Malware Analysis Report

2025-01-18 01:16

Sample ID 240613-hbym9sxera
Target a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118
SHA256 468030533f3d2702aa346bf6acda7b4f9259a460697a4126c68f45331dc3bcab
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

468030533f3d2702aa346bf6acda7b4f9259a460697a4126c68f45331dc3bcab

Threat Level: No (potentially) malicious behavior was detected

The file a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win7-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBEFEE81-294E-11EF-A3C1-4A2B752F9250} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422337" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 s132.cnzz.com udp
US 8.8.8.8:53 discuz.gtimg.cn udp
US 8.8.8.8:53 att.ydss.cn udp
US 8.8.8.8:53 a.tbcdn.cn udp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 tcss.qq.com udp
HK 43.129.2.11:80 wpa.qq.com tcp
HK 43.129.2.11:80 wpa.qq.com tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 220.185.168.234:80 s132.cnzz.com tcp
CN 220.185.168.234:80 s132.cnzz.com tcp
US 163.181.154.229:80 a.tbcdn.cn tcp
US 163.181.154.229:80 a.tbcdn.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
HK 43.129.2.11:443 wpa.qq.com tcp
US 8.8.8.8:53 gm.mmstat.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 59.82.33.225:80 gm.mmstat.com tcp
CN 59.82.33.225:80 gm.mmstat.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 163.181.154.237:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 pub.idqqimg.com udp
HK 203.205.137.227:80 pub.idqqimg.com tcp
HK 203.205.137.227:80 pub.idqqimg.com tcp
HK 203.205.137.227:443 pub.idqqimg.com tcp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
GB 79.133.176.166:80 ocsp.dcocsp.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 220.185.168.234:80 s132.cnzz.com tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 59.82.33.225:80 gm.mmstat.com tcp
CN 59.82.33.225:80 gm.mmstat.com tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 61.160.192.97:80 bbs.ydss.cn tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 hm.baidu.com udp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d56bf6a72bf120407385c0c502e7e64f
SHA1 f61f04099cf74b44749a6e66d6c5318909dce80e
SHA256 83ece0af63f1ede190b941b3d4be35d7f771222885f8b5643fca0fc5bbad90b1
SHA512 c1c4825520dce2fe7c8c1b9a8a94395773ab2cf0d9ecbd7ff1e02d14eae2189743af7b93ff61acb0751a83cf8b622b89ef627d2d7b6b39e91acce393a9856b8d

C:\Users\Admin\AppData\Local\Temp\Cab7781.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7793.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 668f8b4f82cdcd89571c59e8f23522fe
SHA1 5c3baadd8ba805833fd7edcd17af5b140181e8ad
SHA256 4ae6a02f10f6e1eb9efa6a45f21e7cb27b665befbbbdeb6b68a0e7cc5af24c58
SHA512 bf3b32c70da7c0e20ade7080b088883bf82fdabe0c52df00c296de9ac89087e80f275348a628c498990ab1d1233dc446d3a511b9fec612422841c9243d6b791d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c7b2559bf05ee5427deac744549d644
SHA1 7cbf05394fb4185a6af3a54ad41c608487c2f5f7
SHA256 53cfdde5fb42c070ae786d5db0cf81c23117830295fd35b0517e9ce582aa9796
SHA512 272e54a731ba7b8cea769c10f66c19d058c8e2eacff42368d9243972aea32678b6dcc7b52fec996e5d21b9c0737cd7884a1d25c033f7a4ea7c39b956232f0452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a24f9d01789ad15b4aa2d7cf415e54b9
SHA1 1cc2e959a7a9061ab7ade5f1ffe1bea39277d4f5
SHA256 1bb425cb669299681c889febb4912ea65e7b0661cb99877ebdd08c0bd380b1d7
SHA512 de1378babf2d4bd62680c8d4c2c3034fea0f9315a6cc5868584d0a4012da950774c4ff7de6d285fede3aa2434ca82431001a2dd33de3084b8b32f752051d7e57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ed04ddf6e8fc70c9217e0dd9ea075b7
SHA1 6e293b26c158cc352193841849cad819f1c40e60
SHA256 14893d1eea64b0a51fc2070c5f7c4be57459b961744d381ba1d5d15a6b402f44
SHA512 86630757599abfca2c15b7402fe71de134090eb8c86e5420788b388f75aa3370f5f3ce68be53d61b05d1fb2ce28fb36cefa63e6a88ff38f79fc3e577467f4918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b99b9ff21b5aaf18d2686b7f62aaf83
SHA1 40c735b36b36634965affdc8a706ee369694dd3c
SHA256 e0e2d83ea77bbabd3d4d5a6c864b1357dc9bb0118b306a68b967241f35e98269
SHA512 d0ee52ba2dc791dc718756b09fbc118bbb0d6761e74b72ca6d8b8af8fc8b32571c35b02144d867e15ccadd1cdc34e9cb9a49013f2997b05571223b774de899b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe973b94c6b05d5f069f8afda41ed08c
SHA1 993acd5cf6e97f81b1bd953079e588cdc307f38d
SHA256 26c18e736bd145cb1f44254bae44b9d810be82381e3b8cd99c82ac474f54cc71
SHA512 688046ce970e5a4b9071b0c4bcbbdd6cdea751e43daf92dfe855c629f57ae9ad21cf4ecf3e8782ea0585213375715891477b89d54b7d7096db1757af8f0d8c8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dca5d9a70147b17c169cbd0fca70fb5
SHA1 ed36369961aed8c3c01c94babb1947b5214a5fa7
SHA256 33c33d097b3d35c94350435c1f4c45b02118854508d5bec5979dae02d9bfeefb
SHA512 66d474c82fa3e63d274860cbf7464de6ccdf5878ddcc1e5049a66f70e4d723883895043fce609e0b994763bff50fbbab49f57a8e7d6babeaf78c0d5861d0d233

