Analysis Overview
SHA256
6a774d55818d7d12a552c0e3d4edfd5fb5caf19be5b2cd78cdf84aa0f390c381
Threat Level: No (potentially) malicious behavior was detected
The file 91eb5e4bd7077218b95899498905480c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:19
Platform
win7-20240221-en
Max time kernel
149s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88D37391-21AB-11EF-9CBB-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582478" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91eb5e4bd7077218b95899498905480c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab87F7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8907.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 533e724770706b7a0a1f2cd49641e2c9 |
| SHA1 | fa80eb1edb4bfc42c65a54be37d3a6fd90be10ee |
| SHA256 | ef5d449271eeb04fa403696dad826735c27b5e57e3c2798b086136723663b353 |
| SHA512 | 8e6cbb11213e75f48ff4934038994a8771b1c15c1f70c743e8f74ec7a84da4cc5056dd46401569866a0f26e0fa4207ed6adb497614b312e2a4d733efa47958a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a077baec3d5d077e66d3e82ee2e9a9d5 |
| SHA1 | 40b908297d03df518b58b0c1b2e33bcfa62bcf22 |
| SHA256 | 14e409a05ae612dcede576bd81fe5689ba5b0a62d0629fa5973d0d94c86401f3 |
| SHA512 | 1094aaf0437b112477faab095f26e011008d86093312e24fd5f626fe06c16fbbd2c8a908fae1e0945b29848e86518a8e66900635cb5b290902ee31dd8f384dc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 420d1a0a0f0f5f577a8d2c9e90f2fdf6 |
| SHA1 | 54ab8a64fd74c4cb149b9d5e8a65fb38ee3c768f |
| SHA256 | 0729df71430584d551cc6d18979a41553bca2ca7468463508d4dd070a6bc2652 |
| SHA512 | a0442c24a0eb70f83326af19b3b6b23bcdd15e0b8fee873844964832dfb751cb41beb95a65624109a979d624d8555b27960c2e3e6d68188c0ecd36ceadbb643d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bde5833cb48734811d8fbe923054194e |
| SHA1 | cb1b018b802b4355e9191cce61b9f3ab59a00d37 |
| SHA256 | af44a80f55b6f064fc5ea6165bdf0cf3dc6797889daa194382a85cae4eddf36c |
| SHA512 | 730eaff8443cdfb24ba84cb8b876fc2494023063cf5fa240d3658afe97fb146e806e66b3ad1c66c7f4ddab23bb752841d15060f83f20a30651ca2e75a4c4d8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc2ace9f0afbfb9908fea27f877638e9 |
| SHA1 | aac0d2759c8f5122695b300564287bf4a3bafde5 |
| SHA256 | 98cbacf3510362faacc86d6c36f541d7be02b4152145b93279307d384758998e |
| SHA512 | 599506a2dfd9bff4c32e4454f4fb2e0f5a329a0f00e4291540e142bc11954f162ef1b86e935b8bac924d2f5c1b30074893f5fe05865c772551c70cb90e28c802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ef589a04f75bb4438f2bd4c656b93c8 |
| SHA1 | 797e766063c35d62fdccdb6476fdb14d8eac80e5 |
| SHA256 | cde8ccac18f7beb80f4f31556996f370945ef85e16be8c4896fb24b90d5a01ef |
| SHA512 | ed90965f23250e83ba77a2d010af557716cc18560d62cd692b11c8b3bb9f500a05ae1a8b3330bed4480270193070037c8af1c93724b29c67bddb089ba8bf509b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ddd9a5d08097c120ff7b38b76b7861e |
| SHA1 | 6e946965ac25dc68e22fef6b2564e22812cde181 |
| SHA256 | e9f5c4ffe7b185b7f087a764b2ab0e233755d380e7fe004d959c7c625895dc07 |
| SHA512 | 2c178fd5cf866d2058714675f2f385c5125680d82349e6a539fe5e2d0554bb5d058b329258699f3cda7243dccc1cb2c77919cd474ac8fd729331493d42249d9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aff6c620351a656dd1beb600b786220 |
| SHA1 | 230059438f40330ccfccb7cad46f364b35a54c34 |
| SHA256 | 89797769289be1e2ae5ba97cb8ebeb2c48c7d82689cfc18b3b516c9e858adb3c |
| SHA512 | 910552af7da47541907fb9b12f1638dcdae6b382698b847a4dd98de5818d94aa7221d0043f0fdbae490621f0e7cc4807a6cb9659dc4bf93d110a65dd88202cd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7fb211e1a6cd2e4fee369fa27a6374e |
| SHA1 | 060e3a6a2f95143f90dcf4b6b8ac6d5992b64dff |
| SHA256 | 3c208dc8da37da90b79352f865377bee33f483271eb22937e099539c6695fd66 |
| SHA512 | 7dd2e5c95349d3dbcccf73e116bf040c8b8d821b8430639ec2064d428c6b96a88ea1658ec1c0fd211ef314b2e05bf4ffe10e5376e16459b440c782ff07e4c206 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:19
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91eb5e4bd7077218b95899498905480c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4379885470819747065,1377598246300641529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 225.107.17.2.in-addr.arpa | udp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
| CN | 58.57.102.35:80 | img1.jiehun.cn | tcp |
| CN | 58.57.102.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4260_EBWYRZHMPXYUKTGF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a4d6cd80d4181d8704d88a37e7cf1b9 |
| SHA1 | 71a49b1a0b574e48d75de00b2ecee37df4e7d6d4 |
| SHA256 | 461c9b33f094014cf0937433274eefe93c1fbc16994f19f76e9971d8462fa843 |
| SHA512 | b3b93314e35e621bc2c2c806085f72d879d3ac52733adbe5ef52fa001e3b78128f1d933da9720ab84931156e84dd8510c98a52dfa92b12dc2737740d6aafbf56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dc24466ebf3ce2c3aeeff07319159473 |
| SHA1 | 3ce3090f5e864dd10ee7f3f2f5b6b547ddb96834 |
| SHA256 | c414f347b75a58d2868f3194c944e1ef6998c3285ec544c2a4ee35aaebbe7ef1 |
| SHA512 | e442f28f9cbf9afffafc354f114eb92b6d56b0387ffe0ad46cb66bfdc2fb0e97973fdcf249dbdadc147013b0314405700b506b5da956df012f815d6ec19f3264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52904ac062aa3149323009e1c64164b0 |
| SHA1 | 8c5d2c97d17c864b011d98e79e2b13571cecaea6 |
| SHA256 | 5cdcb32fc74fb7c67c40bcc93a869ca527fd574ca1a19073ba1ba58369e163fa |
| SHA512 | 2ffff3ef1501cbd992f189246d9ab4cf39c3ebe20070e967dc07d1de4d02075987a12e0f4f47ce60940bad57aa88a925773a3674bacae6fbe1072aac89b17be1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 889c305b8d90c0ad38727076128f5f83 |
| SHA1 | 62f5a01a1bf5d20fd1b6caa6ec0b699ae60f6e07 |
| SHA256 | 33d05488b53fb9f6b37e6031519366fe30e4caf6e67da530f36539e9e8eaa34d |
| SHA512 | 8e880518590748b688b330d56ba6f18468f182dd80fc5950ce3a1b4bb74557b879cf531a2f7ba66c423bbb22c1ea987608c4ee19fc7df4d4385b58d3cb6baa6e |