Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20250610-en -
resource tags
arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/07/2025, 17:40
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll
Resource
win10v2004-20250610-en
General
-
Target
JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll
-
Size
239KB
-
MD5
1c72367957ae0f222df760a6dc3dd540
-
SHA1
348efcfdfc50737007890d89be7bb7819b1a727e
-
SHA256
37b2f911915b4612170cd6d0e60a6c82ec6cb375c4e309f5f788531d724a1470
-
SHA512
dc966cee81dbaee76708abb21ea91889066fc8fd9c2b3ee0527110ba8c870fce6606727b2bf445ca5464cc9baf47933fc04a32e88e325a8e19009889ca23742b
-
SSDEEP
6144:7gmoADlSUSWIlbuks3mGvnDpNohzjCULspwAz06:7BoADl+lbuk492ha8sq6
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 6024 rundll32mgr.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
resource yara_rule behavioral2/memory/6024-6-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-8-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-10-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-16-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-15-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-14-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-7-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/6024-12-0x0000000000400000-0x000000000041A000-memory.dmp upx -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\offscreendocument_main.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ml\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_CN\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ko\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\tr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_HK\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\manifest.fingerprint msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\dasherSettingSchema.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\my\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zh_TW\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\iw\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\data.txt msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_211788825\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ta\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\it\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\da\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lo\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fa\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\lt\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ur\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\es\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\bn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\kk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ro\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\si\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\mn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\deny_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\deny_full_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\no\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\pt_BR\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\el\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fil\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\service_worker_bin_prod.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\page_embed_script.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\hi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\gl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\fr_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\sw\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\de\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\id\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\ja\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\az\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\km\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\is\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\zu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\af\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_803047062\sets.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_212782471\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_340603208\edge_autofill_global_block_list.