Malware Analysis Report

2025-01-18 02:01

Sample ID 240613-jf47aazblh
Target a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118
SHA256 162d4eb2830a3b570febb4ebedcbe43c5a3a77b7997b6b14ad87a655b0271695
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

162d4eb2830a3b570febb4ebedcbe43c5a3a77b7997b6b14ad87a655b0271695

Threat Level: No (potentially) malicious behavior was detected

The file a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win7-20240611-en

Max time kernel

141s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b092e7a464bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF9F2E01-2957-11EF-A3C1-4A2B752F9250} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426128" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000300de6c792976f9f39356bd0a2177a5ebdeb0fda125a4419d5a977c85277e991000000000e800000000200002000000031532304989f870e54ef08b5dba791dc3b5753be5a8aa4945022474ff1d6cae820000000383899c5818b247f21f0f79f278646f6d74765051254219c14f44221711a7f2a40000000f996a61ecf14013fd511649db756104c106f8442650d2fd5ef487074c14426d034b5288d273195c373a7b97d6e7d11d37fa89ee225c1480d17d129a027b5b8cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c658fed157d5adb104c6ac3b2d91eb4e0a1086fbad856ae99c4cb780fb72351e000000000e800000000200002000000028818d0a2c3cf0c94b955ae3b8b5f299fafbe55adbc3dfa9c1f5765a4583f1f89000000003c3a4259a85570ac3ffbd061da59064b8aebb2137be6a9b58baf9ccf24a9b3589363ea14a9bb07ca53661c6503de00637145721ebe0506f8652e2c3688667c601cabf631a86eacd2408b90efef9412d41d9592196d21d51f058c4edfa2e65c326a9869d50aa9bd0a5ee254542359824dc0ea4311c5d7dd05722b4d9c238c851e828edcf171a022ebe80b81f0ab9a60440000000f8f97384a3c0a4486ae2c782c5bbd6e891103e05a6f781faa87facda69052deef9c7c0b5984ea388d857567de66bca7eea1eee5ff7af29520b659c971e3f96b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 ww1.yidx.net udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
DE 64.190.63.136:80 ww1.yidx.net tcp
DE 64.190.63.136:80 ww1.yidx.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab90CE.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar918C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52f9619ed777cebd2ee2aa694874b9a1
SHA1 3ac75ad98e26c3fc34a0ff0cd9449494cdaaa3cb
SHA256 662240c6d9e2d5a734f78f41fc5e1d7aadeb9d0799f6a9319d8ffeaf237f7022
SHA512 a47537c1d8fccd052626b7694700bb2e23d2cd6794ce7b9a85d29f8e6e7f9ebd93616fc23868bbb970572fb84cea4fd68be19cd6be211947129b1f840fef621a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cbb22bebaa32a5fd6ce9debadb59b9d
SHA1 a27f9a0a7e7ccf344c015449f1461cffb8a69300
SHA256 b197183291be950eadd08803f89057db132161e908a2e25d32a0e8b3dcbc450b
SHA512 a81855cf2e3eb2dad63de26426cbdc3d9a2a1be5d9955f96d41d61fda2dd48dfbdeb0e8124b9ea866fd29f0c4019f82fc1f4c923edd7639e8226e8bcef9d23a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9f6a89dd0293b92368db0f0bcf35491
SHA1 eba109ef436a72526e5815045de63b8dddcdc102
SHA256 18a59cefa96bc2f61534ea7ec20c6d55e2ec46f70aed6a5ee38b92a4e38c236b
SHA512 817dc6aca12945cc9758965a7433ae04de58fd349497d3a98a1a84af1cb592fd6925beeac574d0dba9be4d78a6a1d34252670fbd615b046e8bf28b0231465dec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3169a9905dcbef867ff58a71465e5636
SHA1 eda4528a7c75a06b3749afa37cbadf0d5aa5e136
SHA256 bae7b1fc5bf73bcb48b5ac8ca9b4a3a2ae2c6701a36e845990305e6baab18975
SHA512 99cb137d2fdc2dadb0f4d21d3e7ad45d23f4794b4c5c3181c794088a6d2bfb34f56429bdfeb657715fa61b9143bb8030785a977feaafcc1a75ff179ca7ba0102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c4e0ae9f8a22cb8ba86d8965eb07473
SHA1 c948f1bb881414a84213004b4963e60f3d92cb51
SHA256 66c6c082c4807e8ecae24f7c560ad280c2ef92d2584d871282f0fc7879f9f18e
SHA512 1e1d827b716398f81d5983d35c875bffb6e4dd94103e386aa1be48987507cb9b8120a0d28228b0e7330a6c8fa371a3ce2c3cd284741ac53e15a9848c08615296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d3bbcd9361f578289dbb320a606dc60
SHA1 ce9f1ee6d301605da7f27fd660c628b1791e4448
SHA256 2ebb42ce7d3a6c9750433e6a5f0ffead8d1e52fe9100c3249f431511e0f1e545
SHA512 233301596fd4ada99904b11320a725477374771d9e2308770a2298bcdb12c38490606abe63bfb262b48ab344844740f7ff7caf951478e9ab9aa10cbfcf9486da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0488fe61e3399d8f096869523f0a7f4f
SHA1 49da15d45e650cd6ff4f8f742e6804dab1650527
SHA256 c1c808a5d65988b8489ce0943473eaff807418ba3b4a34d5fcd0b6b4ff3d6949
SHA512 565f4235423744da51d2fd12eacb4aab81333dc5bb2c53dd3b9f516389fcf6af3645e19610d7521a8c970995c8b167ca7e584670d29acf25d757071ecda4b99c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47c33bce23a62dcb900238a21d985e8e
SHA1 11b4b371935f8c00ae464161631b54166b629f54
SHA256 60d1a6a38d0bbf0376ab5b826725ba3e052eb90742fea07951260970fe21fc24
SHA512 b14266c56d41c3ee9522703fd2b8c48e02e5d7b37c559517de3927fb0078f00e90f2a288d58a284d066a2adff70707bf883940a5d21d625e34ac875d1b79cf46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ed89d06fc57ea5164a737010e275990
SHA1 e8836f1796a945b4bc15392701c4e9df454cd63a
SHA256 b1e5aa28817935e1a74b3726a6d3497c42599b5b8c62005490a6ca4559c336f4
SHA512 39b3559b7bb61961f87c35fe46be0d53670ddcc1514a525b39e8cea804de711a14b9c760419252bc34c1b0cbb9eaeeac2898c3ae7224904805f1d1dc12bf68e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbb6f9813896cdd4c6b749f5394a1675
SHA1 7ff0bf7448740232cafc690b781b4d794bff7d62
SHA256 78bfb20ac8948fd7065e18e4c7334d93d1f5c5e8c4ef33668c11886c6b698074
SHA512 6f3b385d31a7f2a33af2448abc82da319659cc9023dea9a4e731d60637b434678c36e06ca41f53c864ec4f80b5cb87607c557ef9e5e202c6c7a5b12247299702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a6fc03b7d0fedb3f473003a1fd5b970
SHA1 fa105283e7a5f95078fc799d88d238cc37ff0091
SHA256 fcc186f70d7e5425b93584ff8837b5263db1033f5981fd450c5e7968f76f4ec0
SHA512 a461e9cc9a3525a55e4929145ff89bd89dc46b74030c6adbefec2bb33e378ebc266e6b909b954d78ddb9327557b8e16166a0f15877c1c9c35a0c0f4d54319444

