Overview
overview
7Static
static
7JaffaCakes...52.exe
windows10-2004-x64
7JaffaCakes...52.exe
windows11-21h2-x64
7$PLUGINSDI...rb.dll
windows10-2004-x64
3$PLUGINSDI...rb.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...la.rtf
windows10-2004-x64
1$PLUGINSDI...la.rtf
windows11-21h2-x64
1$PLUGINSDI...ay.dll
windows10-2004-x64
5$PLUGINSDI...ay.dll
windows11-21h2-x64
5$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ML.dll
windows10-2004-x64
3$PLUGINSDI...ML.dll
windows11-21h2-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$PLUGINSDI...ry.dll
windows11-21h2-x64
3$R1/$_1_/U...ll.exe
windows10-2004-x64
7$R1/$_1_/U...ll.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 17:34
Behavioral task
behavioral1
Sample
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
Resource
win11-20250610-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win11-20250610-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250619-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20250610-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win11-20250619-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win10v2004-20250619-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win11-20250619-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsArray.dll
Resource
win11-20250610-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20250610-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20250619-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win11-20250619-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/registry.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/registry.dll
Resource
win11-20250619-en
Behavioral task
behavioral25
Sample
$R1/$_1_/Uninstall.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral26
Sample
$R1/$_1_/Uninstall.exe
Resource
win11-20250619-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250610-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20250610-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20250619-en
General
-
Target
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
-
Size
1.4MB
-
MD5
1c70bab0ffbbf03ae6d4f95c7454a052
-
SHA1
1252d6446868fb48946de8ec01ee8fa5bac80d14
-
SHA256
4dae9f99e0707d4e175ea846b23f32ef5cb63d055fc8ee30b35099783f0cc869
-
SHA512
7bd4e4b8ccc59645dd5d23b0eb73b64513898e70d719caa464fade70c91e3519d80f92f0ed050b7bc3d7c9ca2a1f2da2f19e10903ca57de01da1d64781fcb688
-
SSDEEP
24576:L2KqYz3utEROE3cvWt9xkAzb8cQlE++NHXYNoPfSk:pD/OKc4xXz6F+iNoCk
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x000d00000001ee88-54.dat acprotect -
Loads dropped DLL 9 IoCs
pid Process 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/1560-57-0x0000000070710000-0x000000007071A000-memory.dmp upx behavioral1/files/0x000d00000001ee88-54.dat upx behavioral1/memory/1560-136-0x0000000070710000-0x000000007071A000-memory.dmp upx behavioral1/memory/1560-776-0x0000000070710000-0x000000007071A000-memory.dmp upx behavioral1/memory/1560-842-0x0000000070710000-0x000000007071A000-memory.dmp upx -
Drops file in Program Files directory 13 IoCs
description ioc Process File created C:\Program Files (x86)\jZip\log.log JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1545489470\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1899285486\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1899285486\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1899285486\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_714680192\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_714680192\nav_config.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1939796052\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1545489470\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_714680192\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1939796052\office_endpoints_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1939796052\smart_switch_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4372_1939796052\manifest.fingerprint msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961240759783336" msedge.