Analysis Overview
SHA256
fb3392f6df3122d060205badd8360138d38d9e5183369a0e39c0e459a106bb95
Threat Level: No (potentially) malicious behavior was detected
The file a3eb2d8a8c60b41a0fa772835dd57796_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:07
Reported
2024-06-13 05:09
Platform
win7-20240508-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424417131" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c057a2cf4fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e1986f41ab14fe315d20f51b274d3afad814f7cbb473bfab1d592ef27a802d8b000000000e80000000020000200000003705a194eef43688e9964d3d8ffc9f8a188de6055bf6472b05eca0672c14bd4c900000008bdf3fdd1d1a9f1a7dc046b1de5845c3d4d7a7ecbea293df5e7c39bb14c6d899caeaf789cac852b55350a53e1366b454ef7bda5c5bcc9c1c73b631b90b2c92f55a1b9c6722077dbae49a2708e1ac48b3f706cf58cd96e15da7ca67073caf20d57a9086b51c2f8af9e8b268bb1d24763450f0aa38520306f6c7406a5150c79c3904627233509b4fef19af3fad7b0322b54000000070555ec05d12b442e52febe897321cba17fd22ae3e510f337a70118be71cbc25b711a1408456b0638c2c799be0c1df8517f58101141aaa0b70af17197c299859 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000027ba47fd6629bc80aa1188ca5d85ae509302e3d56d925756258c25ccbd238dc0000000000e8000000002000020000000da98a1958d4eac5d7d3e134923960c5cf18e7391bc323c2eed154400ef62ba2d20000000b805891805c6b4ecdac25518930a320d36c060df3954db8c2e1085cf25b0298b40000000bf0d559ad83fb28fe6a8461f1fb72f8315921a5d9d047ecd63b75a405bf9246fb15c4806d27eb22bd1e63c8c281967fab241131b94f4f3688d42cca1243e1651 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D06ECF31-2942-11EF-B21B-FA9381F5F0AB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2460 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2460 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3eb2d8a8c60b41a0fa772835dd57796_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:07
Reported
2024-06-13 05:09
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3eb2d8a8c60b41a0fa772835dd57796_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94a3546f8,0x7ff94a354708,0x7ff94a354718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1540606653997564044,4669152885977419604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| CN | 180.97.66.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 171.107.86.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| CN | 171.107.86.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4628_GYFNODIYUZGWCWET
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92afc00e773a2c2b590cb6db61de4000 |
| SHA1 | f297e32e303ea805e261b98f2ae1e6085c33e4e9 |
| SHA256 | 56097c9f4bce54cf8e36676c162456a8ad1aad221d828c925319de5e09d8aefc |
| SHA512 | cf3c006793d81c99e480f7dd814e79877278feb20a24c4b5a16f53473892ab86679d0ac99991fa576ea777be561a3646b38ba8a740d6323b3a0ebdaabdf53621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3c261215-ee45-4f98-8b8c-fb1b3976d89f.tmp
| MD5 | e773b9a2febd58e69f9b2eb4f22ebf0f |
| SHA1 | dea6f92c558518c5358055a4d8273f227b75dfd0 |
| SHA256 | 20cabd9cb6837718392c7c8c3051cdf0bfb00190e54f8b2982833875d924c452 |
| SHA512 | c863556f5119b56f6f2a5b780274851a7d8b77113feb36644a4584a9c578168cf7f83b3de4bcaaf6f17a719293b90b6b371b08a977094f8c3161fb11d78883b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c462fdab83c4a1d4fca5a444bdf40c0 |
| SHA1 | 605cdf4cc54780a157ba8668279ad91d743b6a09 |
| SHA256 | c5d0a79ba09006bfc7c59ffee96ec90f70d04aa00c518111886edf3a306f22ac |
| SHA512 | 731d220e86b72592b068fd1338e0521029f90b4596fcae0fc76cbd898d39336cd9675c366e1b11a07463ef39215cba3cb5c9f64e73033eb8c007e559d120187d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7de0f0717b30d13893f6482030e2717f |
| SHA1 | d028bc164be6957d82bbf10da1f809137f8f5661 |
| SHA256 | c041ad7464b42dbc75710cad41390769bc6ed4220276ad39bf081d65e4ef5959 |
| SHA512 | 97810398de85df71db3d4b646df6b5d610ffcfc3e4e3ddaa717fc7d1818cc057f0a1aadbdde4ed6a78e27524911eb1ada8b1d90c1cfa1eb752fb18645c06de60 |