Analysis Overview
SHA256
f827af4dc7d3f6ca6b352c4d9e2f65573a386a3285a7e621126cd0b0a95d58a6
Threat Level: Likely malicious
The file 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks whether UAC is enabled
Enumerates physical storage devices
Unsigned PE
NSIS installer
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 05:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 05:47
Reported
2024-06-01 05:49
Platform
win7-20240221-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ada51465156fa4d85707370305ec535000000000200000000001066000000010000200000004bb35e6602955a47246c2df08540eba8b947d7901397af4ffb0b2b4143eec941000000000e800000000200002000000076bc5e2b3dde45d9a7bb2b697199e3804b6c6749869a7886ee86dbc86c35c3172000000032db49221d935af9dc7c7ef0a545c7b01773b139d053275921809c62aa5a7a3940000000fe1607b233016bf019a7a53a07c7e7f49614f02c9bfa0b264f510c180809749bdc3410058bc2afd463f773c33602058e71dcb29ea4aee6d3276919a5bef0ee34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b9293ee7b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ada51465156fa4d85707370305ec53500000000020000000000106600000001000020000000ace6b99fedfca5ced96ca8e24f51baf3eab3a15ea84a16d101d55d151d34a637000000000e8000000002000020000000f59632b3bc18c0663a8c540d60686abb43069636cec58309544ec4521e0ef7dd9000000057cbb8cf9a781e90a214deb81964ef87d1ee1b4af7ac27bcd217bdb2f0295e1967dba006838ff4aecf500d51424884f285de45d91b73bb61e6ec1c8f200e08b585671b13114e972978db933206b1d163da1f5d62a8c8f780088bc68e711effd620740161f3885574ecbf8a4f8b8304fa2171cf116e5f4cf45ea2f3a411fde11f651177b8b274ecdf37bc9d262a864015400000006d0ab1b0f4ba948380527ead72c55a71a87eaa0cdf597ace3b55d36fb384d8bea0baecb1752a04c74bbdd26336b11ebdfa49931e1b159b590ea7707599d58881 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423382706" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6788E0D1-1FDA-11EF-8D50-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bigfishgames.com/download-games/2580/hot-dish/download.html?afcode=af628d3a27a2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.bigfishgames.com | udp |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 151.101.3.10:80 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:80 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:443 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:443 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:443 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:443 | www.bigfishgames.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1676-0-0x0000000000400000-0x000000000055F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FG.url
| MD5 | 0fcf82b5a915470e8a79d3516f582a36 |
| SHA1 | 75f81b41607905b231521243129aff3554a58db0 |
| SHA256 | 076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4 |
| SHA512 | adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293 |
C:\Users\Admin\AppData\Local\Temp\Cab76C8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7884.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a6300649984681c2cb9d03ba0a492c6 |
| SHA1 | 8db5ca70b7be947ed1a2958393c6af8d8b96d35d |
| SHA256 | 5b54f2299979b2f21275876e718cb8be4308c4999335ed8caf1703ae9b9bf242 |
| SHA512 | 360a84bd27524d0f5227dd718745fa44e06ff36ddae0e26739086429aa2d0fa54faa79368e0405b39260fbfb313ee21b56af9d1aaaa104baeb8133344e7502fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d491a6b6b2144eeea17ce7b62c7c5de |
| SHA1 | c26e121cc53ad3d43d77e109c99e7b486c8b8ae3 |
| SHA256 | 5e846dcfe22c7c52b1ab00e9315504ff4d8a5519700e58686744f6152188129f |
| SHA512 | 7e0ee92efd56cd91baf2fc6f1710efb102ad925e82196a9bc5214aec7377baa4214594867d109737348120216345e1cc923235702ffae4024300c5927618c166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f7c9c3793503c44d731e199c4b14545 |
| SHA1 | 5d68342fe37c024eb8cddcb074e2e679adaf4276 |
| SHA256 | 1f40f9427bcf9ddd7969256d7ff7673ecd8c3a958c5d45ded12a7c5c02eb0192 |
| SHA512 | 258c1d95cf357c1492520cbe17487bf72e771785455a63d780cfa31ed33ccef5cf699ed59bade8e0a04a61e8b1d05d3573755f9e2b5e36a1af3f87f57c32d12d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96e3f964b30e86fca472d30125841be5 |
| SHA1 | eab6d61a10a792aa025589361bbc171bc69f619e |
| SHA256 | 44a78abbe0b2752039caf9e7ec0783ac43d4a4fc650f84a97bded7564c71cfd8 |
| SHA512 | 9ded468601e33f9496a2f83314ce64fbef7115eba09faf6361f52a6e88455ae95c5a950255f790ae4de470153ff82f55b1a6625956f99aef497bfcc1eaf4f116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb73470ee9c55fe2bc12f64fa654a9e1 |
| SHA1 | 388fa7a2dd7548d13ae984c90cc79d2314178bc1 |
| SHA256 | ab080865d1c5b7bc537291c39ea09761580cb1b8891aa2bc4a6ce3ef75693f6f |
| SHA512 | 495784239811f559f9df54eee9605cb2a1315445ef64a11db3da48d63028b04c2058639150201c2ac5c4e2d985102c0e30171f2173d175eec4d52a70627d8d14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31e1123cad6615198f3cb3bc58e90e5e |
| SHA1 | 8bcfddb6b1ff68be03dbe896d3ee5f55ca0ccb3e |
| SHA256 | 6215547711843adc9a0ecd8b9fface4604298f12ea6db25b146efe3d60b53e8f |
| SHA512 | ec053033f6d7381c6f8a0aa0df4a6456193df1b32d01ded472c536c35edd26311afbd3d040df953e5348407e82ec00ea9f1a3a34ccabf7b2efc8344108f97875 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33aa6e6f3d0d32d681d520b0ea1c9167 |
| SHA1 | ab3ee48fb7dc69c3bbf477b9ce01947bf3d0bc29 |
| SHA256 | 53f2a80d959d04f7ad199cc32f864f1bbce72a6be328c9680d435805c9891bd7 |
| SHA512 | 52e33949c91f419a246fd0951f1b443aadc416b437c033ff280c6981a2a20ac36112db523674d64b35ed16670099bc94acf33b769f7860ef80bb9130edcf2b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cfafbc1bcb66a25e586b02f4dbb147d |
| SHA1 | 5f2f12a24a132250535ebda4b31cada0a55ba1c7 |
| SHA256 | 29640894fc5bd0bbeef2b09a6ede2558b70b733f90ef3b8cecab6fd629d1980b |
| SHA512 | ae010685f0a992ec9dff4af342f8130d2883ede365f3a6ef500786df5dd29a8179e93a202d23c5a7ece821da2182b40aeee98978b1fb784340e05d5257a460ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48fde0e8fc0324b605865fd3ca89ff75 |
| SHA1 | 452562d4193277300ac54c2008ac33d70633bbe7 |
| SHA256 | 99f7512eed0acbf37a1672c4dfce208fcc858a49fd9f2621b6bdd7648e1a4424 |
| SHA512 | 0e37901788437faf34f97a98379b85d09d8e4a9a6c2dfb2440073569fc79f38a52a63f4e5e9b5310befaba169c92eadaaef45b924d46f04cf98fc5b7a1fe33c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 782ae46065254c7928e161e324573bbe |
| SHA1 | ca93279444b6b1089bab2f8c6fe213c9bc468dc5 |
| SHA256 | 578ac2e78fa65345f4541ea5fcb0db50c738ed664a34d5ab165c391811bc7287 |
| SHA512 | 615e531101e86962319d5c65ed3bec148fa736e758191f05f3c6ce18911dac365dc9a2bce2c7b432927a99a9834f69f05a766e3ecca176e5e46b482f6a84d60e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea1651a831c617a6dbd001c24ccb6313 |
| SHA1 | 0ab4b1a6700c5eaf1f4ee09fe80d7dc761ca7410 |
| SHA256 | d95d1c3e9d07e36d4601f4898273cae3dd9ae807147e14bc7792461433667893 |
| SHA512 | 194aaef1d94df450cd9e0fedc0c8d09a94fcb27036932b0fa6b998f9d8212b2ef758a7327d2d86515a21b014ba129d30146be00168aa6475341639c07e969299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae28c0db472f1b3927af59c0b9ce38d5 |
| SHA1 | 4f458b89079a073fd9e9c267454502f8c40f2a37 |
| SHA256 | b12a473919f985976cf3db6332d67451c9f5b73e0f8fc1a1cc57e08c35702dc3 |