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{4BE35DB8-7136-4B75-9055-2D27D42E35F1} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{A4090A59-FFFB-4D99-8BCB-FBEE3FBEDDC4} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe\IsHostApp JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 3248 msedge.exe 3248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4372 msedge.exe 4372 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1560 wrote to memory of 5108 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 100 PID 1560 wrote to memory of 5108 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 100 PID 1560 wrote to memory of 4372 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 101 PID 1560 wrote to memory of 4372 1560 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 101 PID 4372 wrote to memory of 4232 4372 msedge.exe 102 PID 4372 wrote to memory of 4232 4372 msedge.exe 102 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 4664 4372 msedge.exe 104 PID 4372 wrote to memory of 4664 4372 msedge.exe 104 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 2520 4372 msedge.exe 103 PID 4372 wrote to memory of 1768 4372 msedge.exe 105 PID 4372 wrote to memory of 1768 4372 msedge.exe 105 PID 4372 wrote to memory of 1768 4372 msedge.exe 105 PID 4372 wrote to memory of 1768 4372 msedge.exe 105 PID 4372 wrote to memory of 1768 4372 msedge.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.jzip.com/terms_of_use.php2⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.jzip.com/terms_of_use.php2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffb5704f208,0x7ffb5704f214,0x7ffb5704f2203⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:23⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:33⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=2744 /prefetch:83⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:13⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:13⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4136,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:13⤵PID:1336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4296,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:23⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4576,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:13⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:83⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:83⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5652,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:13⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5672,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:13⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:83⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3568,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:83⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:83⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:83⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:83⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:83⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6440,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:13⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:83⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6788,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:13⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6708,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:83⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=7296 /prefetch:83⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7464,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:83⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7556,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:83⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7700,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:83⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5488,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:13⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8048,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:83⤵
