Analysis Overview
SHA256
43594e9eddd81f220adfacfcd0ae2bd6111ec5b67573b2ba1a95fac89bf35a77
Threat Level: Shows suspicious behavior
The file 9e3be1290f3f2e615ab348e3c9bc3af0_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 12:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:52
Platform
win7-20231129-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\神笔注册机.exe
"C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\神笔注册机.exe"
Network
Files
memory/1848-0-0x0000000000400000-0x0000000000410000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:52
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\神笔注册机.exe
"C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\神笔注册机.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
memory/4808-0-0x0000000000400000-0x0000000000410000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:52
Platform
win7-20240221-en
Max time kernel
140s
Max time network
120s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe
"C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe"
Network
Files
memory/2752-0-0x00000000002E0000-0x00000000002E1000-memory.dmp
memory/2752-1-0x0000000000400000-0x00000000004B7000-memory.dmp
memory/2752-3-0x00000000002E0000-0x00000000002E1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:52
Platform
win10v2004-20240426-en
Max time kernel
141s
Max time network
94s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe
"C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\ShenBi.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/3688-0-0x0000000002130000-0x0000000002131000-memory.dmp
memory/3688-1-0x0000000000400000-0x00000000004B7000-memory.dmp
memory/3688-3-0x0000000002130000-0x0000000002131000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:52
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a89801febbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2CCFD3D1-27F1-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e4c888b45dca4db7be3295e1c5e86800000000020000000000106600000001000020000000193f32fa59fb5d3cd6e1a616b92955278c688f0ec5df2a72f041fbeb068cb51a000000000e800000000200002000000043fb68d84239f170d08cfdef56aedc78ee3fe117630dbbbabf3427798a7df37b90000000a99d43ae12dbae6cb9540db45188b2830340d6c3b469547116136533a9cabf13602ee82bb90106ccec73479025fa42fff3df902d5ce790f4fd8e44ccd8448579450a25c1dc8e6c9a19e303d9abcfd4ce35d379b7449d5778e9814d1753a25b33070c5e731d1e2116b41ab812623f13dfada9ef62ebef5a427efac1cde64892a12db1081e88192c27d4ecb9f3c46de146400000000569f31ca32abbf659eab013f88b67a890d40d090b2b893e0cf2b57c90aec45f23a159d2a59bd7fcba1f7215d4c342591386f0fc89759efc2a85c28dd399f6bf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e4c888b45dca4db7be3295e1c5e8680000000002000000000010660000000100002000000016f9995e1c29884cdfd9455778d71cf9b008ea280a0bdf6099ccff251e2c7564000000000e80000000020000200000004923825309008249d1bfb0e4ad223a428c447dea36546a370e1c88bda7767b4c200000008eeae18a8c92b496f152706874d4db06c8cc8ea5d239961a6b25fb62662cb97340000000af41a2fe17460a44a132323a4865712580683404baaa3810fbedf6299e6412308b3fed061adfe507e88f629980cb2b8ba31e184235440ff136c30aef5114034d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424272094" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\更多精彩软件下载.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.downxia.com | udp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab35C3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar36D3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa6a2114263055c501dcc79fd92f7fbc |
| SHA1 | 52c8dfc4aab52cda54f64713b3422dadd22825f0 |
| SHA256 | e70d5b8b64a829eb5fd1d989c369f9d2064aa2b3489aaa0c77dec05046b708e2 |
| SHA512 | 586047a51b255fad78f80b9907dbc062ea60956cedbc1a789d3b6ca7d005d177ebe6feafb3acfbec66a760e2a5772a44d26679efb26a6989207d2b22beae69fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7fd0133626af2b64861b80ac67d484 |
| SHA1 | 81ae13af45fcca7768f3ee49b9a2a74abd3b2108 |
| SHA256 | 82b007d2b9f0a220b574437797297d65265f1c2c3627863a591e123f7c3a8d4a |
| SHA512 | 277afa2c81a656e40f8c33ddcf8ca119651ee1e61a1ae201da8f684dbba90636c33d20a05e5ba073e05e222f001dfdcf7eeb397a04712641ca714792a0c5a1a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a410177643ff8d85b0dc52b7913f6f1e |
