Analysis Overview
SHA256
af2a733e6d9820f45a84937fc9bee7ce0551dc94d698b1320518fc310bb946ed
Threat Level: No (potentially) malicious behavior was detected
The file a510067f654081418cbd9409573fc44a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:22
Reported
2024-06-13 10:25
Platform
win7-20240611-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424436046" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7C0F291-296E-11EF-BA09-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2140 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a510067f654081418cbd9409573fc44a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 120.41.32.35:80 | img1.jiehun.cn | tcp |
| CN | 120.41.32.35:80 | img1.jiehun.cn | tcp |
| CN | 120.41.32.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 113.219.161.35:80 | img1.jiehun.cn | tcp |
| CN | 113.219.161.35:80 | img1.jiehun.cn | tcp |
| CN | 113.219.161.35:80 | img1.jiehun.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 114.232.92.35:80 | img1.jiehun.cn | tcp |
| CN | 114.232.92.35:80 | img1.jiehun.cn | tcp |
| CN | 114.232.92.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 114.232.92.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 114.232.92.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 117.68.52.35:80 | img1.jiehun.cn | tcp |
| CN | 117.68.52.35:80 | img1.jiehun.cn | tcp |
| CN | 117.68.52.35:80 | img1.jiehun.cn | tcp |
| CN | 117.68.52.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 117.68.52.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 118.180.40.35:80 | img1.jiehun.cn | tcp |
| CN | 118.180.40.35:80 | img1.jiehun.cn | tcp |
| CN | 118.180.40.35:80 | img1.jiehun.cn | tcp |
| CN | 118.180.40.35:80 | img1.jiehun.cn | tcp |
| CN | 118.180.40.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 118.212.230.35:80 | img1.jiehun.cn | tcp |
| CN | 118.212.230.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 113.219.142.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 113.219.142.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD2B.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 277e10229f4c9df50675870a2f884d7a |
| SHA1 | c86d2f46d2b8453b0a5d2a510d2193a3dc4253ac |
| SHA256 | 8c3efd46a5df4343656748b4f821b501e5383db9f937546805e18357d50cc25e |
| SHA512 | 83b6c4bbd5c446590642632ba5cae4adc859245994257b4413323730039e87b7ce4f221bbb0967e7d2e83778a8b8a50041fc68b04a7ec3ba29740be019d2e599 |
C:\Users\Admin\AppData\Local\Temp\TarDCF.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c03b3810e853a77a1cf838ec66987bcf |
| SHA1 | 9107d37bf87a671d499e9a84660f7135990ed276 |
| SHA256 | aa4bfdf4b015fd696711814d3fd6182af5d24172e3b96be2100088d90f5f5f70 |
| SHA512 | 4452e4e31cbdf66e3d1ef84f37fa52948f4fdc3b3f00f63fa0ef6e82da25387d42cc3df4fe6b9efac8bfcaa8d15be84707a1f993533d115b92d5effae6935416 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dd68be849cef40b95bd723e64f9b226 |
| SHA1 | 7d1b3ab5d3bd69ce36b91f77733918f87aa04248 |
| SHA256 | 04e310888e352964165991d143b83535f7bd96d0591b231aa68799f38fdb25c5 |
| SHA512 | cc377a6e4739411cdb99d870db2ca80149438e6448f62349b9ef920d9e05b0987a299ef9e8d5a03521c8640d99f3d1d8620ca4457284eba216cb4f36ddfb3129 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f32599b16d26bdc3b311f6d7eaf402 |
| SHA1 | 242e64e8b121001d1ae6c1db5126171a95a5e927 |
| SHA256 | 6915345094c908aa6b2b9c40dccacae572b8b78346d6b8e320ea90d9e4536f6e |
| SHA512 | 7f57e5ed483fc1cba9ff83a87957b2b4a79d26afeec5449728ac50c80c3347d066121250f6ab2c6da5e3d8099f818bed7511093bbd42832ae58d2616c7db13f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68229e88733639b6bb15ed026a071f6c |
| SHA1 | e525a0150484327dc45326071b4538ec767c7297 |
| SHA256 | f0f1e5ebd199c73cf641c7e28f432d3b515f168fd0dd5afee6948174234740d3 |
| SHA512 | b448842aeced0cd3bc2c3a3d73468763fa5408510a93c2cc4c63aec30623c5853bf46ba4be5950e77fb03d3fb2d603948413603cc43fbf4886d56e5c2b3175c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25d8f66a4eed319bb8d86bf0bb84d2b9 |
| SHA1 | 73b17adc95a24d3403867ec6aa447bb80c196989 |
| SHA256 | 816af16bb00024a2db8bd52fd9f354ed3240f7595ee28fe58b78394a600751a6 |
| SHA512 | 58c376356f14d454b47dedc0f9286c57c6d9b377cfe85d001a03c7c47fa40a713b96454b4ce93d1c44d41b703bbd594e2bbd3b95222208a22a7d97b51a3c31d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130c5fb024fe4a46aa3bd31a32cbe0fe |
| SHA1 | f8f98682f81fb641792fd50c7de48be24c5126ad |
| SHA256 | 4506ddc0e6fe89218aa07178a32e5cb08d709a2e01960b2a0450e45958ddb9d3 |
| SHA512 | 76396a81a89adefa59728e433de6830a02fbca6d4308f03e5d89493c492896eb033eed9c3c848e9915d1789804bf6ad7c7cbfdb915da4e15ec8a275941597d03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e3505e281f3f57bbeeb24d6b78a9928 |
| SHA1 | 6a4ca18dcb5bfb3b978b45fd571b199caf2d6e99 |
| SHA256 | e96d933f3994da9f28935e89890c8577a8bed854892632ea76c9f4ce91ad1635 |
| SHA512 | 7975977e052373da09f2a6c8d69773a6c81308722ead7f05e3ec9e3cf1d6cd34956e0e37b6c2ff2b700e86ab84793155479b2d3b2c6dc8f733e2e780764b97a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2049755fab4a1a8844ffdaccac608bc8 |
| SHA1 | fce50e91359a9dfbbaa16744df7500ce5b274498 |
| SHA256 | 3fdc6b37a2ee3223a509f2486569f226b333131423a5af7d08239b8397769690 |
| SHA512 | 16a65f19910207b723797c3f585be2e5d43d01da45b91cb33cc8da2611b135d35c900d96a883f16ffb1648091f0cd37555a2defb8a7fb82b3a2061e4e007c8c7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:22
Reported
2024-06-13 10:25
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a510067f654081418cbd9409573fc44a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb29fd46f8,0x7ffb29fd4708,0x7ffb29fd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1000331710419795520,9682390565318379868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2988 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | t.cn | udp |
| US | 8.8.8.8:53 | img1.jiehun.cn | udp |
| US | 8.8.8.8:53 | www.googleadsl.com | udp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| CN | 39.105.18.168:80 | t.cn | tcp |
| US | 170.178.222.41:80 | www.googleadsl.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| CN | 121.14.135.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.jiehun.cn | udp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.160.251.208:80 | www.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.103.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 106.225.194.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 113.142.207.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 61.170.99.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 124.238.241.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 125.74.42.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
| CN | 140.249.244.35:80 | img1.jiehun.cn | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_3708_ACBMLJKDXPWUXOEX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa50d0fc921126753515038608559b79 |
| SHA1 | b5ae55b59f5c977dad816c398a6c1e30a19e68e5 |
| SHA256 | b15da7ce013f9e7507412db1174d5b081a2068d30ee8428eeb3b9b174a5ed894 |
| SHA512 | 9dea6bdc4f32e6b0ae3cf78a1221a7ecc1f41c7d1db162627d95db0a11ddd6ab02e9363561a8dddf69a9db8800ca0e414794b208048769e556d120f85dfbce5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3367176b148df30099ab0adbbee36b05 |
| SHA1 | 8506d871ef0709ef7262d15131aca665d9495ef4 |
| SHA256 | 420cf6e84428d1adb555ef6661a1b3c0b283eb47e3e68b03b99f26c47c9cb86d |
| SHA512 | 9cbf55afa6994d5073920bf14d99edfe01bad3f25b56fe0beb8ca66c6a4acd6429b77d5d085f5151910b29c0534d2d05127e64ec19c75a42a7066d7350dc65b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2fdb74637b767c91a7098203ca7424fb |
| SHA1 | bef11e5ba18d85e6c93a6ed6c80de1a17fdb69a2 |
| SHA256 | 62a4bab48e07d35d689f2e0a37d8ddc30b02ffc48907bcf94bacc081e227a3a1 |
| SHA512 | e3bb99f065c1308709c28cb8c0ef32ecd206fd8888a3e56cfa68fa364116878fae5554ed003b9f363697e873d251ffe06fc3748b667909c0d000e0b983596ca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f081c8b58cb4af4d8b8117a2ba23bb2 |
| SHA1 | 540d637ce92704cb24057efdfa03b5ecd30691f2 |
| SHA256 | af67bd42215723df369fafa1da98ebc9c6d274782b3d9d8d38845c4b311ce37f |
| SHA512 | 0a442ee84edb654fb6fd0c54c17f5cdb5e237c9c48d24219a63d28d0bfe3775557a5f27135e9c30987923b381cbecc6b1e6b34e0c32073df360bc8c56da7d62d |