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 658a576432616890b8e2fa2b45c658d9
SHA1 e0e1458d897f5d0089f4e21ecf64e183d3d24736
SHA256 90db08aaff3e4b318116159231922ed48bf62e34590a84e3ae67cee7c5493f48
SHA512 fb548fe142c26e157215acf94b304af8b5687170decc5ec697384ba6a36955e89bef119b4949228a86b88779c4471c71b0f67ed78d18c95544ab09d9a249c78a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80995d8164d388fa739b938cc6eb5e42
SHA1 d37aa47c33e31b4b60a74fe03d4570770c2984a7
SHA256 7c7420dd39d580d6ab8ee8d4978264b7c5c03ab8acbeaed75acfcea0ea23bcdc
SHA512 8810bca63b935029a9255dec738e3dc1fc65c75e6992a2bd64589a5b304ad84e140d970cbc61ac3bcca901587c7fdf3f0662a732fe832f3a255898de0992eaed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e389d495321c29a6a18889f3cd6aade
SHA1 4d0f4f295e80ab2a4b2a9d4c7f4ce0693a99fa63
SHA256 4920cc38105e6dc894154d79bce562bf4a36d8e5dec9475eeb148c6aad0d2db0
SHA512 dbecf5a65daee1484d203d0244cd6c8d77f97fc387d8cad9b9903789905d5fad9f2627f07608e499243f8227ad758ed19764d6694291847942341e6bb97f0cf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c60ad689b73ddcb7bcc1e07686f22868
SHA1 3f4709a8bb4065023fd613be84e32affa07a7a98
SHA256 52f4a9b9a0a7f76db07c281594117526933f71009db8c004413c4a0d8f27c9c3
SHA512 591a160fcb028b3093d3eb9a836e3eac8d6aab6d2f7429ff003e2978d553b98c75211a1cf2ee5cd1b5584da0e8f125eb69c628dedbe7d7c11fa619d78e0246f5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475a4dd02bf4557d4a3c90a23974c02_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4716,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4744,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5312,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5336,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5496,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6004,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5692,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 67.225.218.50:80 parking.parklogic.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 23.55.97.181:443 www.microsoft.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 8.8.8.8:53 ww1.yidx.net udp
US 8.8.8.8:53 ww1.yidx.net udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 64.190.63.136:80 ww1.yidx.net tcp
DE 64.190.63.136:80 ww1.yidx.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com udp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp

Files

N/A