Analysis Overview
SHA256
a6412479be27e07e577c1f9ae02d2347a2b9ac1b6039bc3871fdf64887af40cf
Threat Level: No (potentially) malicious behavior was detected
The file 91e491aee6e44e81215720e70a33a82f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:10
Platform
win7-20240508-en
Max time kernel
148s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42F871F1-21AA-11EF-928E-6A2211F10352} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581930" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2068 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| CN | 182.140.225.35:80 | img1.jiehun.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 182.140.225.35:80 | img1.jiehun.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 182.140.225.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 182.106.158.35:80 | img1.jiehun.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 182.106.158.35:80 | img1.jiehun.cn | tcp |
| CN | 182.106.158.35:80 | img1.jiehun.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 183.61.177.35:80 | img1.jiehun.cn | tcp |
| CN | 183.61.177.35:80 | img1.jiehun.cn | tcp |
| CN | 183.61.177.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 183.61.177.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 183.61.177.35:80 | img1.jiehun.cn | tcp |
| CN | 222.216.122.35:80 | img1.jiehun.cn | tcp |
| CN | 222.216.122.35:80 | img1.jiehun.cn | tcp |
| CN | 222.216.122.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 222.216.122.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 222.216.122.35:80 | img1.jiehun.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1DCF.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab1E3E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E53.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffb336dcb8bfe01f98bd3d43c6064905 |
| SHA1 | 57cf7732aadad4002e65656f7362c630893eea2e |
| SHA256 | 841686b8b497f11b1cc67163b9b3e858b4442b2d35760eff4345d29845eabafa |
| SHA512 | b4d89238e38dbe0272cd055b8c223beb65714d5433dd87c8cfa40954a615928940cf3621d9bf2e2ff99998f0eb13f96f53bb022dd0a32680493231edbd4b4f6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f25339babc6a0f8f77aa4fce36b2eefa |
| SHA1 | 72b0126391da7ee8d3e8c88d7d07dafb9462ab51 |
| SHA256 | 139499f539c737b6425522bc3c1d8e7f9fe648ca68a280aa42537ff634649b83 |
| SHA512 | 45752fec3e3631aa6d716f34627004ad513a66f4e0f4955ac7287b319076b6d5aa4837b0702d3a72242a4a9d22896ddf86a4553a8017b92de4662cb665d4326f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd48e855adc15a36199f9df60da3c04f |
| SHA1 | 7f7b16e8e7b574f677de1e5d347c5fa02faa334b |
| SHA256 | 232d801cd0685264044dd6eead53fea324ea7bd479c250bd5f4a77aeaaee1034 |
| SHA512 | b0b912c27d3a98837a522d44a68ac6d5b0f6e31f0bef81605e0884d61dbd33a35ace45af7ec3027f01ba34a9ca8b44f47ecf396de8f3e23546b9dbedd10e850d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3ba646848cd92f4f8a7ab51a62dd1b6 |
| SHA1 | 92e681cea49ee0cd490004fc90ad9f8f80ea2787 |
| SHA256 | a2b39dc18e2e137c30b59b10caa14fc114f452737218e64a9a3c5c4bf2d7d04e |
| SHA512 | dca8688ec634d5bd86437bc32e89b1c9930102b5aa7b0f6d3f476db84e3b67203b59d993afa97da833e4f0d83ee7d712c5b519dab401c182a51c27645e014593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57aa49f7e11848599acba804af3e47d1 |
| SHA1 | 242fb542f662befb657d8221af0c55214dfb172b |
| SHA256 | 37476503de3c9be2ae4b9247f680b71fada06c57a6b48549673905c6af9f5dcf |
| SHA512 | ab5c6522cae3937ba23b279b1c2938dff71c1b1a5a6053a2d4322454cd0b6c7509cd1facb2bae602698313c2d06050461cec201c046f571c3ccb7758550c8654 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a700c770060b76ebf6404010af47f3a |
| SHA1 | f023c3f24ff0a1f85e262fccd6d93a3a6ca4df5e |
| SHA256 | 3fc52c7d00b208d4d9eb2c8d52a3712c36f544366e2348da1bcf6733fba4f610 |
| SHA512 | 3d99b022edcffc7d61ff809a4ac764632140a64dfb786fa4bec02d078ff4b9b2230d0e09841def657d1f65a35b861590f5c3821c8c22b2363272e23e6497121f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35bd43bb86ff713d585aa21e7d7868c0 |
| SHA1 | ce13da6a3002069990c4bc2ba5b06db7af8a966b |
| SHA256 | 96fd89f97e3bbf25f3d8357ad7b3859f62001839676e44ab5d265aab25168699 |
| SHA512 | ba02e207252565049a44e999ba34187e6ddfad00aa7c951648222e6ff6572dda5589d1d0bdbf9c705a2456bf7a33fa32f0000d469f76700aeaf212b08af78aa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f680e3bf9105ea333b370e623294359 |
| SHA1 | 338469e26236f11de344e073dac72502951d7649 |
| SHA256 | 5bbe3d6a59e89a58d18509ddc798ef76966d23ddd4fbf8149c03bf544c281b3d |
| SHA512 | b7b8558c8e228213b47f24e3461cff3e7cb8dbfceec802660a975324e1aa531c39696e0a7ca3fbdbc2686a93601b762f3a4f6dafb314fc22bb93dfe2dd6a8f93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d14e8b83b85e7c7eec77673aed3d00c9 |
| SHA1 | 2a3d332a6cb5026fc86463b20d05c5e2ea0d0461 |
| SHA256 | 5d34c663d2cff8c881535fbd3340261dc7c8e3159b71a46d8f0fcc7fe5c8c475 |
| SHA512 | a3444d8bab30bf9c2caf1333771428dadbcbb04a0bada742c9042a7ff982271e76dfa57de3b2790102a9feea3d9d3b7d51d31ae0934853ad65a81650f1d57361 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:10
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14940800233205026599,7564860733185291905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| CN | 124.239.243.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.1.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.110.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 150.138.188.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.23.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 171.214.24.35:80 | img1.jiehun.cn | tcp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| CN | 182.84.110.35:80 | img1.jiehun.cn | tcp |
| CN | 182.106.158.35:80 | img1.jiehun.cn | tcp |
| CN | 182.106.158.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_116_XPQRAHPJQNEDNDKK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6b34e36dde82d023fa29fce8638a14b |
| SHA1 | 5371fa218276f5549bf9fec00b181e1b301cc777 |
| SHA256 | 4bde8bc18e0f8d2a1fcfa77c39948fe04eaf1ffd4c8f9c708e81c02f445ca85c |
| SHA512 | bd12f8d0bf84f45ae5b9e560307eb9b8f430286c4ce6eb0c09a6cf135b196ba733bf86bee542cab3faedef9bf47539faee1b867a5369a601398a724e0f4479ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc1c525386354caa5dac20fa3c1b7d69 |
| SHA1 | 6a2b8f69b733fcccd510d0136f59287cb9124a4c |
| SHA256 | 4792b4edf06f2b0bffeae3b6849b44ce9e0c08fb5fd59cf8eecdcb12b8f56ce7 |
| SHA512 | 914fa41fae8e6f8249947663b67e9b20832591de341d1bba55f9ebe90e700d5c5d6cdbacee7b666d92f1adf4c6878a7d4dfd1bc13fb75feca94b6d87cb24de26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbf26676-56d3-4a67-88f1-dc11151ac80c.tmp
| MD5 | 29f9be513e13a0b731a7d15dcd03dc2a |
| SHA1 | b1e238704b327e99c6c270b635459fe5a9cdbcd8 |
| SHA256 | 5103f1fa1e3b682d4eb3629c545025c540a86d80f60210e404f2b1b667bbc6f3 |
| SHA512 | 833ae565b93d7b5cc6313a7e035e873110b723a7be8b00489edb23c1a9f771a7d57f8c62ee79df7b009e854c03ddbee34e10093b2404f3abcb2d4594b8d036b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87ee04f01956dc9b291d1aaf28a1ef07 |
| SHA1 | 604ce58282c6b30603eb5b040664ae34880cc3d3 |
| SHA256 | 0b41d0dd044b87dc845e2bf6d374a6d6df37295e4e0534b887c71d2d22b4a163 |
| SHA512 | e8bfdce0a000a2800bf4980cf602c42ca63ff98dc2e79ce014df6ba8743f82597308c86bb35b3eecee8989ef6362c1e053f33b3ef436cb59ab1ad9c33141f54d |