Malware Analysis Report

2025-01-18 02:00

Sample ID 240613-jja3lstdpp
Target a478ac51128f60036329c3de327cd9d2_JaffaCakes118
SHA256 dbf671084159c3464dd409318ff890051d6061703f59db4357fcc85c97d6472f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

dbf671084159c3464dd409318ff890051d6061703f59db4357fcc85c97d6472f

Threat Level: No (potentially) malicious behavior was detected

The file a478ac51128f60036329c3de327cd9d2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:41

Reported

2024-06-13 07:44

Platform

win7-20240611-en

Max time kernel

121s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a478ac51128f60036329c3de327cd9d2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e56865d2b5cffe0d64c867475a46c72acb999e513fc6f0fffad4748b43be1f81000000000e8000000002000020000000f3af49988afc6cc3facad6f65b442db4552fc23e6bedd4523a99479c48455a8d90000000f14e847d963841c9de77e026764f3dd55525eb9dc319854c1aed74db7d877fdb20a9c4f2de6d383e1b72fde457c8275c804afa17b7095c1b654c718425f1459b2c5fbdc34d31d5f7b1ad48cce6e509c70a6ec729388ae1fea07928b38e25983ae606e931169ba90f9bc741d9cf4e7769bea892f5be45cb979c79e1d7b372b55b3f7fe897176eacd3652f4acbbf3a5a0840000000e17b88f8ffbd260a88fa17226e66fc941c7ba4c950e054d3a02ab6e03e30be7c95e40475fb5bd9eac0d064fbcdf2938afdb4e4fab7eade6850587e63b4605002 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426361" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59B18DE1-2958-11EF-968C-FEBBC6272832} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000696434d9cc89f4ce7d734e5dbd3283291d6f04bbeaca9548fa568ca517065ccc000000000e800000000200002000000065dc744010fdd64377f480a9318003fa65806b37b60f8a733a937ba5d032030e20000000ad67d1817a4b2665fd36005a281889551c21aaed9c83477cde196ca743276e8d40000000cba1a5f0721449bf4a0cefe7636de36b7c58cea8f7be9f8356d430c67d66ed435fade06b72d68630e6fe8e9fe01fce3b57aae7390f1cb565e705af508995fc14 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7027762f65bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a478ac51128f60036329c3de327cd9d2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8576.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8646.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9992d4aa5bc550d6e1332b069df86903
SHA1 787592a2a4230d99c007143452240b2914883237
SHA256 5f87a75a065adc41a124b9b5786d4ed2c9021ef316e48696cc372e234cb97113
SHA512 8ac7affff6da98025a999d5827524b9edd146400903b325753a68d0951ce32ace95f8c075139df163a58c9a4861a37fa18de71bf2f1121a599d3a5e63433cfb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2870faaa67195d0c0cbc6124d00ce159
SHA1 ba96f0f34ef6e87e9a8f235efdb0067e6a4383ec
SHA256 24e916d6abf80c457030dc6dc3ee95f89c585979b239901e20dcc98d595b967c
SHA512 6e0990775bbb6163a336a316b06e1c6a050744dcefa871cf7504b3c0c9202c9c5615e5b52ff9bb672ac8b816811556c82d9cc2da7706104e95658aaa8dbcad9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de979011e9e242aa7c2411fa9c010da2
SHA1 b7b36e84a91e1881454a3005ec255c169e239d11
SHA256 e2483a8f8b8a1579f857c9af12a92ef84c21347ca30c8443aa78b3e29f63dfa4
SHA512 6c3e8085a6377c9f2b8174e8ce4e3b13a9b349ba067d74b4c3824d502e355c9c20fb73bc63f461dab777b0a4a74e2ec39d7ae4242be748698ef1ae66a5ccd77b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e812e60c7a4d619f2accdda22130322b
SHA1 fc019997a55aeaf501778cdf445ebdfa49fc98f3
SHA256 573b2560104cab4bea0cf61660acac22339df0ce93606e9cfcf85fe20440b4f3
SHA512 351e1caf88319941cddb6bb2c7cb91cce97a6a1d935e9bea490b05acd660a7c459d3dc91d2a4c066bb29d780118acd5192fbe1df26b3a4f08cbbf64f0ffa47e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a9b994da25301f39736fdaee224aa68
SHA1 0c964fdd7711ce177638ab3078ba125959b7e4c3
SHA256 cce63f5c1c065b7844cfebfd258fab232396e84979369caa26c172f686ad1b49
SHA512 a3fa1c0109297f669683e6391f0471ddeeb161a20745aeb91a245ec3056647b3b29004ea5e6e7e0e9bbab4ece26c7fd3bf7cf157d739263ff87bca2e60f5aa75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceb310a00305d61cbec6e52c388a338d
SHA1 83123a5bbccf88836c73b1c66e2e6e18e8119ded
SHA256 9977c8c16cee1858531970d71233bf280f81ea73a3e6b3240f2c3bc3903d25a4
SHA512 50f67d111b0a8f1d5eeebfb9c5bb96e5292ddefebb4e7ca01947895d02ba6185f1eb8ee1210348831c48be1e082363f2130b86eef47bb3f8c81c46b9f021badf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbed60d26299e0698e962817b6ee2665
SHA1 8c5048edfa1a8f330d55393e41820e57f9882aad
SHA256 0e97c3df451c13d04876c05d3ffd4b300fc000435ac8316d201668dba037416d
SHA512 ab06ddf03e9c90a40dfa04a9d73005e35282370427a8c77b619235448fa5ab0cbb0e3c8358f092d0aa11a6c0aff29ba0cd48f17c4aadd6a23dd0a03c01412740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b7949d942ddc0b885aba7b830dbe341
SHA1 d24289a1221093a60fa5c089a86099987b701828
SHA256 20682dd375c6d70116706936153afdf4e19d670cf3e808b3218da22f068320c1
SHA512 2dc90e7a33ca1ad65441e6c2621a5b120e5165f744243bccd3bc97ddfe3686b8969283c71f47525c3ce3a14f27f01f218ce46996ec5d31a676ff5661ed98ed48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd3ac438f0b81ace627972a70e3ae7db
SHA1 2c2df5a4dfec807c2876562c8360d95d8184931f
SHA256 8228c0f8640f4119102018d7bc0b1ae0361a8ab4acde7e23655069857daa430f
SHA512 1abb874d94805ecb5d8b3ba710357f5b462b1933eb9267c14c3053ef232f84ad1b6c33269ce4f6d5a6e17bb368e438cfdb0a76cb8f484110db9554a8239125e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5665f0e2fe7545a0ca0c650fbed8f0ee
SHA1 8fef3d367760085e2a5e15f3d1772b0f8b227868
SHA256 ef8bad3a31205a052d0422b338d73563c889241120ebffc4fa4002ba9e50e7fa
SHA512 2c11e916c3f81b3563b8f97185f758438a70f7ecd84f88d02629abcc75fccb7dbc0db1424becb2023414d37ed36775fd10f7598e9aa252feee8756bb30672442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cef587030ee95a59278885f9afcd0ee
SHA1 2e0a153a8d44462d758cde1253211e39e20f068e
SHA256 730723d2a4ab1bb41793574370a3832400d1d602a2d9c44da3a6b87925c2abab
SHA512 b92f9c339418a11234b9860ed83f9562ef2cc13cee3e69462653c77ab7b632fcfad8c25a4875237b78d7eaf11bf3544579bdc1ee3002cb4dfe9e42cb0b112034

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73af176e6a8df2c72cb0fc644db732f0
SHA1 7ed0591fb04b916f1079e68022b7f3ea95440e15
SHA256 04d5b16ef996cac5694c6537e50543b52093c5725408d03014335e22968608d7
SHA512 3ad111e0c93389e09c21f7eaed4b02445f099ff827ed5a4597f53c420cf843b8a3a2894bbcbb3eb4d27d69e92fa007221a024259dd24c3929d5b9164c4492b3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9697acd72286f7853ac72a27da37ce77
SHA1 631ff2e06b87ccbc919fdae6ae1abd9969998a38
SHA256 5514326b74fdfed7fb0fe40df90b958631abb57a7100008e731856c139945368
SHA512 4e5de8f813795e504311a76d0495a0a803b4d1d92f294393daea2a4ef85aa8abaa7cd357ff0d8faa51fef44aa62bda2b6d0c25e38d68a4cbd50ee3da43bc67b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53d31bf7ee95b0f96e497b00a217eebf
SHA1 10c71edf5afa97a43fdc63f54e6ef744804303d6
SHA256 12350c7eeeb77e511591a77c9dd27fef52f28f88c86495fa4a93e7bfa0a340f5
SHA512 ef69c145d408d4f7a5e4558e6f42e7c5865f8a06e748d407a87c4c36c354cbf261da721601221557b3ed86eba51be4b4d76c94737b62af91f57ab479942d6c10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0041e1a438b0035503e1e0f9dd519e9b
SHA1 4be51f85a70bee302852810fadb71a7d044e6eb6
SHA256 9d8ba988c94c12c3366db3d2f2370187fb8d15376ff3e84078f88ba4c4646611
SHA512 f92d5b227269d985b4f54f0f0cd5548a472e01e248cd76135d3f12de8d72c59818845ee66c083a3313658a1d5cabb5052d604478771b6ad7d63adcdae24c9ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2520679f591a879f51ad93cae54bd3d6
SHA1 43a17ba668f131a0c316ea67c7d744e7226ac027
SHA256 1c66ff9ba2ed029d2f0b0d423620f3872f0b33b613a3a09c125b46202f444a99
SHA512 5f4af8c1a84f4250c37d29b7510897d1bc23a457fc4db934e0e11e47bb0e4eb9a320abc0433731f0e2ab98241f0bd67b40b9665e8938a8a158942c8d852968e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62ab6a101ec13a8a5389b634d40d709e
SHA1 024c201beeafef95245f09d8d3dd05b5c951a68d
SHA256 8cb832bf1ec59bdbe13c77e4be4d87857bd96efd811640ac0b4dbbda72c17075
SHA512 fdaacd67187cc8895ad628f50d7145f80f85c8df8ecc762fe079d0ce756f9c816beaf39ecb2c4de17753645b7f4f0db4e3a9c9b23c903540a63deac517d151f1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:41

Reported

2024-06-13 07:44

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a478ac51128f60036329c3de327cd9d2_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a478ac51128f60036329c3de327cd9d2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3912 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3580 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5384 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5612 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5564 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
BE 88.221.83.178:443 www.bing.com tcp
US 8.8.8.8:53 178.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 226.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp

Files

N/A