- Modifies registry class
PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8040,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=8036 /prefetch:83⤵PID:5520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4556,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:83⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:83⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4520,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:83⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:83⤵PID:5912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:83⤵PID:1336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7652,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:83⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:83⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6184,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2912,i,17920321810247698959,12887799310507602370,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:83⤵PID:3844
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:1256
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
105KB
MD52ca8d39c3bc99de17bed5a0fe47679b6
SHA1a9d29377d4d7f316746f898e3cae2c6fd2d1bdc2
SHA2561553a198ae11d60e77f8fff26d5ea7cdc1c266d81b11186fd06e0ed4e975ec90
SHA512490d655f3c1f39cc318e83b5a296a043fdbe8718a364b84cb7a8ed9bdccf2f49023e378f1b02ea50f4cd8e5ed7efc50222b5a8393f9842a592ab0de4e69599aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5d1568f489cbb1428c8aeed605dad7405
SHA15d847bbbb87c7569b89673e1c389b512f1e948d1
SHA256158d2342005ff1f3899cb5b55a034923f148de3a55f2d83170f21d3078ca8f9e
SHA5124749e72e7c3b6e47191e01985eecd61ba7aad90b4c3be30a4b057707eb58f5401aa53394995b8bd55d01639ef04a7241a4a478a25ab29cbda3dcd750164d4a74
-
Filesize
280B
MD52c331f389c779c8c38854c792db3bdaf
SHA19dbc270547d3316ff08f06d22b30251faf040341
SHA256521142680d67ffc710d6dc921740415e840768dc0fcdb1a72b80e6d55b6355db
SHA5128a590ee501dc40bfb757de9c314be7d65d3117c8245094bf7d92bd469b11f9fb34261d5f9c3a96001fdb79a673467dfd79db3b07b3f52187d58b352dd3a21576
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD52f994c8b37742ed978221eb33d201ec0
SHA1bd87bae0e56912b07e1cb23f4307fe88d75b1bef
SHA2564422a1c0df10f515a4929f336cb1998ec4e0dfa87b75a0cac2d9fdf6286b8ff0
SHA512d842d64566cd38aa92602b379c356477781062344107db14d75ebc49c30b046044dab32e870e74f0d619ef93a22e27da3c2444dfccfdbdb858b64e0de7fabba4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5806f0.TMP
Filesize3KB
MD541ca082fe76118f58ea34ad24925dd13
SHA136c35405fcbb4899c902d63cbc4cac04f64e0115
SHA256d3ea29756c5fdfe08ac3a00be1c31217a8cdb7357fe3125eef6e4942519b0a4e
SHA512a7dc8abedfa215669ecb89466f934beacdfb057e4bcbcbddc3ee46e55baf8f04249690a4f107d5d373e01a0b39549da5eec1c25aaf332820611deaec78e8f053
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD59983aee7e579d5fcabb2c93894c6270d
SHA1915330c7c14f64bd8e6cb24d3da4749670391c55
SHA256de3a004d274d535766e78aa7b59306c71321dc4c2546cd23a8edde14cd843a2a
SHA51281918c6be4cc15bdb57d18a787df74940a7a319366f4b736379959aa9876213d60d17554c03305360ee4d00de660fdb5da10d4410a6d348f0288ab7c73395ac4
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5ec1c63da528c9f59034de145861f95ae
SHA11c1d8c9892ad306e0abff24cef033d6011d27a49
SHA256dfd97b111093333bead46689c65bbaeebabf5446e7e656663c3908edc9f2d200
SHA51257eef5be14f244dd15eb9dc9918eb681260260282a52f072b5d5a6d5d508e077f2769e8385471d7463a67ba8cc01478d6c1c395c13838c3e9c813656557fe33d
-
Filesize
14KB