| SHA512 | 176aca29af1bfbdd99d0b38a41d93d8cf864d6e699b38e0946f857ce065578bd270677eda4d093c8f11188b183367e16eea1741b83cca792da14e155089760b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 179e2411cad85adb2d6623102661f9c0 |
| SHA1 | 53e1d063c7ed2222e4e68d375e5812e54d16aa99 |
| SHA256 | 36abc19a4ce6eaacd117d5fab8bda0e2cc031530728cb2e3b95e97bd8b8f0515 |
| SHA512 | fee03646fa7547d72a1d02416cb9ffbc3cfd088f3fd763cfa052db434528834d8144a4f02fb00fff944cd403e9c20d1ea2595d0ffd41514f5cc756b3cd5c4960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dbdcfde9b1737ae214c5f28d7d52d5e |
| SHA1 | c3d59442fd941dac9f3c458813c22aa439225f9f |
| SHA256 | feec4c7cb99b99b6d7a7a6283b71cb8a396a32acfa8334e7e684de1e5920c0b4 |
| SHA512 | f31e4e4499146cba692b7d126185cb8a546a72d6ebb503946a4ce85def8d66dd1ba90c72b66a5276d891fbe9305ee2feff3880af9e94a9a7f8c1fa1fa4e9436f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1d549ccfca0a1f7885d169666f6448b |
| SHA1 | 771fd3c4347cd572029279af4d69d866814f09aa |
| SHA256 | d67130e67fd42b435afac19f6a98417aa5427fc2ef6ccef48b4aece6056fd24a |
| SHA512 | 7c555d320421bcb2ddb9e8c47188027dc8445a85946ad20b271d63212ba74b8ce8e38eb139032e5b053cf5854ef631c6741a9df877016d08f96c1ccf3a8218e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 316a4a8535501045164bbd56bc8e8828 |
| SHA1 | d3e6c801d8d214354d875fa4e0c7c90e248cc895 |
| SHA256 | 707e666df5744b4ef67afce0ca771b77fe14206e130f7d1a1d30ea83e5167a82 |
| SHA512 | 12b5962359dc5e595f5f8403fb395e07cac5d2f1d3acd90cdf505a6bb8d7d519a88b6e394f8d2e43a4c64e16a085ecf4667c555a23d90bb1b5b1cf1b79c44b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e2e0a139d033b19e71da2318d26e352 |
| SHA1 | b11b14fff3987bf3d040ae5fe6f979ce2c1a38fd |
| SHA256 | 49c876f3169dc766527d1e9aa17e98781b054bbc312a309a717f3762c45204a9 |
| SHA512 | 6b7a29c311cb6e0c50058187ef85329c8f6f252aab150b23faac37e74bf43f78a0f8b0c917d5f3e1bdd15d212efbeba5bc4da38b46369d295d61afd6dc025b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1f1b7911531f4de35bb12325e3a1a7 |
| SHA1 | c8474782cf8dabf855d2a32c77ffb1db66646d7d |
| SHA256 | 913228c3cee928709b25a5a48bc1204b5eba6b9d46eb62cf942abb26b757f359 |
| SHA512 | d6c8d397cd40103644b72b4a489e20ba40dbf41db8fb70fbdcd2bbb65c62d3e9775db9aac6d39edf6fdb3fa5f940f46cf86f70ecdcbb1afc9976e0b708abaefa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd69dafadbc0669161d0182ddd67a71 |
| SHA1 | fa806b43f2f30f2d92929d62f37d8aa6e2740a1f |
| SHA256 | 14d35d9eff70ca2c584195a49d25fc36738d8043035e5e0f2657609f0e90a45c |
| SHA512 | 096f7cc64df4133a5361033b26b062a1ee9d6dbce104e9470a3d4539932571ce7c97308e121fba9efe302bd43e3312f0c68c459561275fdc6e9af0ceb777972e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f933e3986b69f3b8ce6f00101d455825 |
| SHA1 | c14889637e9bc473c18ed2f789f9112ee4130c7d |
| SHA256 | 3a6c715d3bba0a2f4d1110b81c98801ff272a764cf3653998c79305aa5ccef56 |
| SHA512 | f4d43f89d3935d50882327b0e714fc80397241fa87d464d521b758cf4af0e4ba2d86bd16b608f797ca21da96cd8c3cc5374fe70d623d8ba203ccd8adf931fd07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 219fd21b1a3ed87c5c5faae4b87857cd |
| SHA1 | 6a7a074688c875d20798197112611ef2eb9e0de2 |
| SHA256 | 20cf0ff5932ce2d92a1001022e6fdad544874371f9cd49a5d5ddfdb49baf7cae |
| SHA512 | e298aa5496837acda60f2bdbe0ed9afcc53f82e9f62543240f505f966bd7f9e56304229da77274799ab6f2c4881fb019fac185ec09b84d3812f425ef7e3d10c0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 05:47
Reported
2024-06-01 05:49
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
140s
Command Line
Signatures
