Analysis Overview
SHA256
ec622f24bab8549dcbed0df6cc5f45a38cbed1a6725eefb14e48cb9182fb01b6
Threat Level: No (potentially) malicious behavior was detected
The file 8fc26505376eb91f1028ac60cccc0fd5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:10
Reported
2024-06-02 23:13
Platform
win7-20240221-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F8F08E1-2135-11EF-A30C-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531700" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1728 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc26505376eb91f1028ac60cccc0fd5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | yqb.mntp.cc | udp |
| US | 8.8.8.8:53 | ww4.sinaimg.cn | udp |
| US | 8.8.8.8:53 | s4.cnzz.com | udp |
| CN | 117.45.3.100:80 | s4.cnzz.com | tcp |
| CN | 117.45.3.100:80 | s4.cnzz.com | tcp |
| US | 163.181.154.237:80 | ww4.sinaimg.cn | tcp |
| US | 163.181.154.237:80 | ww4.sinaimg.cn | tcp |
| US | 8.8.8.8:53 | winvvv.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | assets.changyan.sohu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 103.142.86.74:80 | winvvv.com | tcp |
| US | 103.142.86.74:80 | winvvv.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 106.225.241.86:80 | s4.cnzz.com | tcp |
| CN | 106.225.241.86:80 | s4.cnzz.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 117.45.3.100:80 | s4.cnzz.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 106.225.241.86:80 | s4.cnzz.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1E5C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1F3D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95d37d9fda02da3de379e048aa117ebb |
| SHA1 | 3ca4ba38abfeec76093dfb2a5d702e815748e7d8 |
| SHA256 | d92a115b465740c22091ed96bfeeb7b07b4ab76ea3d48ab10e27ce52f83baf97 |
| SHA512 | 36b5c6a59f107252b20a93e3d9737266d9c0090df5f6be6b761b42eae7a0fe645f0da26a047a67f83f9362b8131cd5b7a35d1adb96d198d06e96809edf620ff9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67c17159add1e21fb1e5dc69a68d8c8c |
| SHA1 | b00b0d4ccdfc44fc932543d3caeae659cd2cecee |
| SHA256 | c485c9325745ea5d57b9635e59f2a0a18b81bc8121fd3a1b8ea2429467fa18cc |
| SHA512 | f34ba7f87cdeb0ba82cfd4bc542141d723f05a85b2adcb91baaf48280a7f13e680d01645188de137a2b8db5a475306d1738d10169f6ec110e90aef78cdd602de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40ca9aa5dbec6828446baf467b9ffb6d |
| SHA1 | 6013cefc3de2200f9f852d96c52661b39abac162 |
| SHA256 | 027984dda4fa66592cc86c23a2f5aab019187079f6f95316875c8f14e8837cf5 |
| SHA512 | e8ea84181c5b4c0a0d48184e898f2f09e489fb374b9883d5a8d205c874c5785baca438d6f66170deb3c8224049c3ababe4a110640d37c81984cbe7dce29d443c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be4c83a5d6165b8d8d54db7a4bcc688a |
| SHA1 | 97cbe276b09b1d1e8267ac5aa6b7daffcf66c35e |
| SHA256 | e39f84b93ab6204746f50e491091402f559c966301eb9ac6d3704457cf2715cf |
| SHA512 | 10ad6b93e81bdeaae5b86bbf7425e2a0a0431b69dc158754003ed54b0afd43e6b8c880798ea57734cb73396d958a9102094f529db773151797dea1a410178d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cf97add4806f2874320bd4f7349ef76 |
| SHA1 | 5abc083c2a8cf513c57f29895cc57953549dc5b9 |
| SHA256 | 1bc9af0ae3c057dcc163dc51ce2508badcfb286907e6d21d2a9a10d636007786 |
| SHA512 | 3ea047e51221cd943abe36108ef137db28bcc9cb88d70637572359321a8d0f63eaddac38e422dda80b35d44e8a1765805160c1e9acdb9fbda30230b8cf8ce1f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d5b09e3e12f7efa7a0eeeb258b1270f |