| SHA1 | 8d62ef6dba5290901f1e5bb376fbb7d21bc940ff |
| SHA256 | 0945c9f6cb2c149bbbae4932fe54e66535f9e909575937b2983ad558fa9c889a |
| SHA512 | f3773453b0009989a62e74e2c887a9d17a87e2465f7ce51e59a1450a54cd5fd1f50481ff50abbf6a6c0f510db55848d7463cb8227ef344e91f2c27524b638145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4c0e22e5a4e67ad0a52721c9fef6173 |
| SHA1 | 1aba8c4c51456e541c7b20182938d1d29d0bd836 |
| SHA256 | 2ee12c88e0dd78d932ba266f39a089a32752fb97ec160dd9438923c567cedf88 |
| SHA512 | d10d5a90e0b6804ba7d008a2214de7e9ec879787aa3a05fbd62ac81fcc7e72239e3b07ed088995bf9236517aa2885f80f55e0b1fb7a3f96aff2b342e3f2b12b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86221c37a96e796be6645651af62b625 |
| SHA1 | 6cb664603002e519da25cba897060a329eae793c |
| SHA256 | 4748f34934f8ddfecdd7ec6dd233a846e3abff3ebc2886e1cc0acb0b7cbfb353 |
| SHA512 | d3aa951457da109b16832324c8443f62d96f227cad4076d02f076e9e190ece7a646c4d31ae63f5d93b056dc620480caa096b7ec00b4eb3f46c7bcb0f42d3d28f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ab3fa1288791bd1a38a9f623836303d |
| SHA1 | 9b43026ea5e08a5bd3229814b9821643a9e89fee |
| SHA256 | 388d003114df170b10d70fb352a54faef7fac915eeab06356e777c342afb203b |
| SHA512 | 57040b06bd6f28708518a2ed4769667ef52f1d7620c6ec2dd20392ae1d2dd023be3e1db695e76cd33a3bde0408060079eb72ee461490e027287ee7f6be2287e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 163b4c5cb0244d1bf4cfcf591ac73d85 |
| SHA1 | c2fc36cc20edc5729fa8d5922a0f691f1eff351d |
| SHA256 | 8dc08ef5dce6d1e952e41de4ea432d5bcdc0a57daaba7634daf9ccd4e98bb7bd |
| SHA512 | 1c0eff15367503820b0b5210dea5d95ed8b6cb0cd2054a3848296673efc5a484483b8990d2bae96494311873bac4650bcdd8db19eb152cb56878198db370e3d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a476588d79c0816fd4a92c881fef1ac2 |
| SHA1 | 929511c915ccd5a2921be99bab1d240fe90e7ccd |
| SHA256 | 88ff03543831db7395e317fcdd8ad8c33ed8cd54c3a6b8da27413f806ab1bdb9 |
| SHA512 | 2efdb4d1cc887ae885f2db629a1ed78a77b163bb33734d8f946bee1fd59e888f0a67476289f47f4f0ba21cbbd9131ed80b766bb9ae9b2f923a6e956cb4d10f2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08efe6b9b6a68e18f4874f07a8a959b9 |
| SHA1 | b324d29f3bdaf4cef0c8a0277e27e1d892cd64e8 |
| SHA256 | 6246e7dc79deec02a2759fe0608f5a5ea9b14434a963992b33168ca04ae93b8a |
| SHA512 | 50aa3ef53ffb504e9c988140ae9bb3c05766ca853946d4948d6ea9e2ddca6dfda3a4b95f89c9fa362d084d53a4844bf7cedb1d73d362f6bc95f358d3b1f95bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 098e6f91744d5e8f3faa515d84558853 |
| SHA1 | a9d9c07470b43540b018388102fe1e999e922355 |
| SHA256 | 4469137326bd6dbcdb2fd3fbc4b37122001b28f4d5c5cabf5e4124608ba91d73 |
| SHA512 | 04e42ed5928367c8f761c3b01bc088eedaab6078cad67dfe3031167b3a551661b387c967695d320a605a74518103f35940990df701c1142b3c1e3e61ffd3b5ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd4493043b7b0622690bf72193bdca6 |
| SHA1 | 21ea59e9ffe147ab6e96eeae06e58c387438ffbd |
| SHA256 | d4e59217de8b68298728717b3f93923ae59f8198442ac2d486dcf2d4c3983f7f |
| SHA512 | ff60cf5710cdc667753adf2a71e5ad6ea4b88b2548947e52532b5808d42004f28c8423e666ddf6735b97eb1cac445a4e80bf2bdcd2e526d28c23207698fea016 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd9e160462793f0ca9c692cbab2ea876 |
| SHA1 | 4fc11437f495aafa444e3e9071f0132f915236e8 |
| SHA256 | 5f4f05485fba6de5dd95113fdc6f823a0ed43891615e43e1708a65de98897925 |
| SHA512 | 6330984b655e1b3b548df7b2ab8bbb77b6de655c768e2de39c9ed06da2638a7a7fcfc4fa56bf68173eced7b4b6b5715d756d585bbbe91eb7531887d62ff5c3e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 745b828e1cb197b07156542e839ead9f |
| SHA1 | 114ddf15a04060dd04a5cf709275329fa9f82d0b |
| SHA256 | d37b472fae828a25b1f911da070f82b568f348a9cdccb88c5b5f676f2832f63d |
| SHA512 | cec3e2ef25f5628942d152ed3833263d0cb76cc6cdc7f17cc714911a83dd1bb4d2879f8c9f5eb0cacfc9a4fb49ca4d16241881e95c7c71f8c5a88705f9ce4e10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d41940b46d79471539f05c51fa96c2 |
| SHA1 | dd9f3c5a54c94addab4a3fb18797c9f920054964 |
| SHA256 | a9628bbb8da80624b62b69447ad2750e60db4c45f208639b7c9a1105c68fd8fa |
| SHA512 | 0fc7cde042800a553566a40e0b349c64648e855f1f1b9a2352a7621bc9c727cad467b998469148cf7ca61579f1baa9fe22bc3ad9f2faa00ff2c6e9423ed13fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b693a17eb3240218faa7a40d0d5abfd1 |
| SHA1 | 516ce7f3a9ad090de81d8d8f690bb7d180cb2b0d |
| SHA256 | 667f77748b181222e609f31aa6d384fef534c649240d89472b91fffe19de3106 |
| SHA512 | 0b5d4ed8b2cf4e2f7fe8f8ae2d5aa67c31c5fd74d186e08d2af934b284d94ee7205b06db81985bc808052b89bcbd2eba41a360decb1b14f7daee52a1cd0f4ddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 698b444ef1a0c1d5d5b867d1b1bf6fb4 |
| SHA1 | 16dc413b83fe38fce38c4c99379e87b6eb5b791d |
| SHA256 | 198e1f144f7bcef19e2b33f707cc781275c13a0f55c7ac7c6ab76f9735e81e95 |
| SHA512 | 077c484f7edf600d816acef59ad529d20a8e21a59a023f8b5d2ddb111bda9cb9717f589fd799b5f09ac580b4f81c0da15f00ff193f802d00cfe6261decbaa5bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a14c09ae174d283399d7fa7d6febd8f0 |
| SHA1 | f662e427d9a4e7f7c726ca872668c3c50d3d9b6a |
| SHA256 | 611964a767e16159f92adb7a2fb413715a091f1adac43682311a8c53b8670908 |
| SHA512 | 25079fffb76f7571a3bfce061f894fd3e89a6abddeaf3e3140a1916b48a812148f858626aa6abc7f2011db4c7a2d7bd927c013a77a4c993552e831bfc74d062d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32fa2fa1eeeeba9049e9460905c0a3a9 |
| SHA1 | a199869144121a5d35ee617fefa1d697645d2bd8 |
| SHA256 | 0110ae3f2a9ff6afb3eb728c97ad31eacb9ea6c5c34c2c65ce09dd80728e4a7c |
| SHA512 | 218c6817b36a4e60fb986a459a59f7246cdcd952100125fa22689a2213188f86f6ca29f2eb3f5d57193628e5c415ff9a66da9c1ebdfe5f4767dbe0054ff0e23b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb24331dec334a88877cd80a7c8c13ab |
| SHA1 | 14ebdec21bf345247456d848bda9dae7993dc163 |
| SHA256 | fe43372edac869c89bab777a638966e54604641949a2509b9cf0c8c20d9511dc |
| SHA512 | ef3022cdc44095878198f7234ca3373f6953b5a70d780ee8185afc299818723c2a0579a51e4f2451034d7cfe873d37e0c328e2a03e1f9e121fc6db7ffa7d85e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 784285be30292251b40c1ce788350ee1 |
| SHA1 | 8d0606241a9e802f1bd6a9323e7d6b043da07d00 |
| SHA256 | 3d02f21aac5c80ed3f62f9e2b5508c4b361760d2dfeb08ff59353ffe80030372 |
| SHA512 | 97d49bd113c7f9b578c02bc52fe79fd1e1a897680d78142bc3eea943bf0c4e21470088ab0e5340dd3eeea0daa17242b1b335f73455f6734ff0dd9a20ba79ed33 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-11 12:50
Reported
2024-06-11 12:53
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
132s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\神笔屏幕写字软件 V1.0 破解版\更多精彩软件下载.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d05046f8,0x7ff8d0504708,0x7ff8d0504718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9585122234511007741,17653097629178753919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.downxia.com | udp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| US | 8.8.8.8:53 | www.downxia.com | udp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
| CN | 122.228.226.76:80 | www.downxia.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2372_VHBZTDTVNCWDTDKG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1692a59147cfdfbbd3840cc7e6c6d05 |
| SHA1 | f5cc507582a332505e0b74330e3f4b91141859d1 |
| SHA256 | 17b2f95c9f9d090488f0d091521d5df73f22bac3cf1b636c982e57a839e75205 |
| SHA512 | fb09ba22ba4bd82fefd3b37b57a90f985e2ce723feb75d7774ace4bb1ac808cf210a9cd3e6fec067dee4736278c246d571c533784ff8cee4bf8a2a99059022a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21cca4b4cd7318d0f0750a766d8e9cba |
| SHA1 | cc90bdc0424cbd4698272dbe01c2d17e8814ebae |
| SHA256 | 3cfa9774e50c3354dc556eaffb52f481f80ce79b972dc0376fe1b5d46c840c48 |
| SHA512 | 4b1fbab498177ad1a4ae45552c6b0b775f1336e54c6b4ad6ed35bcffc7787fb372fc9fb17fba4a75dbb238729455dacb9d78afbd4af4a0c2b0ad569e7bdc5f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 415b389ac9a448828d5a56598a4e716c |
| SHA1 | 0ee2b7b18ad80ac04dda2589ed1521dfe34800fb |
| SHA256 | ceec46c287583936488af04d8e57fca2ba3cf9f599a119477fba8a19e42a91d7 |
| SHA512 | af743cebd386b1916b404604f92ac29465d22c76a7bc02340de4852d406952d6d8070517967472f57a3d7c114a07a9468f2a82b166933658bd0bf9432851bb5f |