Analysis Overview
SHA256
6ae501373dab23e73eb0195ada99a10d75424134b35d54b515ba4d182749fa90
Threat Level: No (potentially) malicious behavior was detected
The file a43190d2401ce9936d7ac6592698d771_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:26
Reported
2024-06-13 06:29
Platform
win7-20240611-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421864" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1CF6221-294D-11EF-9E55-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6B72.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6C11.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bf8ecfe09b7117cd2992ce9c89e187f |
| SHA1 | e634c5f195d8d770c757d1beed7c5f68fbd74b07 |
| SHA256 | e9cba87fbc6484277f8694fc780b6cac036d615ff596e51d455d510dcb13118d |
| SHA512 | 759100d0e89fbf7fdd32fadc5ab6bfc984ebac965f195b32dd88f5b41be54544f91ca0d180e804ea3a312c314120183ebfa71c35605393eaa61350873c6c7917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73d3f5786d880e957e45dd69bfde7059 |
| SHA1 | 43ad6a3c524861cfdacfe691659d99fc9a816a00 |
| SHA256 | 781ace3b592ecb471df8c9afcb08d9922f3a981797ace61b8c35095f1070792f |
| SHA512 | 7f023a6c1f7f1e68546de599b3d5dba989508628f95192d6c87e1529c4b2cbf635aa53f9602c08505bf53dd68d80aa4abb65306bf6cbb59fb16678f826069315 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f72315ffa6d95da1a881b81be2251c7 |
| SHA1 | 0c2bfae3baebaecb2fa6030cdce6c4893bf073e6 |
| SHA256 | ff73767556bd95ee10330e374064f54abcaf013e6fd2953e998b870fc7cff4cd |
| SHA512 | e8c68207ecc65891afe2f4343f0dda3044ce90e48336620cdfab8c423875e7727850361a0904af0c7ec9a25025cea3b0fb07907e51165a52de5c0f8fba062469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc51d04982731aac41778fc93a629ac |
| SHA1 | 3ffb51d656c989145fa36d0ad14cb246c554bd9a |
| SHA256 | 9000a0caab4d399eb7b449f0f6a66638636f8e123dae404043e9f9641ec1f3b7 |
| SHA512 | e7071218e7ce5e49638a6ee1c9f75158540559a47dd9e7de4fcaec9a0ae45c63ab2fab3acd00f97dfc625a3668f4a8cc7779cbfd5f3e3207c7f015afd34a7e52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 783cd00bc8dd58398a02997ba58e0954 |
| SHA1 | f7ba2591fb74c5704c57c146edbe90b80a1a157c |
| SHA256 | fe7c43ca3e132921bf02eae76d54a6e95f92f70e1ba1421d6665f4c673c1ac73 |
| SHA512 | e80d1ff482faf67670ec415b29c344dc57e7e026b5ab7289ab1e52d61685ac5bf8ec07cdb087de3645334cdc2655e7b34d73a40a0fe954a9bb7ff61cbbc08d43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de731439e0818bc71f3eadf8a7c9088 |
| SHA1 | 238d0a0cf9835fec92f6dd2a95a67eeb6f99ba97 |
| SHA256 | 3406dcb59310d97138ca92fa14a02ca19099fc667ad6f3cbd981910ee59a2a31 |
| SHA512 | 2b6820e6b5835b568045540d87745d560f4d13eb8ad7e4a498877d360b79b6049cdf975c4d0564cd41c4078672611c72cdbc637d9c9b523845318623959b0937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6addeb9f576502f801b16739b1588fc6 |
| SHA1 | c4049103fb6d1c7ea1f21ee3d10813f2b47917ac |
| SHA256 | 383085f10572218b0477e077ffc9e40425bef24d6a126686f857d25ba027697f |
| SHA512 | ec5d6fa066e9f9ddc03797062f119dcf05203b51ffd441a78299ad6488729e521099f932d5631a8016fc6996071e3b637e4c2114c5c7ba41595878dfddc0948c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 619f1e2f05244d86e2dee7b05341b542 |
| SHA1 | 4f8402fa2a57cd8dbe0f605efdd4311b9bb91872 |
| SHA256 | ab5ae695eb4236f51801c5a189e614e887dab34925b2062916a7d83a4167d1ef |
| SHA512 | fa97003b5d163ecc97416c40105de0f001ccf9231c8182f266d53894b4d7a396e552844219ccd9e570f5a56b1287cb64a61cef49dda0f0298a510e43012a44a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1810fc7a5bd0dd6a3cde41fbad6cdbe |
| SHA1 | 3e6e4aa8d797d03d3f9744dc9333eac6af123154 |
| SHA256 | c925269a99eaef3ee47890821fe0ce6356796786c367a654192d7f0356f49a24 |
| SHA512 | e7bff0ea0bbf6ab015a88ea37173dabdf8f5f2609972a4261a67023a3df58b5e96c87e5c891eca63d6423d4070b539054525c41c6837622ed42c4deabc47d652 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:26
Reported
2024-06-13 06:29
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43190d2401ce9936d7ac6592698d771_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabdd646f8,0x7ffabdd64708,0x7ffabdd64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18310016581979338691,1468011842952783816,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 58.42.14.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.193.146.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 1.194.253.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 27.221.77.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.81.98.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.4.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 1.71.157.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| CN | 42.101.56.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
| CN | 1.71.157.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
\??\pipe\LOCAL\crashpad_2544_ZENHDZFISOCOLPAO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d20711b561879a6fa144881885f6132c |
| SHA1 | 53455067c707f32fbc4026084b1f1bfa4ddbf75e |
| SHA256 | 45d3129caf88a046f7cda92883ec89328cbde9eebb25931cb40d8e7dfa25b4c4 |
| SHA512 | cac424cf7ca0c6d9d880b7c3f357e2b8327171400ae5ef8610b90f4def94936b4d0417ebf99cbc3759748fbc9b131d4b0dab81ce59c57709258a75c406e26b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de17d2c9d474366e1ee17e15b8843bb9 |
| SHA1 | 2e1a9f63d601731a1e9ea98fef3ab0e08792774f |
| SHA256 | 9327f7c9e092ddf922973e7429d7857d0351103c83e659f68c6f5a393d4a17cc |
| SHA512 | e80648fb50efaacfdaff164c4b7cbecbe4b8f050cefca264128a0c156f6d212e034c36dd433132c80021b5991899961c308547cd8788d82b854583b9711e5d03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02e09b60f8ca06eccd17063bfb6baaad |
| SHA1 | 1c5d934d68200f2d4144565f633d2847ebc26fec |
| SHA256 | 9e5809961765952c88ee5baa799ee2bc9fb9fddc8d0296a86a984fecc8e9174b |
| SHA512 | 735bf47835c527745d9a6fff4b85329c3939884150916099f7255da92b4d9d7d12fd7b74dd4f905b517de3d255487fbdb2b66e075bc42bb16d317a381925bc03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e050f73d55498bec0472ba591d84e81c |
| SHA1 | 1497f24f01fe0ac4415ff285f4392026301b994c |
| SHA256 | 5f55362f75473d79c7495df4b1ac3b9727a0891021f90058fccc1f7118f0cd4b |
| SHA512 | 60747861934599b0fb0a53966ec28632e5233f658e2acc5319cc71c345a21afe98d1d17a71fa2d6bd2211ccf474a0225a179b2b7dcdc0b91cf3793e690d774a9 |