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd359ebd6e67db9201f498283ddb1c1c
SHA1 1ef45e7baded509c8791b00a9b45605ef7f6a3ee
SHA256 faa0852f3e4bb2cb799bfe53e3faf8f7ec0e2f3b4fa00344a062137a946905a7
SHA512 d8ce6ace1535d1ff0ba6602a540b76220ca60c1acdc6cbde402e86284769ccee2325cc019bd5f5d87ae3f15c7aefdcd9bf2b7ed414661aa007ca8b4de95185b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9359042bfa3047e959a482fda788036b
SHA1 230794eea9eb2239c083c2b8f6f6d8054d60ff62
SHA256 cf1137e4faeaa24e492d994ff6f94c3e3b6efa116ee76b7b2d98d4df66c784ba
SHA512 1eaf8e5b2b9655c2f55df020ce5802cd5e7226482877f66a7543d3d4aa62cb00799a5d02fa49c9b528e28bc9a5d59e3ab8445341fc29f5a00403713c3bd00397

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5000 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5728 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5352 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5840 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 2.18.121.10:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 a.tbcdn.cn udp
US 8.8.8.8:53 a.tbcdn.cn udp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 att.ydss.cn udp
US 8.8.8.8:53 att.ydss.cn udp
US 163.181.154.229:80 a.tbcdn.cn tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 10.121.18.2.in-addr.arpa udp
CN 58.218.215.169:80 bbs.ydss.cn tcp
US 8.8.8.8:53 www.microsoft.com udp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
CN 202.98.201.167:80 att.ydss.cn tcp
US 8.8.8.8:53 tcss.qq.com udp
US 8.8.8.8:53 tcss.qq.com udp
US 8.8.8.8:53 s132.cnzz.com udp
US 8.8.8.8:53 s132.cnzz.com udp
CN 220.185.168.234:80 s132.cnzz.com tcp
CN 220.185.168.234:80 s132.cnzz.com tcp
US 8.8.8.8:53 tcss.qq.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 discuz.gtimg.cn udp
US 8.8.8.8:53 discuz.gtimg.cn udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 229.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 discuz.gtimg.cn udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 wpa.qq.com udp
HK 43.129.2.11:80 wpa.qq.com tcp
HK 43.129.2.11:80 wpa.qq.com tcp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 11.2.129.43.in-addr.arpa udp
HK 43.159.234.172:443 wpa.qq.com tcp
HK 43.159.234.172:443 wpa.qq.com tcp
US 8.8.8.8:53 172.234.159.43.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 gm.mmstat.com udp
US 8.8.8.8:53 gm.mmstat.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 59.82.33.227:80 gm.mmstat.com tcp
CN 59.82.33.227:80 gm.mmstat.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
CN 58.218.215.169:80 bbs.ydss.cn tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
CN 58.218.215.169:80 bbs.ydss.cn tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 pub.idqqimg.com udp
US 8.8.8.8:53 pub.idqqimg.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
CN 14.215.182.140:80 hm.baidu.com tcp
US 8.8.8.8:53 pub.idqqimg.com udp
HK 203.205.136.81:80 pub.idqqimg.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
US 8.8.8.8:53 pub.idqqimg.com udp
US 8.8.8.8:53 pub.idqqimg.com udp
US 8.8.8.8:53 81.136.205.203.in-addr.arpa udp
US 8.8.8.8:53 pub.idqqimg.com udp
HK 203.205.137.184:443 pub.idqqimg.com tcp
US 8.8.8.8:53 184.137.205.203.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
NL 23.62.61.161:443 www.bing.com tcp
US 8.8.8.8:53 161.61.62.23.in-addr.arpa udp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
NL 23.62.61.161:443 www.bing.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 bbs.ydss.cn udp
CN 61.160.192.99:80 bbs.ydss.cn tcp
US 8.8.8.8:53 bbs.ydss.cn udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 61.160.192.99:80 bbs.ydss.cn tcp
CN 61.160.192.99:80 bbs.ydss.cn tcp
CN 111.45.11.83:443 hm.baidu.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp

Files

N/A