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4472_1648884921\_locales\vi\messages.json msedge.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3820220942" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31190297" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" iexplore.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961244440755613" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-903960561-1545645218-4290906778-1000\{83809A7F-4FF4-40A5-8823-519D20E7E247} msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 6024 rundll32mgr.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 6024 rundll32mgr.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4472 msedge.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 6024 rundll32mgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5720 wrote to memory of 236 5720 rundll32.exe 81 PID 5720 wrote to memory of 236 5720 rundll32.exe 81 PID 5720 wrote to memory of 236 5720 rundll32.exe 81 PID 236 wrote to memory of 6024 236 rundll32.exe 82 PID 236 wrote to memory of 6024 236 rundll32.exe 82 PID 236 wrote to memory of 6024 236 rundll32.exe 82 PID 6024 wrote to memory of 1212 6024 rundll32mgr.exe 83 PID 6024 wrote to memory of 1212 6024 rundll32mgr.exe 83 PID 1212 wrote to memory of 4472 1212 iexplore.exe 84 PID 1212 wrote to memory of 4472 1212 iexplore.exe 84 PID 4472 wrote to memory of 4152 4472 msedge.exe 85 PID 4472 wrote to memory of 4152 4472 msedge.exe 85 PID 4472 wrote to memory of 876 4472 msedge.exe 86 PID 4472 wrote to memory of 876 4472 msedge.exe 86 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87 PID 4472 wrote to memory of 3432 4472 msedge.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c72367957ae0f222df760a6dc3dd540.dll,#12⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:236 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:6024 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://go.microsoft.com/fwlink/p/?LinkId=255141"5⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7fffa60df208,0x7fffa60df214,0x7fffa60df2206⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2824 /prefetch:116⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2776,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2736 /prefetch:26⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2188,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:136⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:16⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:16⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4800,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:16⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3672,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:16⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5436,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:146⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:146⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:146⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:146⤵PID:2520
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11287⤵PID:5796
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:146⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:146⤵PID:5164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:146⤵PID:248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:146⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:146⤵PID:6824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:146⤵PID:6832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:146⤵PID:6840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:146⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:146⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:146⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:146⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5552,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:106⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,17568175531475325797,14042814733327010687,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:146⤵PID:2212
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:3392
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:5940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:1292
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json
Filesize146B
MD59357a694006d8bec3d0f8c9607b76ff8
SHA16335ce691999ec10de742cd07d074eb648631259
SHA256b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44
SHA51287c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json
Filesize5KB
MD5adb5f6058f82680a26d6ed02b44e5a21
SHA16197ee74e40c742e184357dcb6dfcc7e32818cae
SHA2567655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050
SHA512742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5
-
Filesize
119B
MD5390af74c5ae643320cad0cef4fa8fee1
SHA122ce727f9bcff9a914eb1d58ba8384de6fbda7e1
SHA2561148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a
SHA512deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a
-
Filesize
509KB
MD5c1a0d30e5eebef19db1b7e68fc79d2be
SHA1de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a
-
Filesize
280B
MD5017bc3fcd328486192fd0c7082796709
SHA18cfba6809f90567fdffd047fdfb707682a7d0595
SHA256c4278254cc16ba1099967b98859236cc3b690f4824e682cfab43169fcb06a336
SHA51273fc2778be9284d2b28c9489a216b3d2e454920a36478f72640bccddb03a916c1653964d008872edccd42b6c5fe11f2c2b843ce90f437e5ccbf7490645740363
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
22KB
MD56f90b9ba6e745fec95b8a14a7601f532
SHA1a0419fda5778793d0425b164082f5db80c33c5c7
SHA25656d475b6b40a1e92cebba05bc70bc5e514ad96e8fa4151f020cbd87f8fc5a888
SHA5124d1b61c6df966fe76ad8e6d57e599188f96d5992bb8d0ecb75c113474250eb42d336a747393ab81c1f361deb954f814e2a535edd8e3bb91eb4c2a7b33f979ab2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5bfbda807e8c4ba75dac984ec59bd2c4e
SHA16a7ac758c98542a373b91dab645d5843b72c0715
SHA2560700a12356f56665eb117a8baab58746373897dd3d1cd842daf5c28c1ec9215e
SHA512131edd22833f3ed2fa1e96f988b3405f7cf681fc4654bf46e096285a48c51af8ddc902e0b54965ef3368b8ecc8a84dc08985a27ab04a353d3b6a65d79eccd59a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582333.TMP
Filesize2KB
MD53d6a0d699d2f04f813ed6f500caf2d33
SHA15ddacf490acca9831fb6eab2467dbad337a92c66
SHA256ead61149017eae98b37254ee86eb7699b128a8bd63288300694a089ee07d4cb0
SHA5128a896d1c18b0a983a1593e9edd758d3b3198fa378fae3048dbed20e7ed6ee672d5371b56d11752ce75d73bfa7e080c14d18ab624c609b70c8ed0b7d06f3ee590
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
7KB
MD51aac5b5f1b8e3f7f0f762c5789caceda
SHA155c34ba98602d833ac9d422e12dcf840993fccfb
SHA256c6e0c3edabf69b85fbc2f1a8635ff32bf71a4f25769992a1a33c815833d9ea9a
SHA5125471b5fa46962bff3bb701406376a9fa2de3f1735503c52592c6b8e0bdba9a41cc34731de8bdc7044b8da63613e47c622dde846b05c60ad660119ceb2776a6ff
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
17KB
MD5e3ef7396cce0c79aac0f0c6811f42ec9
SHA110a0e8e148f0e19d81e578ec4b4612417d86ed5d
SHA25632ce1e5ab16c4dd64247732c14c3f341a1336b7690a61609339258eb6d7d80a1
SHA5122fed0c9d2550ab4e3503ba99b18c2b393a5ac0b5ea43eeb753fd28f2d91e800a8391be4be53209a116c489fc4880895938b0953a34d2e2e5cf3fc8f177e064cc
-
Filesize
17KB
MD524384621f949fcc204ce0d701ed15e23
SHA1e482103533ef19c65756d68e6652e57ffa49d164
SHA25631da6b846a494adcfd23782a634551e56599169dafd28528a362f1711221d271
SHA512ede782e742854f9cc8e595a8d5c9fb9cbbd6ee1f9163247f9dfe6a9e54d9a67bda0d22c81f616825f1088c9b1e8ae2998c8ef84236d63602d2d4c0666e098fb6
-
Filesize
37KB
MD513af00393a62342421c975f1b225f534
SHA17bd10abdd14323afe94d0c678fbe4a994f7b8748
SHA256a0c4d9d5064b5e08518080091b95d0dd2e830d4d26e3b43b02b789e11588d083
SHA512b029fe734134a51f21f561ea39c40d7407f317c66ac4a7be4401ef28f5a1ede2403ffa7a07c9df7f698f5ece62f34693770e81382b8b579297ae2bc12060be73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index
Filesize9KB
MD50763cac2ce1445535a955823d3dfd745
SHA1234dc0bf92edd9a755f4ae9585f6f232e126597a
SHA256a75e46dc5c474cb70943cbc7aec2fea56d1b59ea5b30921ac8a0bbc5cd3d8bf0
SHA512b06c3c1084b059f6e89c2d14b82d5f26e0f536adb41cb31e462ff3f3e0584ec7da4b8fb099b10c8b51a2f59dce99a859823780620594feebb7d5cdb7e43c3516
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a6b502f4-84f0-436b-b950-b62e4bc1623e\index-dir\the-real-index~RFe584755.TMP
Filesize48B
MD5dab7cb4aeaab9e07093f96e9571972a5
SHA155d2181f7102972477fa1fad1cbef4116b167adf
SHA25656fc7517d6137d3e3b716f5de01794ab2ce15ee90d218d94a28d533154b77586
SHA512dfa41585e4ef9c2ff440b8a163769c79851b3f9861b4d08a0edb652a4e33cb2979522c6c5291dd6fbf16a791cc6d0145290b05124a326addf91babbd0f3a768b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt
Filesize115B
MD507ef38727f304a882c0e9b3d28dd8a0c