MD53adfe78d0da050474d1f0000481220a3
SHA13d5111ce22446c4fe96e99f8b1cd8a82845cf299
SHA256d186ed1cf6e5f8d05c36c46808e4581c48182b5b7734ab9e761631edbd227185
SHA51270eee6d0f39bda1521842d60f38ecbb1490d9605d4a35dd12a02e480b5c73606c5b904dcbc5ca29715580b6b33b1d44717ddc7f3c852cb66600f6d6894f97ad0
-
Filesize
36KB
MD515c2da45b7e98251eda021af2c45299f
SHA11cf53a6e7ac8a36676dc7aee5d4b4d67f25ac583
SHA25617710187f9bc2731909a200e5d858b8cb3ca3e14b8f3b229f6fc6548fa134b45
SHA5129b66718364ed9ff240a6063adf3f0bff9d057689650244f8fc5a76c5ed5ceaa6b06665c2f820ce958d7b264265fa940c7b771c738a20afbfdd9b2866f40b0009
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD58c966d91e1e9ad7c5fde3720ce079e10
SHA195adc2f1842a414087fa945fab264546e17452ff
SHA25604f79dbd15a6583cf6855630c73de81c604c520be5d8e720e7b80c5d56901336
SHA5122e9f8a9948bcf1483445df87ad4ccb92afd105f867affa043e41dfaaf1e70b94570f7eca9f8ec3b21fcbe0c60aad52a0961f836cb3c668eb9b84f09d487166ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e54f.TMP
Filesize48B
MD5df94a43e0f5302e1dadf63b127ca3d74
SHA115bca9ae219cb7e881b19138b37aa5cad8b95443
SHA25626f4a212ed3aceb886c64b5550410279d9e2207c9da0deae88451e53817f045b
SHA51235864145dcb88fff051d44cf5bd27cbf5d4c4846b086f8e7159023e0ad1bf09dc2aebe53abe6706647db4ecb9287937761cdea194a126f1a2a1826a38107f720
-
Filesize
4KB
MD56386f623de3759a5f6073b3dedac4d78
SHA1a26d4ccc7a32c1c5350abdaaf50f11fb57f74262
SHA2569a1470e2247d23ed519612cc4d09a7dc46fda8f557a9686eeb62d4892fc52642
SHA51298ac4eda36e160ab4b13906b62671b5a677136e3be4321e2ad5b04d911a408f2086b62e8742a8fa91eeaf114d715157b9072300a6a84f2605ff2d4928e9a61bc
-
Filesize
876B
MD5b81d1f4353d08f9d315e315b673d3afd
SHA1df87e28821cb0d88325e33e37628c64a22eecfbd
SHA256b39d6d052c607feef5e95518460837c326391175d72dd0cd6ca28b786a9f8280
SHA51220ab3a05530a5b6739dc900b8326570866a2caa64feb540bf346c4fe4af1fbadfede58ef690f2206b8e2d39f516ae18b2991eb7a1bb47825bc70c86a1faeeca9
-
Filesize
23KB
MD5209129472dfdd1172a7418b94aa09e29
SHA129c1eca9dba0fc8d42319e46b0032f4ce5dc4729
SHA25655e36e1deb2413c5ea96fe9fe650aafc9e92e152cdd8ab80495273c5506d496a
SHA512e413c20f7ce852db1e457c79c0ac5005ae59c6aad6791d65f85c4bc187371cb1ccf9c5e9319af92730daafc266c293dad5af965bb1d46376533b2cd217cd418b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe586a7d.TMP
Filesize467B
MD54bc775ac9a0ed46fddcf4b00ccc58114
SHA11b5dd1a28f9e5f2565f8ba4343f956234053cc7a
SHA256101459744c9eb3e5319b983223be34286560fa2c453313b7ab3b69405ae2b2bf
SHA51257eb4d081cdaa624de938aaba0c6e3b3b9e961d4e2bc9bd5a0c7fc05ed7ea5d2f5e6a48a79fb60b38a64ac93cda8b0307bdfbc839824a99776ad032e273f83db
-
Filesize
22KB
MD5f768bcb451a187c18099961c484eef8b
SHA199472c2d1918ea56c632734bc5c8a89ae6d2551c
SHA256d988156066b7fd22de278fbc96759d2caea6552094ffeb2ddd9307806059c5e4
SHA512a4d78de6bcc1e940c466c41c31ee100235b32fef4cb3e7815a9c62dfae1eb3e4588d2c9e8597152ad7754527643c59ea8b811277ac58e4134a3dbf1507fe97bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe586b77.TMP
Filesize3KB
MD5904e6e94a1d46374c8630cfd86cc729f
SHA1e1d9c3f7813878acc6510d48d95b2bf48b2e1a0d
SHA2568b2e057387e9714efef3580a36459acf56aab53c806cd7d7dbb6e17cef977ef9
SHA512081e2a26252860ff8d8f7a9d0378ae56f0cc50574d13d2a121afdf74284963747ef874a4d73b1df7774cd8570972f4f513eefe0a0325fd088556d5b1ba946712
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
Filesize3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
28KB
MD55553ff3adde48492e741458f87f97ece
SHA1e5a7ace7fb3c77b5841aee755eb17d4893de5996
SHA2560da7041dbf4cab1efcd4c17ce79b225b66662cd9d6a3e082265677e3294a93ce
SHA512ec160a496cd07beaa3b7a577dd366e34d11d25fe0c143bebf4a0ade099e0aa2c8fd01b0a2a38b6d6ce66a393434e3cd32ed84627446bf123c6ae0462b2e2dd39
-
Filesize
37KB
MD55c790c5bc4d7f06fd5a2baaf5fcdb7b6
SHA1252b3bb518803d6a7f0e80e5d6f327b10ad15d92
SHA256fc6c8f8448dde36b5c9542ad353c894b13448314bd90bc6ce0a51b6d7b8bff59
