Analysis Overview
SHA256
c2a49ec6835843a7c61b2386f1de8796d0efd6d5a17c79447239403c8b160187
Threat Level: No (potentially) malicious behavior was detected
The file 917a51fe2239c63d4694cc563539f6ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:40
Reported
2024-06-03 10:43
Platform
win7-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573117" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDFE9AB1-2195-11EF-965F-FA9381F5F0AB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1264 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1264 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1264 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1264 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | medxwaste.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | ocsp.starfieldtech.com | udp |
| US | 8.8.8.8:53 | ocsp.starfieldtech.com | udp |
| US | 192.124.249.36:80 | ocsp.starfieldtech.com | tcp |
| US | 192.124.249.36:80 | ocsp.starfieldtech.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2D2E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2D32.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab2DE7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2DE9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee41f7673345b3cb44d974a0ff71d98d |
| SHA1 | 4eb844d42c5f07d762a92857e411f37bc67698f1 |
| SHA256 | deaa44589a6abc76b8daafb2235c23130cd44970e3881ffe8d0f3c8afb64d6a5 |
| SHA512 | 5d7ad9709105000cbb96032ec7367cc0c4378feab1c000578d5a2af922e1110f1b5578a149f26cb9868a2c9f0b26a562f7f33f76122c54ae3666073d86a21f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01671028e0e0c4f11e4adbe47e492468 |
| SHA1 | 525f46fea9f443cbd7ceb29ce7b45b107da496f1 |
| SHA256 | b1eaab4557c43c931d85dbc522e1a6b3938cc0585cfc8e0f16d26ecb45fbaabc |
| SHA512 | 5238c8df8bdce8767b696e970872521bdc64ec5078af49682038e20bbb36b3ee77b1ae8db40d5f3bc80e8ccfe8111dc3ae2145a9d2bac89f127bf34e116042fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa2fed593fd5c09f10d8879b2142cd8c |
| SHA1 | c7543a812ca2ca8a22d584871edd91c39b0f4811 |
| SHA256 | bd9af0740c42019224b93bf5af88caccb1e92d9e3894d5904817c9ba14dfd9c9 |
| SHA512 | 95437be3a8fd3d9d501cce9cf793a0ae01ee20caced50163225c0e5b52d70374847dfe457a84efe3f430ead08d511225ec4c04d4f049a02173076d43a415b47b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e4be5656fcef579fb757a32b81249f |
| SHA1 | df49b13fa7588d1314bb7c628ccbfae747407457 |
| SHA256 | aebd16b829e916a7de5366cac5969e1b6a989d9d1eecd7c66ebb949c61c4be76 |
| SHA512 | 27183b978dc09c0e04ff54d1d3a30a1d56adfdaf9550bd205a54fba87d4111777cc69c5a6ca5ff9d7614500b2a0c29fee873b50db753603ceb597be34e6bb6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1609b9359a35861146ceef1069304c5 |
| SHA1 | 7cf04c70b0991be8880631b18697ad57fec2606a |
| SHA256 | e949addeeb7bdd16b3a8e5797d0c7a00fd769513dbb39a38c040c37b0d56ad7f |
| SHA512 | c3681f11a859caaa0d3f0251690480bfcad0397f17774c89251b5e0d57732f2e0a30a988fe06358b4fa6c7d0c7954ef58f9998d480b77d4da80653f1b4c37045 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd95f6282e2710c6a99bd459287f950a |
| SHA1 | 41fa882531e09f982625b056a648e6824fd925be |
| SHA256 | 801ae65c27876e7a8246d2266377e0abef87cac3e2a3141135f9e453a6db1526 |
| SHA512 | f419368b367b66da8b5ef9f98e69848d8a55eff3620b2bc6ecaeeb8fda78ffe2956325aa6bc923fb4d2ee10533c63e4b3d63a7fe0dcba5c07a725ecb49c2f155 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:40
Reported
2024-06-03 10:43
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4404,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3744,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5160,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5444,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4264,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6940,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.134:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | medxwaste.com | udp |
| US | 8.8.8.8:53 | medxwaste.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 166.62.74.224:80 | medxwaste.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | events.api.secureserver.net | udp |
| US | 8.8.8.8:53 | events.api.secureserver.net | udp |
| NL | 23.62.61.123:443 | events.api.secureserver.net | tcp |
| NL | 23.62.61.123:443 | events.api.secureserver.net | tcp |
| US | 8.8.8.8:53 | csp.secureserver.net | udp |
| US | 8.8.8.8:53 | csp.secureserver.net | udp |
| BE | 104.68.78.107:443 | csp.secureserver.net | tcp |
| BE | 104.68.78.107:443 | csp.secureserver.net | tcp |
| US | 8.8.8.8:53 | 123.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |