Overview
overview
7Static
static
7JaffaCakes...52.exe
windows10-2004-x64
7JaffaCakes...52.exe
windows11-21h2-x64
7$PLUGINSDI...rb.dll
windows10-2004-x64
3$PLUGINSDI...rb.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...la.rtf
windows10-2004-x64
1$PLUGINSDI...la.rtf
windows11-21h2-x64
1$PLUGINSDI...ay.dll
windows10-2004-x64
5$PLUGINSDI...ay.dll
windows11-21h2-x64
5$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ML.dll
windows10-2004-x64
3$PLUGINSDI...ML.dll
windows11-21h2-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$PLUGINSDI...ry.dll
windows11-21h2-x64
3$R1/$_1_/U...ll.exe
windows10-2004-x64
7$R1/$_1_/U...ll.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows11-21h2_x64 -
resource
win11-20250610-en -
resource tags
arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/07/2025, 17:34
Behavioral task
behavioral1
Sample
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
Resource
win11-20250610-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InvokeShellVerb.dll
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MoreInfo.dll
Resource
win11-20250610-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250619-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20250610-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win11-20250619-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win10v2004-20250619-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ask_eula.rtf
Resource
win11-20250619-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsArray.dll
Resource
win11-20250610-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20250610-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20250619-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsisXML.dll
Resource
win11-20250619-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/registry.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/registry.dll
Resource
win11-20250619-en
Behavioral task
behavioral25
Sample
$R1/$_1_/Uninstall.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral26
Sample
$R1/$_1_/Uninstall.exe
Resource
win11-20250619-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250610-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20250610-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20250619-en
General
-
Target
JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe
-
Size
1.4MB
-
MD5
1c70bab0ffbbf03ae6d4f95c7454a052
-
SHA1
1252d6446868fb48946de8ec01ee8fa5bac80d14
-
SHA256
4dae9f99e0707d4e175ea846b23f32ef5cb63d055fc8ee30b35099783f0cc869
-
SHA512
7bd4e4b8ccc59645dd5d23b0eb73b64513898e70d719caa464fade70c91e3519d80f92f0ed050b7bc3d7c9ca2a1f2da2f19e10903ca57de01da1d64781fcb688
-
SSDEEP
24576:L2KqYz3utEROE3cvWt9xkAzb8cQlE++NHXYNoPfSk:pD/OKc4xXz6F+iNoCk
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x001c00000002b19f-54.dat acprotect -
Loads dropped DLL 9 IoCs
pid Process 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/files/0x001c00000002b19f-54.dat upx behavioral2/memory/5728-57-0x000000006FFB0000-0x000000006FFBA000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\jZip\log.log JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\128.png msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\zh_TW\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_834322335\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1520333538\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\edge_autofill_global_block_list.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\offscreendocument_main.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\lo\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\gl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\nl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ca\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\zh_CN\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\cy\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ta\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\sv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\zu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\service_worker_bin_prod.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ko\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\lt\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\tr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\id\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\pl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ro\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\km\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\page_embed_script.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\sl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\th\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ar\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\en_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1520333538\deny_etld1_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\autofill_bypass_cache_forms.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\offscreendocument.html msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\fr_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\pa\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\da\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ur\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\zh_HK\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\es\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\bn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\kk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\en_GB\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\kn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\v1FieldTypes.