SHA1aadd56071a40f182e0a36efd8ef8e89baa8fe5b3
SHA2564ca2755484392d400843166a96a53d89263be04e4043b94daf9f73199b19bed5
SHA5129b64307c76eb7c1a060a5f213dd6df0ea5cea0c225bfd77ca80450692397899dcb5c991d2b06ed83d76d6a70d4d944bc3069cb4fe036694a0bebb1de3dea5885
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt~RFe584784.TMP
Filesize119B
MD5ff9a4345e396d9fe0bed805175e88c1d
SHA114e9fca42e3ac245bfd09e2160bab72df76cc70d
SHA2561161d9fd4b5a56dacc016ccb62d8cd3d1af5819e4d26187cf51f15513052a983
SHA512b61827e16eef4e6ccc610cdedeabf63dac2a77c9b098d6722f4799b1ea86e783ae5d42692c42a0f16ac69198a84d47ef106a003389e40f7e7b541c9af3c24245
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5301ebc676c5e100c278b66206fec5197
SHA14ae84d95ecd231460d5fc4e2f5155be8251fe1a5
SHA2569c91333e7a1b2ea82fc2509d39ed8698e2f402cf445426f532d5bfef0b62cedc
SHA512541812c5d57d2966f7402df48fdb2e328bbfa43cd26737ea21d8dc84833bf0b6465e6984e045405e2196a21385b814208038dd1a99eab8161e9d375f898af133
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f81b.TMP
Filesize48B
MD5319472c3def1821d87d2d77ebdcd818b
SHA16c99b8d7914faaa5ba73fc1cdee3713976d80f46
SHA256842ad02b3601586dc913aad0a3c8e1a8a0987d0b55d47956d5e3c194d096fdf3
SHA51275eb88cf9617463647b82cb1b79044f4556031f2b3e2c42b88ad6bf3b4c4d6625887dcab9cf2178bd1993b12c2e4795772afbaec76b38cf4bebc72a9d186bd62
-
Filesize
22KB
MD52e9de69c3d25e831193a8a5bb89510ad
SHA142bc68ab4a4908fb5c1cb97859bbb1677d4be4db
SHA256f32f839468caaee56165ef6f9e3402a362000b26c921a83f21597c7dde3e47af
SHA5126b2c4a1b9bbbcbb6df487d1a405c805a55b3faf39e371fd60e230ae9af8a721cdc75a099d84cd6b478b0c881e750e0b595bbf485b3ba7210b397d1d39a60fca9
-
Filesize
137KB
MD51bee2c36cebf096d8a559d5c4eeacff7
SHA1c695eda67f31d729dfc336b8a471ad6346a39031
SHA2565e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999
SHA512ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5
-
Filesize
462B
MD5d1e3b61e1182a961abbb0b042985882e
SHA1d087957e5157bc6188e8f45a73c2b6cf3a3d4969
SHA256716f277c30d2175ce3512140c0feeea57451e47e46fef34611bb9e4c555e2dd1
SHA51297a8e90198a695a8b9e6f46db4a8fe6ed780a3230ae111d2d3a775fc0255cf60f2b1dc0c5da45ac99925b317f3c504992c5d31032ee31b68dd8f7d5c79817170
-
Filesize
51KB
MD5abc0c634444f0ea1b18f5b7e7eebaa85
SHA131c11bbfb22015ad7c14c5c28c2b50604e19d941
SHA256901673cd89848600c53e7f34c43dd7a62a85f8be35713be7f18a645d92b37d82
SHA5124b8f25e3394f54275abee3c9d8a5452ac7efb65cda8c656cc3ee1a1d71d197cb34545c922358620b366c030ed4571c1a22d46a2c70a2b584040b3f0d9e427409
-
Filesize
39KB
MD531fcfd9d8652415663abdaf32d3cf139
SHA1c624fc1ea063298fbb23282b1260e08e4215445b
SHA2561685e68b16a013c3f2cc722ea521d555cfb264c1e4fbcc911418c85c264d8baf
SHA512b98ec6febf6eb4ed2009371e63327a44c72ef5ef81b2ab92ed1406d6346603b030e15b564b74a1ab6fbdf6b0af5d7e3c61f3665528677e349e5da589f6445aeb
-
Filesize
39KB
MD52f6e1e1d5ffcb010b1d5930a64dcd35b
SHA1309ec8a9e70951a33050672d4fde0f1a969d08f5
SHA25605d5903e35957f7acb3b4eaee2e82c19b5953db5da9c80b31ba58d8ddcd74f90
SHA51287be952378014d7a71ed354ee9a7746819638a58ff6dddd06885386a4cb8a9c331e9f86cfe229018fdd2404994e1943f198c86c11f17385d9e586ac171e0e5c6
-
Filesize
46KB
MD55231feadfecabdaccf94c7fcc8a0f758
SHA157ba65f87341362835af0ada43c5711e42abc82c
SHA256edef1bc7214977dfea872f3ecb2076d7b402421b892edd20b82088e38f574bf4
SHA512b72272687be13d27ccdb56819c418091d85f4b5dca6f618d2eab6fe18e8894abef50bcc7e17cd2f7286d57ec7dc01d849f769d0e5caf21e518a85e783d4abcc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
Filesize
88KB
MD5a61ea5f2325332c52bff5bce3d161336
SHA13a883b8241f5f2efaa76367240db800d78a0209c
SHA256e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b
SHA512fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5
-
Filesize
53B
MD5b4d869dd7052d78d29b3e439565f1600
SHA1caa2cfa31729f4348a02514eba0235e72b88ce5a
SHA2560f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c
SHA5121fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e
-
Filesize
176B
MD58177721150435a9b333475e2b8a6e691
SHA18aa8981617e8f3d8967a0a4a2d20315317eba293
SHA2568a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c
SHA512540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
84B
MD5e0909520982fc48e47a6451443b11741
SHA10e46425274933c153ebf5a03f25e693267a8cea2
SHA2562e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA5123fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8