SHA512419b35ad7e80c0df6c8a53164b033599b1b22b1094cae52179d271a2a7b3c1e27733189a262489b23200f1a7fe443c0b5d0282d2bf32603f98c3c99d7a99d573
-
Filesize
7KB
MD55fb054048f628a551c1adcaef6ec5d93
SHA1bdf84a4416f46ed81e1a4d31cc9917b4c21af69c
SHA2565156895eeda79398fe85b04a67fda39f91ce62ca01ba4c19c1ed3a8fabaeff1d
SHA512b0c330f2901c119355f73d608da14b3f1281204f4c4b34a164e4ec1a3013fe2d019eae87ca01f0a8311b6a95a1b3b12d9371f26bb504b2071235153ff8a2a9fa
-
Filesize
7KB
MD562ab7df48d65aac643c8dabc18f8b69f
SHA1c0ed260877d646f9a64ef26c1122e606166f40f6
SHA256b87c8c27cd8fbb4e11088eed3d335d3f65282991fdae3c70eb78cd02a0470bf2
SHA512418a00a918b187c6cf9e2840f3e4460f162342848122d604dbea638d430781e5e675d68cc1b26c66f79cb3cb4f065bddd06ee94ed35eeebc4b0b827678c1c719
-
Filesize
8KB
MD5f65eb9d3800883a184057024da35ce70
SHA1c8f62f9de9a00c010df72535c0be1ee1cbc963bc
SHA256eb7f025c3dac330dab8f1723093b26c63a8e700c362583cca75420b3d0f3ca77
SHA5123b6b77bd5f7b20f076f7450b3bb8a6e523778e079ce791c7106c6a970eeae6c22423dc5f38087dfa992cc054a85087c910c41e0aad0f85a6e48160345b2afe42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
Filesize2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD562f10b05737a20a980bd9be1d6d199b3
SHA1186d6b4bab65f9a8a9dfecb88a96a26edc6ea80c
SHA256435682481663e5e2790b1287f3400fd106b3bb26fd9c9aa86ae282bfc53197b6
SHA5129835a8f8039ff270303166ef56dc718812fdfead8c226239cce7e3e3a2ee739aee65f4c7e7c28a4a2545793beadccfc432b0d95cf1c41b2c88ad2bbb29d63fa9
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
13KB
MD5a88baad3461d2e9928a15753b1d93fd7
SHA1bb826e35264968bbc3b981d8430ac55df1e6d4a6
SHA256c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af
SHA5125edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a
-
Filesize
4KB
MD5c7ce0e47c83525983fd2c4c9566b4aad
SHA138b7ad7bb32ffae35540fce373b8a671878dc54e
SHA2566293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
SHA512ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
-
Filesize
1.9MB
MD5fe83bf8c380b208bd7738ac0d5645962
SHA1fd83745c0f286d9b2b43316ac9ee1d14459b47f9
SHA2563f6b1e16842b9ac03cf2aa285ce812d1c526f610854b7e110ac1b4625d55ecf6
SHA512217df4fdf9e9e3c4b525d00c7c680fc77c63a52817c53b59e5f786eda68b766a8068e44c04c74dc8e695711051d59097c4c2b35e9f1eace38a5cec4e7530b2d3
-
Filesize
167KB
MD57bd45e3280288dda6fd602031e2066e8
SHA1db4d49155de06f6a10ae50c01c612e4d998547bf
SHA2564346de72fee6dbe8b74218d8d9550395bf7f26634eb026ff6359fa0f855e9a4d
SHA512a3a40b878d46531127a55550c807e6a17374d5d52bd645ba6b61fc0ae551d348247c4d4969c32e60b7bdad7ce1b3167f3d87b4eab2746ae305f182d4084c09d3
-
Filesize
110KB
MD56b2026ed4da8d06fc782c5df14bcf4b6
SHA1a9d4cc4b5cd36e756a30f07d61c6674d453c8bdc
SHA256d25f7dd93e67f584a1757a72c975b19fedf7542035ad9afb8cb3c5b9f72f2284
SHA51289d13e0bf6dd5a933194e7fa195f79e6e5d1f8256fde88588ca888dfe62371a89bbd06a20a9fd5f1cd5caad5f39c08b1d99642a91134163037972459c24412f3
-
Filesize
6KB
MD57fc4723bb0a4118e5f91047021d1aacd
SHA1092a321a21d802045105ecc8cd3c9d7d2c6da923
SHA2568f9bfeebfa3b070b116de61a63271b6c25af0dbb4bbfb4ae73e334d1f8517efd
SHA5121fe86533987ff1c4d446b231dc1ff2c3bbce224ae91b73ffead539f08740bfb06d2f40f1aedf0571106dc4e12eec27aa32018c2bf5361b7488c07b4d90800f02
-
Filesize
9KB
MD54ccc4a742d4423f2f0ed744fd9c81f63
SHA1704f00a1acc327fd879cf75fc90d0b8f927c36bc
SHA256416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
SHA512790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
Filesize
24KB
MD52b7007ed0262ca02ef69d8990815cbeb
SHA12eabe4f755213666dbbbde024a5235ddde02b47f
SHA2560b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
Filesize
194KB
MD50d1d780cd2d8445c4718d23e8f2551cd
SHA1348618b28381aa43b1696ae26325a02e27c51c60
SHA2563c4307e83e3264571a5e5e80e01da4d7bce98f0c9e36564b10ff21edbc613330
SHA51202776fbbd10556d4152660440059eb29358103e1ae71df289ef0ef11f66d9bef4053813553a4fea71af427ae866e5c6222693b3e5295be9592827b073f592e34
-
Filesize
156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be