350c669f840af7ba4773aa401cde7bd20b5a5e2ecb6f9184a1cd62b47ccbb98695a64c748fc68029ca0fda08c2709f98bfa

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.