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\manifest.fingerprint msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\ms\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\gu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\hr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\be\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\fr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\te\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\en\messages.json msedge.exe File created C:\Windows\SystemTemp\msedge_url_fetcher_684_1428626375\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\hi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\mn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_834322335\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_1070143267\regex_patterns.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_606528645\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_615991802\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\uk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\fi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping684_764584570\_locales\az\messages.json msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961240805321819" msedge.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe\IsHostApp JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2340264150-4060318110-2688614100-1000\{E1E76B72-44D1-4D3E-B530-B35F2F18D3F5} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2340264150-4060318110-2688614100-1000\{D5A0CF24-8597-44F9-9FB1-A1F204383393} msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 684 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5728 wrote to memory of 2612 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 84 PID 5728 wrote to memory of 2612 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 84 PID 5728 wrote to memory of 684 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 85 PID 5728 wrote to memory of 684 5728 JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe 85 PID 684 wrote to memory of 1076 684 msedge.exe 86 PID 684 wrote to memory of 1076 684 msedge.exe 86 PID 684 wrote to memory of 5220 684 msedge.exe 87 PID 684 wrote to memory of 5220 684 msedge.exe 87 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 4820 684 msedge.exe 88 PID 684 wrote to memory of 5608 684 msedge.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c70bab0ffbbf03ae6d4f95c7454a052.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.jzip.com/terms_of_use.php2⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.jzip.com/terms_of_use.php2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x36c,0x7ffd5845f208,0x7ffd5845f214,0x7ffd5845f2203⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1760,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:113⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2484,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:133⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2100,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:23⤵PID:5608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3392,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:13⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3400,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:13⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4172,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:13⤵PID:5432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5036,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:13⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4680,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:13⤵PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5204,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:13⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5140,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:13⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5560,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:13⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:143⤵
- Modifies registry class
PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:123⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:143⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:143⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6976,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:143⤵PID:4464
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11404⤵PID:4260
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6928,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:143⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6928,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:143⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7208,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:143⤵PID:5644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7204,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7472 /prefetch:143⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7484,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:143⤵PID:348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:143⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7064,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7364 /prefetch:143⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7108,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:143⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6232,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7364 /prefetch:143⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:143⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7184,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:143⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:143⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7644,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:143⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7256,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:103⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,13545320579499916001,1731640873491073682,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:143⤵PID:2576
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:3392
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:1184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:5528
-
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json
Filesize146B
MD59357a694006d8bec3d0f8c9607b76ff8
SHA16335ce691999ec10de742cd07d074eb648631259
SHA256b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44
SHA51287c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json
Filesize5KB
MD5adb5f6058f82680a26d6ed02b44e5a21
SHA16197ee74e40c742e184357dcb6dfcc7e32818cae
SHA2567655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050
SHA512742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5
-
Filesize
509KB
MD5c1a0d30e5eebef19db1b7e68fc79d2be
SHA1de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a
-
Filesize
280B
MD50a40cba33c068849a0319b807a59601c
SHA11997a675e36dc63380eff92e71b5639847b1da5e
SHA256ea865b10b30786c6016a7efc41df7302e6154f46b90d68fb661cf3223daffedc
SHA5129b28750aab20cff89c29df07f37f47430708be9fda1d02d23898d53959c86a836b2cf8d6325c2e42a89f68cd48bcd946f8beac2fa46aa95c2fa115907b7ebdff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b7188055e02d141f9c45a086eac7bb7d
SHA127444122edf9ef642ef5bdcf0c8890aecc0566c3
SHA256a563edff52075fef6d972b90c1e1c2518df667508f03079bdba3aa0e21a8cc58
SHA5129873035d2e55cc60247f11d377f6c83e65298cd9d088fa731009f1927282efb61630c6f035ddc495d143409d557a32106d2dfd564ca7b271550971a8291cb900
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581cca.TMP
Filesize3KB
MD58de69417a670c9f49e99196835ca71d0
SHA1943cce2b2d0c892f9568a40b7e03a26c89bf4d46
SHA256e070f591dc808142a46d093974060a09754a29e918c64abe9ab084cc9c2ca314
SHA512c3fa2c0092a898e0de878879056ad016bf9949f938d388cd0c1bcddfadae8cdd8350f4e18c4bae1268324637028126ff89e831255513552516dd53803b7841e5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
3KB
MD56cfad45ef108b53395e869f72a7e2638
SHA12bf5ebcf1bf8fc754656c94dad96fdbba2ce75a8
SHA256f244950786d5e9c5816e4cc291be8a1e47b9a9689600e54aa5b998b6ea28547d
SHA51269f81961e66fb7d48fe3bca397d9d3483823d36282fc09b1770aa885c0c21e7095fa28b64fd57d4d2cdc55ba3d0b81a2518ef343717bb6a672e46930f6ea4489
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5438d8abc00e24955beeae5c4888df413
SHA1d7a768d9906ccba9f3ad5ac3696c408bdb3a3093
SHA25659cedf6d3c9a8723be0b2809db5199bf92c540be0b6bee43f5b704d70d11805f
SHA512be9e7e4546402e0c1779a519d5f67231adac4c3903634383e209d5ebcbe00203d7d60dece8206c2ef4903f4025fda07cacbc73c030432bb76262ab8d0f8b0aa9
-
Filesize
16KB
MD5c6c14deeeaabb818d1b924df6e8b3b13
SHA1b32aebb1c49ccfcc08ec6bf9c513007fe6f47850
SHA256aaef9e432b058bceaa21ef2c7f9a7c55752d8ec79e551b7f18a1266b8faf520e
SHA5124492027dd9339b6dd73f453c7cdc895b94910e725d8bca68a787599a914a0e8c10ddb63c95fd4a00fda18899995a650738d86c9522029b9ab761c2d061490de6
-
Filesize
37KB
MD5f46d1312c4dfd2c5c9cbaa39d3f528fd
SHA139bb0b85700a0b747e65768b16deb9d994d132db
SHA256340ac72d6ef6f56304bbb5330bc046835c972cde40aa879f82b6fdf4730de30e
SHA5129bfde123862fa700a0e33a8d462abe9fd4e5aef3c153714e3171f870cc278de4e867a1ce953d3960d77427b01e6a6fd3d43074062600ab69cff7974f5cc0a9d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5fb0dda38f2d78f2722dcd4db2cf8a3ff
SHA1356c5dbd84eab204009a4d892789282e09a5ba26
SHA2564ce692113c7d00d4ae0838c557c6f85cecd1654681b1cf716e1a0a78424382c2
SHA51291013d5e2afa69c8a92a241334272c2b5bcd9c6ccf4503fa37cebc073731dea1c542c7ae046e3f38e67be9ffe864618f3b6999893dde580d8c795f5687c28697
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581690.TMP
Filesize48B
MD55ad8e9e12ba2f5d1d4f9e3335afde846
SHA1e90f3f71a5cc317e8ac15206e9998174482ade5a
SHA25605d50f4f79290b3991b2e18ac8e7b82fbb0af340e68f21654450e349722aa52f
SHA5121c88e02905188cec919fdca8b3415f5b97e0fdaa29a52c3d5d433f7266fd7e1efb6063291da013680af80fd09f983a6340272afc461c3dc60e231d616972f1ae
-
Filesize
23KB
MD58388c1db41613ef6b8258d4da459f0c0
SHA11b2fa184151b23f3df436033ff0dcb8e73b75773
SHA25661e60c450be8e29a9cebc6b209b841b461685369e622786f560584efff489145
SHA512ca8d040cdce94d5935bb4c083968b21a7213aa2cf60775830ebd149d5ca1772df47bf2fadbf98c12a214ca0cd3aa94fd3c4d0963dd2d7e0230714cf19d345df9
-
Filesize
137KB
MD51bee2c36cebf096d8a559d5c4eeacff7
SHA1c695eda67f31d729dfc336b8a471ad6346a39031
SHA2565e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999
SHA512ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5
-
Filesize
462B
MD5eb87ca16416c4a54c4338c079eca6aa5
SHA1518fdb11a9bfbff0fc0f7cf121b9b5a8e989bbea
SHA256d6239e1b4656ec7b31c8a014e8b32a04536e655566b088a1bc58cb1e330870e9
SHA512876609b0c973de7f7074b2047981466443a43daea2924b8641e9eeb9aa4cd1fb054c333a89eccf092b9b4275d74369c69d402871136ee62fbf5a2a4f887d0263
-
Filesize
50KB
MD5f9874ea24271c2c87dd1e8207c2e7179
SHA19df3033aa31e90b50f89761a51a32a86146bcf80
SHA256fc09c71515fb9d78f18270ab1764a56dbd10ef0929a70e60d3798ee556a38806
SHA512889c0da31066bb24dcf7ad1486f4bde85222efce599013843e803f0410dc3e4dd211273bfded13c6f1feb139f7efeabb6e47dc54dbeb223a147fa33670cec1b4
-
Filesize
38KB
MD5ca4ddba46b5afeff8344675515c9f343
SHA1f52cd12cb0b80c47d2208355151364b451e10478
SHA256eac2b723fe0a123ab0560772cdb1d16d7410a8312b6f8a9257f2564e372e9039
SHA51258efe5c67bc7bbe1f4d6d1669149b37a6c792cc77ea6db8632785ba97dc74a550cb90017c1e4947742e844f981e47e1f6e3c35b12215d64119af1890a912c7db
-
Filesize
38KB
MD5d9907e3cff5ea47c2b9c7ab5bf0031c2
SHA1840fe0665da66dc44e8244c25fc7151ea9192e9e
SHA2564f8b505f8522eb29921f8abd0bc71631623c24d25c7570d444ecb7bdb2a0195d
SHA51288d27898ab9c643c76366cd8989bfd5e6524bc5e6993dca519a6dd9dd4dfbddc95e53e38ee8dbed3fb6f72191389209cbe97a27033a4a5979f8f7ce9d164a2d1
-
Filesize
39KB
MD513d6188cf2a79e6f4bb95a56520ab6a1
SHA12121af3508e95b398cb8ace7999be965ce7f308c
SHA25664a343ff7135b1ed4a1697eabd134dcb0fa6ea3c4cc860525a24252698f1eb1e
SHA51251275703c0151ee53f7623c1b8b28792ab241568a141db90a3415f0b372b8454addc0266d23e03e6e1a29b7bf33001ddffe2487789a9718977934ef641a0a298
-
Filesize
45KB
MD59da5a69cdadaba9068377221165a5ca9
SHA1f9a7544d85c1ce425cbb8d7ca42574d52f5af424
SHA256995ffa89c73950649648d793fec84aea01ec5929b17727f42b4b1a45e4c5c72b
SHA512b29748ac880a3c6fe9c4ce0551e3b7baadf28a435aa3bf7af56e7b57f4338a46c3e615c270f69a5c2c18feba604fcd407f7c3e1297063a8544cae8157fce36b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
13KB
MD5a88baad3461d2e9928a15753b1d93fd7
SHA1bb826e35264968bbc3b981d8430ac55df1e6d4a6
SHA256c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af
SHA5125edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a
-
Filesize
4KB
MD5c7ce0e47c83525983fd2c4c9566b4aad
SHA138b7ad7bb32ffae35540fce373b8a671878dc54e
SHA2566293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
SHA512ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
-
Filesize
1.9MB
MD5fe83bf8c380b208bd7738ac0d5645962
SHA1fd83745c0f286d9b2b43316ac9ee1d14459b47f9
SHA2563f6b1e16842b9ac03cf2aa285ce812d1c526f610854b7e110ac1b4625d55ecf6
SHA512217df4fdf9e9e3c4b525d00c7c680fc77c63a52817c53b59e5f786eda68b766a8068e44c04c74dc8e695711051d59097c4c2b35e9f1eace38a5cec4e7530b2d3
-
Filesize
167KB
MD57bd45e3280288dda6fd602031e2066e8
SHA1db4d49155de06f6a10ae50c01c612e4d998547bf
SHA2564346de72fee6dbe8b74218d8d9550395bf7f26634eb026ff6359fa0f855e9a4d
SHA512a3a40b878d46531127a55550c807e6a17374d5d52bd645ba6b61fc0ae551d348247c4d4969c32e60b7bdad7ce1b3167f3d87b4eab2746ae305f182d4084c09d3
-
Filesize
110KB
MD56b2026ed4da8d06fc782c5df14bcf4b6
SHA1a9d4cc4b5cd36e756a30f07d61c6674d453c8bdc
SHA256d25f7dd93e67f584a1757a72c975b19fedf7542035ad9afb8cb3c5b9f72f2284
SHA51289d13e0bf6dd5a933194e7fa195f79e6e5d1f8256fde88588ca888dfe62371a89bbd06a20a9fd5f1cd5caad5f39c08b1d99642a91134163037972459c24412f3
-
Filesize
6KB
MD57fc4723bb0a4118e5f91047021d1aacd
SHA1092a321a21d802045105ecc8cd3c9d7d2c6da923
SHA2568f9bfeebfa3b070b116de61a63271b6c25af0dbb4bbfb4ae73e334d1f8517efd
SHA5121fe86533987ff1c4d446b231dc1ff2c3bbce224ae91b73ffead539f08740bfb06d2f40f1aedf0571106dc4e12eec27aa32018c2bf5361b7488c07b4d90800f02
-
Filesize
9KB
MD54ccc4a742d4423f2f0ed744fd9c81f63
SHA1704f00a1acc327fd879cf75fc90d0b8f927c36bc
SHA256416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
SHA512790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
Filesize
24KB
MD52b7007ed0262ca02ef69d8990815cbeb
SHA12eabe4f755213666dbbbde024a5235ddde02b47f
SHA2560b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
Filesize
194KB
MD50d1d780cd2d8445c4718d23e8f2551cd
SHA1348618b28381aa43b1696ae26325a02e27c51c60
SHA2563c4307e83e3264571a5e5e80e01da4d7bce98f0c9e36564b10ff21edbc613330
SHA51202776fbbd10556d4152660440059eb29358103e1ae71df289ef0ef11f66d9bef4053813553a4fea71af427ae866e5c6222693b3e5295be9592827b073f592e34
-
Filesize
119B
MD5390af74c5ae643320cad0cef4fa8fee1
SHA122ce727f9bcff9a914eb1d58ba8384de6fbda7e1
SHA2561148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a
SHA512deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a
-
Filesize
176B
MD58177721150435a9b333475e2b8a6e691
SHA18aa8981617e8f3d8967a0a4a2d20315317eba293
SHA2568a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c
SHA512540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74
-
Filesize
53B
MD5b4d869dd7052d78d29b3e439565f1600
SHA1caa2cfa31729f4348a02514eba0235e72b88ce5a
SHA2560f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c
SHA5121fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
84B
MD5e0909520982fc48e47a6451443b11741
SHA10e46425274933c153ebf5a03f25e693267a8cea2
SHA2562e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA5123fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8