Downloads MZ/PE file
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 480696.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bigfishgames.com/download-games/2580/hot-dish/download.html?afcode=af628d3a27a2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1bd46f8,0x7ff9a1bd4708,0x7ff9a1bd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.253.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bigfishgames.com | udp |
| US | 151.101.3.10:80 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:80 | www.bigfishgames.com | tcp |
| US | 151.101.3.10:443 | www.bigfishgames.com | tcp |
| US | 8.8.8.8:53 | 10.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.bigfishgames.com | udp |
| US | 34.149.211.229:443 | downloads.bigfishgames.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 229.211.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
Files
memory/1504-0-0x0000000000400000-0x000000000055F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FG.url
| MD5 | b32e479bd009ed83990c9673269a8679 |
| SHA1 | c90602796792d73b8e14df593d28c88639957537 |
| SHA256 | 4da0710275fe2edc624ceae921dfed794450221c88daaac73467fc885cff1a3b |
| SHA512 | d29415020d7ddc493ac36ad2351414523f9804f3031a50c6bfded58d8b9a83f13877ae73571e9dcc50eedd7014230196313dfab8618e587e118ae6ba4d94db12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2972_PZOOVZAIUZJWGLNK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88061df7ebffee4d0c3304637c51f271 |
| SHA1 | c7789d16623082a5230cf5e3147cecef68c157b0 |
| SHA256 | 116d51044cee6d559a57f1c6640512c6877e57ecbdf92b834df24bfc58e0f0f4 |
| SHA512 | 8142423755ccebef3539e0d08e57bd6a751ef5fffea91fc4c173114f5f22bca6c0850b5d4150fe2c2796736c7921a15694da34d4fbc2967b0af2448a61090b45 |
C:\Users\Admin\Desktop\Fenomen Games.lnk
| MD5 | 2ea8b7850f62af1fa6cad79c60f76540 |
| SHA1 | d332d37287c8b0afb78c07501900b214ade207a5 |
| SHA256 | 500c501f3a5e565a1cc5ba2c24943308a68b86776b4c229590e2a4f832e72539 |
| SHA512 | 5f0228b5215b2dee265b05de194a8e8f2282d95359e94041dfc3e19ee302627c5a614a7e4bee3183907b4dbc6f5c9b80921011b29f6f21604607eb951bb14430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 480696.crdownload
| MD5 | 1e47566685a6d793d1df722d2ffe76ab |
| SHA1 | f04e325b6ac258ca221791b841c3187f10b2b7b1 |
| SHA256 | 7901dbe3b12f7b5e91127f957e3e6dc9fb7461d66a831c71b9bbb6385c699da9 |
| SHA512 | 90dff89738b72d07025d26d3c137fe2e5ce10d7abfe5b2cc10d82dcdb3e94914ad18592121f69269c041c82dacffe856e179cb3012f4ff65fa52d44462661b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f51d6735f0e7ebe5a009c2c95eb5530 |
| SHA1 | d3a775ac762d4fe6bcd4108048ac20de007589ac |
| SHA256 | d9bebcea0740a67aace5fd031a14e73700b7c63c3a5b773e7c2c1a3bdec54c82 |
| SHA512 | d49e2c25968de526d9c1a12333fb2efcba978902901a81742beed735cf0a327b5e09426343e1faf6b493ebfb64f58aed90779f76d76de3e86c527dddc19c40ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08f2c4aa3d941775fb245db896b08762 |
| SHA1 | 102f90933c9491996869c150b92361c3283e84fe |
| SHA256 | c5f341d526173253c33d64bfa2aefb714cfed523940dc477b9adf0a0c6d380ef |
| SHA512 | 8350d4889580b80d223a6f9825ec220cce576424633930be90e9f41dc5a801e256cbf94663bb02179367b158e57971d966de5b3f16efc4fe06e4712ee36ac96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a649f5faddd98d5738f5e5bfb078ea3 |
| SHA1 | 666ae0c54fd1b3ef27c0dbc261f8c7d0230f18d5 |
| SHA256 | 86bb4293a7ae796bc7a76446b11a85d5e4bf9e3a4afb1f0950f515beca101e84 |
| SHA512 | 1157fa9330735d655fd9013698389b4cf1ab6e0efbc9b138f51eb49c4d10e820449c1c84b181d008f0a9efc5ca1f21cdc698ef5eb64f7c660af7dc99d7b45727 |