Analysis Overview
SHA256
429e8a5e9f0fbc56b39198d4d84e0bac99230628d8a28bd9e4391ed141bdf500
Threat Level: No (potentially) malicious behavior was detected
The file a4a64991e90a9d59526b06bd03a9450e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win7-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429458" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{910B17F1-295F-11EF-B6C6-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a64991e90a9d59526b06bd03a9450e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 111.170.25.35:80 | img1.jiehun.cn | tcp |
| CN | 111.170.25.35:80 | img1.jiehun.cn | tcp |
| CN | 111.170.25.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 111.174.9.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 111.174.9.35:80 | img1.jiehun.cn | tcp |
| CN | 111.174.9.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 111.174.9.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab13D1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1460.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 210ccbfe03dcf494275a382f80fc8372 |
| SHA1 | ba9a6be08f86d195f342fbeaf8bf05ecf072200a |
| SHA256 | f0e62ffa0ef6cf1acbf95cfdf4968296ade5fe2389ad05cfd4912eadebfc70ad |
| SHA512 | f3fa4271a6ae45363a4314f3e9df1d99d976ce8dd5e4b15513a2a84d9be5b64eb335c553f9a74debe7a7ade20b8b2438b3f0986494191ae0ed13e15c0e71c091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caccd82e59f10370215185cf16660381 |
| SHA1 | 02f4acc61368cda9c76902ff1c9ac8ae2243b488 |
| SHA256 | 30bcee581451df91f599c9f209f1ba8ab71795e007901062a4394bd608433616 |
| SHA512 | 6d975d9712ae1460906b612592bce9c256c96685986cf97e0909c417171da2179177104f55da6aea8664d22db3a7c2fb6f9c7c0e6fbd680c0abba34e6f070629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb1108a8899033a0c6397347a1f9abbf |
| SHA1 | 2024f37a9901427e3df1f6e5e3aa42e833e01c3f |
| SHA256 | ce5ebea0c51592139a5db03e8a7400f80cc049441383353b84f178e947f52b8b |
| SHA512 | 06452314b0558bca0d6ec60ddc1104f95e6dcd728483d3b24ae1357f8f79e42822108c72e1ffc3d786dd39acbc15f044823c4871cb1b5234424dc327bbde8681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac679231a791a1b5f096ba819ee0426a |
| SHA1 | 95eda7863218b6c856a62bd3958bb516ad9586ca |
| SHA256 | 5ee1ca5a6ae9dde05292998f6c42035b7bcc3e6ec16f14a8a96b2ae57a4bc3aa |
| SHA512 | 82737a7bdc4ab634c16df4ef1c3464f350b7258154669763ecd5907a2bc4ebf1299a881ad4cf4c3fca99c3b82b8a4c1fa8c344fb31387095f7cf4bc67bd25e14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc84f4cebb746dab4cb21870a20ace2d |
| SHA1 | eb9296a731d3e2af77e5bff4429ee6fc406df854 |
| SHA256 | 0a52546c1ac99fb0b706d00479ce12ba4fd299fb3e80bf6a14ac897029cc5f41 |
| SHA512 | 49a490068028a457fec279a8e5631c82b20cc9d4c9ed509b449f922ad66ac75158737d1e3282a8fc7f934ea235b5d72373b035be2e4cd9eff0f9edb86a680e1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f65bb59a450cfc4274e42a7b789e0cde |
| SHA1 | 479ceb2fcafa9fab4e6c0872720969b52d554048 |
| SHA256 | fe1c59a944768c3f21135a5c8929c86ae071bc061ca5583618724131064b20d2 |
| SHA512 | 383a792dd37d46ed3de8b712326f03657ec2a62334ba7ace86fe8aca5eeb36a1d0f85b89a274df7cd50ea8cec5c499340494e968de6006202510a96dcbb6d9c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9d4594c3b7cb583e9e668996a1ceef0 |
| SHA1 | 97899a3aeb0c54912113e135a3bcd2d5322000a3 |
| SHA256 | 6988950449a578b2131e5f4f2692d939fea016e07b5b054cbb32f1a4f6285ee6 |
| SHA512 | a933be733bcfcda11ab727db505734d58eb29280bd4f6874b6a047eea9bc757222182f6a075cf76933810ef6a84a30b74e134ae04f703e8abcd45099ede84dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fa8901a0ca92ccd35b7bddd869bdf30 |
| SHA1 | 7ea2018f51fb9b8a7b4834511af0e4b951422579 |
| SHA256 | d8690ca59bb12264f638517b5403cf3f6e4e30ec9ed77e3687d4536716a59183 |
| SHA512 | 7d8f5387eac778c75f1d06b4acbc47a0ca06f25150bbf5e15a8c90af570935cc0c5bfd86481c2b2c250f612f8112074159583330bf37331d9dd2beac140b5263 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a64991e90a9d59526b06bd03a9450e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12625990834505646851,7829146107523837555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 110.185.108.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 111.170.25.35:80 | img1.jiehun.cn | tcp |
| CN | 111.170.25.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4640_FHIWFBRCNHDCKJLV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8d19033ed62ac32bef2211126b2eb36 |
| SHA1 | 884eb8203698503c3db64518b044b34044b8d901 |
| SHA256 | 096da38b686175b5a846363552a5cf65022ec712757aef2cb3cb6768e70daa52 |
| SHA512 | 54d4a1f7ad0f016e750b648557a06e71f369ec76f30b7e02c9ee4e40875bba01f34b452ad54edf834fd1e39ec9315ca0ce1ab5c7f6b8a5c185cbb16a80609301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3cbf16355ee43f3a5e6952e891e87bd4 |
| SHA1 | acbe88752b5d4e2400feaa6926429f9af08dc920 |
| SHA256 | a1fe4e716fcdd98a01258567a262e4dc0955db10a18ed6c5747ea9dae1ab23f5 |
| SHA512 | a9b8d536b77b36007088a628b5fcb4d1d6db941e13f91744bfca50890726d5f981b5e736607367f86d4082697ee2881da8860203063b84492d51a8664a7a21a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c1d79895602ded5ae45ac39677879f9 |
| SHA1 | 87680832755712da8906de9205fc4da341a98f7f |
| SHA256 | c99db8c0ca2259d50b56a86a2205bec7771080a40e2dee1a2ef2cdc9c3da208b |
| SHA512 | 7222a9ccb8fd99742d8a455a8f4e8ec830b181facb8abd62e05413d392e0dee6158b04aded323e2a34219f98cabfe9a93243e8f7d21693f035acb843e8f4f094 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19cd4422c828f45c7aa2fcf21664882b |
| SHA1 | 670246e4d27d31c0f515874d08a2e7bfbf67dd96 |
| SHA256 | 25f1c59268bc439fb4d81a5aa6f0eea74b2060ffa57192a7ac6953dc71999ce6 |
| SHA512 | 52d6a09048cf1571baf09e0b8cebbcf68d2c5dec947e7c7028d013207ee64f7935d0cc85d86c76dd00eb709d07790d17b8d2d6fe317c302c9cc9de7c67944cdd |