| SHA1 | 344c759f849d5f3ac1f515f0a1bd453ffae1dcd1 |
| SHA256 | 2686c2ccf730d66e29344939c78442f40f7712e0d74d6e7931d6f83c9e2db026 |
| SHA512 | ccbc5ed678e954007ba22fc3a68c3c5b4893ad182a141eb3b94365e06b8810dc7d0946b1016d4bc9819256fb6adcd332ab472399e9df1a0acfa7900fddbc6871 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c10fdf2b30c3b6e0a2c6788e0b641710 |
| SHA1 | f94e681d0e4d60813e37c9640b88473008646e04 |
| SHA256 | bbce3133a35d6f0eefe56267a420ffaab525ac20586b548db23546ed8520148a |
| SHA512 | f2cad450e677a84b5b21e2404b6216e278b63e31184e99597b9d183908553f7a39a0b253f9eb18b69dca311f1cd730e56fa0cebabc071d1bbac6d30fee09574e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:10
Reported
2024-06-02 23:13
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc26505376eb91f1028ac60cccc0fd5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd521f46f8,0x7ffd521f4708,0x7ffd521f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15015786567503950631,18090184128112246296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2344 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | yqb.mntp.cc | udp |
| US | 8.8.8.8:53 | winvvv.com | udp |
| US | 8.8.8.8:53 | s4.cnzz.com | udp |
| US | 8.8.8.8:53 | ww4.sinaimg.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 103.142.86.74:80 | winvvv.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | assets.changyan.sohu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 163.181.154.236:80 | ww4.sinaimg.cn | tcp |
| US | 163.181.154.236:80 | ww4.sinaimg.cn | tcp |
| CN | 106.225.241.86:80 | s4.cnzz.com | tcp |
| CN | 106.225.241.86:80 | s4.cnzz.com | tcp |
| US | 8.8.8.8:53 | 236.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.86.142.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_1192_GZWTXWMZHTLLJOJD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae58f15e02437db8fac96cfb54236b39 |
| SHA1 | 3248862ffea3829cf1fe653bd99a76384ce8c1a7 |
| SHA256 | 423b05f3948147dd17dc5aa53211e865bfbf7a6150d7945510df7b8b2f3c77b5 |
| SHA512 | 31919f010db3508e0ef30d9354aacbd33b9ffb08b404dfb6788591809c5c39957157a166cf9637159629f42bd5bfbcdaf97fbf391f193884a5f0815f61abce39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be15c20cae7d24dd4350ca954c52e7f8 |
| SHA1 | 82f69c9716d38bf1ab9f8ced73006f9e3db9a413 |
| SHA256 | 5f4296668f65ddd9ed74d6734c5de00180002aefdeddad79b9eb409b01d1ee15 |
| SHA512 | a6dadca01638de3f9ebdf64d254f466bb79b93f91f1b185cbbcc2df7d70e9eb57e91caca5eb253eb25dab6605925725823c5591b6d5102faa3a0573a00c7282f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d91dc3c01538467711e2d0f0b89649bc |
| SHA1 | b80593f13ced721d3a0fdf8be1cfd4a1f31a8842 |
| SHA256 | 790007d0c2ecac5999f2bea9e503f2004d561c3b02bc16d0afa1276570f996da |
| SHA512 | 92713ce4fdc42a15a25cdfd42302aca1d88ca717a7e8bddd0f1265267a620eb42ad8a1da151093392e8adc03467095e30726ef7f31583c74d8d0483e334e9f6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27aec2c7978e6653a07dd927bd5be97c |
| SHA1 | facdff29f3f50fb92a3ea14f12f828327ab365f5 |
| SHA256 | 0bc61a873a0b0bd5f845ad1fc60f346ba994e5cd11b8531ee44acfcbce5b026e |
| SHA512 | 0932bf17ecea81de478efbd4e7951c1e33f2323d4cbe3a7b1a098c17e6c6d303e86312467727d62a0029ab1f2b29a65c4fdc0a71ce22a74d370d5aed78f576a2 |