Analysis Overview
SHA256
aa856537876eda42abf6fb07476863080489282ba42f21aad83240085337d3ff
Threat Level: No (potentially) malicious behavior was detected
The file a4fdebacbaf6c24bae64180743a5be45_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:04
Reported
2024-06-13 10:07
Platform
win7-20240611-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64088731-296C-11EF-A72C-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f019b83979bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f0a7f083304158d3a35eec737dec27c9944c2dc3bd1b5b102a66c8e0127f1636000000000e8000000002000020000000f65cec063c93f811862dce51ff9f37c51ac10f298bbb6434fc4e202e65f93b149000000059d58d70d2952158056a3a2e0c466da732a3b6d571c7f78f016a3a12e52c6b39b64f33119b815c54777131bc76e2b151ac6ab194f922faa11516dad35e5c78171a5abd5a8bf88dd4b524e0b1aa0ada004f5cdca3124d970da20751b44bf021b5c6efeaa224ce9ed2670f19b697f0fc4c8d63ace8eabe2ad4dbf3df8fc5a5baad1a1d2e10b608b88393be639d9cd6ff6e40000000d6c6c0201ea325157ae1c8b4ef21b90f5ad64da314460e828b2886ba188807b5635e6e275c8e08b7c90e358fc78489725e8dd535b4515a1707d9b322a67342f9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434966" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000017e3ee139bf6c9f51628db122b4cb2415690450cb49f16d885c51f0ef9536486000000000e8000000002000020000000689fa93f13d665dc7d9b1117a37bd2be5e7242a780927cc5d09c723076c95fde200000005c4080ac9e81d47c6e36f4c9f46ffa9b76239d4830648812172cda6c1972b1e1400000001002c3f330e0254ad2ebc29e473aebf83fe5e28b48888c24ab9985ee0fba12a973975a6e58376ba34213bfa91d9be9aea787408dfccfd5fac85e28c87a2ae9b2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2464 wrote to memory of 1840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4fdebacbaf6c24bae64180743a5be45_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s14.postimg.cc | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 216.58.212.202:443 | maps.googleapis.com | tcp |
| GB | 216.58.212.202:443 | maps.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a918778784df40a4fb8db25e3aa59f4b |
| SHA1 | ca871c4276aef89b933afcc354b44d617f9216f5 |
| SHA256 | eda1cb4ba1d17c87c3b2f8c599daafc747e3eec116b8810a3ddca73667223e31 |
| SHA512 | 37ffde2aea7d73dcb14609f1be0780cd31d401dd527a3743fa704f15d6d1287dd0a2de9e040ee4ee525ee5bdebd659c972c4dc43c1a1decf49cb4872e5a10853 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5966bac341f1281c8f0168098b4813e1 |
| SHA1 | ddb988e49a0604aef556a9d71fa961fc25fe3a62 |
| SHA256 | cd282fc83c2dd3631f8cbba4082eed282ce799ce6d1bc821203d24b792abb449 |
| SHA512 | 79eb250a40df250c8cc1103034e5eeebfaae26c0fe68e04826096d2a0a9a63c55cd4acd75e96be08fa4d77ee783c36d40a0bd60717c0dc5fcb52143405a5af8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8d22cc04da70ba0b425a53dbbd1e36e6 |
| SHA1 | 55b2d1390d677c9c1917f06ef6765761f00146ca |
| SHA256 | 695e0b7c79b02514e25a0df6c3f80ebfbd79a1e1a32ac64351a2e048276272d6 |
| SHA512 | e5f4bc348abc973bf83a00cbe9c79c05fe42ce6d9d7906de233199f0c37c1ceabed1dc58596a73385860234f9210f3ba745d37a8ab28f297c674d9bec8e98438 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ca9d3b36ecf64f2b5fa96b363adf4cc8 |
| SHA1 | 5dc6998fdb9001dc8e81debdd14c559e21fec215 |
| SHA256 | 57a13828b560f58b6407ba048a9a2f8e4d7c71b103d38344c3533c5344f064ee |
| SHA512 | d4ca57202dc3310f61b3a2eb34fb5cfdea4aa518208b462afaa2c35bfed30ba3a67698ea07b3ebc95dbfd01d7335e00b4fb36340d275988b08dc4c74275e569b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | b69849755e91ffad18b1125b5e54ff69 |
| SHA1 | d866a390bb091d2139131df2fb78d9ba7a9fcee4 |
| SHA256 | 4ea3bd66853c2c1f4c9a128b7df653f47dca4171aa7aa05b1d9962816342d0b9 |
| SHA512 | 5c586c65da504dd072b764569ff489ef45e677efadffbf57e72c332eabaade2e9198543683a4818ce9f2e002c6bea41bc70fb4ccb0e6417fb566daa21e50a3fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 52efde9e3cdc54ba5e3129c0a465f0ee |
| SHA1 | 4f61206ecac190e0c4e16395172172567797e826 |
| SHA256 | c4cf47341c93d4739e45161ccf73a3f31f51f7b5efa165e8200381b8d3db59ff |
| SHA512 | c52d619db823614ee2b77e916db8e382ad1595c7730f34d16ffd22999069cfcd64dd0b2ede5f7bbdf206f7b5864e3f52a956a1be023e0709bb827cfc81913ae3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 7f171176d84919cffd54ddb4b0c0ec68 |
| SHA1 | 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b |
| SHA256 | 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb |
| SHA512 | 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar259F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 488ace2d01f7b8a96e74e6eb7e13436a |
| SHA1 | a854b18e1ed100e2831830037c6cda7a1f5573f9 |
| SHA256 | d63db7b7356ab6e4785935d57bd43278e994ee26c203a222a938132988846b43 |
| SHA512 | 058aa2ddc0fdbbec597171fc2869c34e1e2437394295e093d438b3b90b5446ccd808f6f4db82cf277351df54353f3b980b5817452006a538eff6e6f064b7324a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686223c4c8ce40763a3b01739f286ec9 |
| SHA1 | 590f12af4a82cc29421abd456cb6fdb1f27b62a0 |
| SHA256 | b87fcbb5e2789520049d8eaa650a664f499eab5fef18d44bb0bfd9f848524ac3 |
| SHA512 | a2e3d94331ca3bc74281452e93613a044435d4aac699fda885726fb1187633e90a72732522a16f68f1f17a5480ec78bdca61cfef9ea211ce3e257ffb4b25d367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b7b71dabd7e404f1c0dd831ef0b9825 |
| SHA1 | 92170f9a402ac9439133e7a15a295b18b55beb5c |
| SHA256 | 0d011a4cf0f1ed5678027175656dca6dcb2c1fe347b81ae53fb17cd991932352 |
| SHA512 | 3c12d6b5bca570cb518de71c6b9671e79cc5cc2aca870ef5ffb13bbbfe21c4774a0d085ce109a0774dc4939205261913dbccbd4d4ddf435dc90efaecf8a09865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cfb9568019a9af9e58ab7679f832508 |
| SHA1 | b73e6ceae7010d947b2d860630ac71ca3d45c9ae |
| SHA256 | f1657ad40bae4de4c0c216c1c2f9186c6f6faa808c73574a59fe0de3d56f6913 |
| SHA512 | ba5e24015f82fe320d5cc53824b33cbf833f53a0acc35a55b662a304bc90a41642943c2ba3c6640169267fa434561d39f41d971113435fe38c17e449c350ee50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25f62b203a356d2e09e9e0a16dc97616 |
| SHA1 | 69169a26e4cf5e013c43cc385f5eb49d3e957d1f |
| SHA256 | 7e3967f4ffebebd99449c0670aa4f8f990e5d5e8994daa7ad7362806f2dd9cdb |
| SHA512 | 36abd9e4ea749983b3712c3f6d46ab3d5484be9d92b0c1550cf1a5f7cf0038ba1385031473ad41adcafd3157ac99a7e872a843cd62fe7903426b2e9ce8f0fe31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4dd0d8a7586aca9d504a95178208963 |
| SHA1 | 4a43024c880c95f84374a3c563bd20ef6888f925 |
| SHA256 | 1a006c1f2604c5fffe9d1037ea875f28311e6dc651bd41bce2b32ddf1589009d |
| SHA512 | a0163eb687085fee5f52678c828d205996ade4dea0bef43f10055a3bca65299fe5c532b77c63f2732b68f7d0ac6830e3479b54b6d186d4e37adf8a9c8366e795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc6c02793fa0280320493cda02bcdf52 |
| SHA1 | 7483d5e0388799fdd8d70504a75022b38e5df862 |
| SHA256 | cc30c9826ed891bc1efb53f7cf1b044cdeeb7b39aaceae3dc6b769128e63316a |
| SHA512 | 45d2bac786d85f4192831fd7930f8c0562844391752b995e9d4331a4f463925042a696cf912c508ba80afcbc88b94c11415992421854692f99357876e719ea4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd125c1bd15b0e577da39bd0e0211451 |
| SHA1 | 31490b06e07458f6ce61ac771b92c805bfdfc050 |
| SHA256 | c2c05f939ff1fe537bf39f47164c5d63154c25b69b36b4727c1f2c4663b399ff |
| SHA512 | c56380b0da821195c39c4c2da43f28de2c9e10eef6cca58e51db3194c0e7c85e50ea684b3d2026228a16896e24f7392d9a61cd6e34698239896375c903b0acdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0a2b9eb6d08b3fd01eaf31543b79758 |
| SHA1 | e6363c4271c219d1b69368d0f394f2ec4af476b2 |
| SHA256 | 0fd195db98ea4a0b37a1ec3965823a9b5852c8b5f2388beed209716fa195817b |
| SHA512 | 6ad0ca208d354d8777adbe277568add78a27c2b3a6d1c2779f98fdd1e81d47bd60a1ab310d6a2dffe3b5665b81e3c4185af8c10b6c2678d6c0e05a7590c662cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b065ecc86a4ff2ecbbea3d13ad296b27 |
| SHA1 | c3fcd9e0c6d276fad2e856e0ee25a3e419bfe1ea |
| SHA256 | b58eb1627025e0cfaa53347002f5586e373fb81e887320fd09da88ca375da0fa |
| SHA512 | b7a23fd18c88ccd91be0b0a2d037b9422e467608f172338031c623f1e6d8e65e223a377161c5e32a8de5e174025c1096ca6b88968920f0ff9760ca87ddb9d81c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ca03b196d890d4d12492db3322a72d3 |
| SHA1 | 7f66eb2eb82291c7222e8be0ba2281dc9ac25e8b |
| SHA256 | 10d3cdfc33dd78907ebe6695803a02d39af2109745db23231403fd8ce062439b |
| SHA512 | dc6938e0475bd7b8bf634f783d8f5cabb0b599f8215715c5a4bd76ce21a81e59bf2c7ce77a4bb244285bb4dfc204b44368ad4e8809c51dbd02f118f379d9f753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b029251336fe48615cf078c568bbe37 |
| SHA1 | d7a1e083fc5c196ba017c82eab335b8c68ef4d94 |
| SHA256 | 66ab9190de020e2c083baf722363a7a4214eaea7ad9223593c77b423e9efced8 |
| SHA512 | 977ecd37587b9095278ba9e5feba3068566a68fa8d90dca99fb9183fc7ad32e0d203b65b5f5a3561e2d7c1316de7dd5cf0c58525e6b915d22528fd46972be927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d54b8cf3c24d4e7395e8fa2d30820ee |
| SHA1 | d32ebc854d566aad7dd331040920739b960ae4fa |
| SHA256 | 3521454bb67c3df8f1e6f19b1b9dd1e10a063f94fa8fe4f3751234e987f5759a |
| SHA512 | 7d3c4372d9319df0c6fbae0ee93faf1110a1d3958c84cea03225832a55f6ac4e388d15bac19f09dd758a5dfef0e880b524d8bc074d71991acb225d22eddefadb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de5c7b529d2a5f7343e84853fd92e1c3 |
| SHA1 | c43460d406cc6e773f79eea8fa5806c6cfed6042 |
| SHA256 | 041fdee2a967d14491485817299977709a242a6ecb32808793e86fe48f7c6dc4 |
| SHA512 | dbb4074ff93e8c6fd442d9eff1d7c78f192b22db4968b31217cec8ef460c63a81ff7ebfd4309d49b7a64bbeb58919f6d3f85332c45b8c53593334e9415f6f3bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38ddca96cb2f1c488d775c34fdda8d2a |
| SHA1 | c545858a8c903f11559a6beb29a65a374aa5d585 |
| SHA256 | 583b295191daaf33da02f9f30c93b16402cfe273a5f1290afd8ba00638bb1979 |
| SHA512 | 89017616b71c1fdc1e11f40a304b62dbc9259ed516c118593c7a917d6dd571516d8c7d364e601254c196ca2ffb929e9dee0bacb110ff72a6c9de9660ce074397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d04641987f6de9602f65ecdee57a56 |
| SHA1 | 8465cbcc7782e55f8723de04d521c8c6b6ad5f05 |
| SHA256 | e59979ca690c639bfaaa8325adb6dabf62cbb3b8aa332d767c002dea78c233e7 |
| SHA512 | f09c21e0416c6403d57698869e0aef0fa2be3f10869c85b29fea0b20dd3e84a443eb706a6ccde6ccbd7d6edf669e641de4d867c4e278380757f312756537fd33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e5e5ba399821d302f03742c15f6051 |
| SHA1 | 684563f65287d217cf3d2e57a084e4a84fb7cb7c |
| SHA256 | 3e718ac2a86a6777707a5e5e775a0cd51eb2bb60d5c10b7eb3f76161463b290e |
| SHA512 | 30521a36862ce04f238f7097870bf64ce01f8cb739983d4c436865af038c4bc2ab870cd82d6a3929b629c9703cdde7ffc9961823a0a534a4dfd554839cc1c90a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a5338d8d2327c834284530cb7b9a592 |
| SHA1 | aded1d134014c1a327c0eafe6471120981d97604 |
| SHA256 | f666cb9e7343642fb59c769cac18e676b10c3043aabdd7a47722f9ce38c0a419 |
| SHA512 | 52c2ffe6450891a0ac879f96a383b3649aff2c414246e1cc23a4f45d3a035b4447ff8939f7570aca7927c5cb6320f09a403dfb22a2add5130bf9e71485122a72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae45a3234f00c5e99e61513134cb8c19 |
| SHA1 | 651205c11429be128facd0531a5f08247d7e3a3a |
| SHA256 | 5ee6ad3f2b582b82a02ef150186ba664326e2b71c5b839910ca6bf6a92a20cdc |
| SHA512 | dc9884f6db3ed04015c2ddbdd17a5e8e27f6609d104197ce57f7f440a3788a0b2bea274844f62dda622ce499cf5e5c9cc066bee0f40a7844f747b096968ab23e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc0b56ebd7625b69d3b8408d2b9eb3ec |
| SHA1 | 665cf9fb6e33c24b4d8e074f6677293abbdc58d0 |
| SHA256 | 703805acb406ad2b331defb3b484c539470bd2bf052826436926fffbbc1d1c89 |
| SHA512 | 0b8cad0672a1ffeca3cf1cf8f342af2b44f9e929f853ffbd5d6d90fdfe1a832130bc2004e75c4cab56e788fea395574ea14aff604bee4d1311d5e4887a25a7b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18ff5a8bd63d38661c0d40fcb778c83d |
| SHA1 | 37cdb817c8e71da7d3d5e727083ad9340133af1c |
| SHA256 | f4e1fe926ec3e54a7ae69d75a31e78fe98b961a4e2da43f7e573eb00249da59d |
| SHA512 | 08904f84ffd06446a889bc254aafd906d67b13a9be1da60fea464844b7ac2ea3a3d286a9ba269978b12e604d5442a3d5dbe160ff80ecfe26737a0a4765496397 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:04
Reported
2024-06-13 10:07
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4fdebacbaf6c24bae64180743a5be45_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=2984,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4060,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=764,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5336,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5464,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5952,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5980,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5868,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6268,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6592,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6084,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5660,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s14.postimg.cc | udp |
| US | 8.8.8.8:53 | s14.postimg.cc | udp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| FR | 162.19.88.68:443 | s14.postimg.cc | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.192.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 142.250.187.202:443 | maps.googleapis.com | tcp |
| GB | 172.217.16.227:443 | maps.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.202:443 | maps.googleapis.com | udp |
| GB | 142.250.187.202:443 | maps.googleapis.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 68.88.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.146:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 146.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.58:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 58.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sibotolungu.info | udp |
| US | 8.8.8.8:53 | www.sibotolungu.info | udp |
| US | 8.8.8.8:53 | www.sibotolungu.info | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |