Analysis Overview
SHA256
6ff4682bd3ee7db1e0e317bc93d5cb159afb412e10cc7ae6b37102372442607b
Threat Level: No (potentially) malicious behavior was detected
The file a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:39
Reported
2024-06-13 09:42
Platform
win7-20240611-en
Max time kernel
148s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433457" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0949451-2968-11EF-A0E1-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1560 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1560 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1560 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1560 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | jspassport.ssl.qhimg.com | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 3.165.136.76:443 | jspassport.ssl.qhimg.com | tcp |
| US | 3.165.136.76:443 | jspassport.ssl.qhimg.com | tcp |
| US | 8.8.8.8:53 | s.ssl.qhres2.com | udp |
| US | 3.165.136.123:443 | s.ssl.qhres2.com | tcp |
| US | 3.165.136.123:443 | s.ssl.qhres2.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB54C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB5FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44a49893c09528a4b591a4ed09edd08d |
| SHA1 | 6a4276d82854a60ecfbc318c6aa795ce2787c87f |
| SHA256 | d622f935b97544ab299bc14285303e9c91b0c087e3c5f73bf21295fb1f508531 |
| SHA512 | 0af74240c8d18948556a420784b456bdb2972784c2dccc38e8dd10cd7b0ae5290e08b5205fff0d17db4dc3cb185afbb1660bcfe57dfad3c52339f62e879bf05a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bd6378e172d67ab84e320808c6de490 |
| SHA1 | 2b1bfc0e351ee8884f008267a14d23f549952427 |
| SHA256 | 96f9cb5ac2601a294e91e2be3c5e0d0ea8bc7c5177929299c24ed2a45a2b6f38 |
| SHA512 | 7f5b9fb36dbad2805758607872dbfcafa1786a5490daee65c0c5f8b5e64c21fb14ab7905dab03071372032aeb1616bcb42a689efc31bb03ce8964805f741e959 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8f071d9e88c5cdd9a12b045e18b6f1d |
| SHA1 | bdad20266984500d655e7973ca8b04085eac3187 |
| SHA256 | c9ca9b4eb45dbd4cc454a346b714c13de89f16b6d609a5aefeef4c4dd78a7cd5 |
| SHA512 | 8eea5ab71c00664660775705187e5bd2b29670dd5c5a707b54f40a6d33eb73f52443ae9409ad8844c6b286195fb51b06c2cb21ec47a0e46d151104103ef3bc69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd2fd8d1cb71b1e0c0a34c1af4565c0e |
| SHA1 | c088b5d6e20a5bab8b39ce9060c169e7faa4bf28 |
| SHA256 | ad4764f8e66a262a6e36734683e28925d9f16505da5fdf6517fd89da00d5b2ac |
| SHA512 | d9eac789bba0a312a2b2e8b79578d4be6a78378a11e730173396b4cd614a2f73fb45d565398a6fa561f1383698edf2f3546034136bb7dac9f271d04bc6980ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d8925b9d81bbc228c4a6073510852a |
| SHA1 | 209ef18bd3726c8ceedaff64bae2dae33ac612ac |
| SHA256 | a5e2a7df77a8611cae32cbebc7a634ebb53effcf89bddf0e6422e8f351a9056a |
| SHA512 | b952852fa4b4e1bc2b742a78a1508706f9410e36d1606f7a727a757ce4ed08f11c513a862815ee52a4e5c81089690b4391873d43c72f0caccf669b985f243b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa2bdef442085ff6014638535ca37be3 |
| SHA1 | e41691be386c2b8bdd07817479c3f2231eab6a7b |
| SHA256 | f1ea10d57fd65d7fb7a62b938daef070325fcf225e62d5d1d40e0f831254c9cb |
| SHA512 | 54d520ff36bc658b84dc2533fbabda3342aca5322236e1dd74940143667a6183add90e8b96570ecb729c2914f799c992de3fb2af4c3f520f8ca7775d781c421d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65a121b0837e304a4136b343a1b8e9ef |
| SHA1 | baa23fcdd842ea7907a5005beb484c6b1f1fc330 |
| SHA256 | 5c550e96a12dcad71a45f9075e3ed6e6eeaf0b70d1ca2b30166020bf409eb9f5 |
| SHA512 | e4ee3325211c4626c2206883c638a6f37870948a3bbb0def839722a037c1142b19349018e8373e0997c2a71abb8aae6b2db92db27ad54a829d8810691dc7d5d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc89c1f57ca92bb2741886ab39662b4d |
| SHA1 | 6a450e5b626b13db94d5cb78ab28e70cf2869068 |
| SHA256 | 654e2386a6fe5d86cdc655acd661684316a7dfdc2b5ecaceaf3fff6e4af7ac63 |
| SHA512 | 35ac79e08c300f42eefca23bf9d4ee01a297d5f6a49959853c77931d87687b8bd8242a42a3f1f5362482038835cb701fb3ddd648a6d085bb62bbef06ff587528 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5122d3eb1ca2490354dc7f3d8db1b19 |
| SHA1 | 80a744c92d07157e9ca64d2f0e347c2ff2c97ce9 |
| SHA256 | 2cddc1a07eef70beddfdf66787ac6961d1180b74b8597ec4a445b393f876ecf7 |
| SHA512 | 2c5f469d890696bd30f45903e1b6eff0c59b50a4b470562da71ca78b66589775c8040757a0078a6d7db84e0d517fb4cbb8138425663703c2a5e4dfbe95dc6270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2434362a424021d4dca2116b3124345b |
| SHA1 | 8082b2e93153584e1beee3158e95a43c0f7b0c3d |
| SHA256 | a445a5f27e402fd795336efa2b3569b525c4cd131a6d477dcdb1f831ab51f97e |
| SHA512 | 2e58b6e2044d7ad0514f792310432978d490357867b424fd15760c108e4d3908d8fb4287f6e5391f0a27f27c1f6e3cb2854c2a36f9c1593c64e970602f07b4c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f284e87379e63e845eb09e206fd1f3c |
| SHA1 | 8dcdcb2183349b714b72ff0c21f7753aef8bca23 |
| SHA256 | 7168e135fc0b07a446286b28faf11663044f74a0726408c95dc6a02b3af44e2b |
| SHA512 | 21cadace40bf9824873d284fd0ad1438c54c4d6f9dc21058a6b59195f26f52462aa576d313861ccf2ffeca2e1ff4a58f2dab6bff2178ac1813e30583d100767e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 922cfb8d46f0f2561bc89c6025d61fee |
| SHA1 | 22232657f10239fce50103f24466edef16c8a062 |
| SHA256 | 3dcef85ae9631ad5d8e78ba7f48010792a3d5af40e6b6876295d9dc18ffbb307 |
| SHA512 | 208c73f94f0347bc8bfb18980fc4a63a78f21024b69f9f91ef67f34dd3a6b835e3ac9da7b2167f0a9fa52af70f823e97299007ddef465c2dd02ae265ac3f436d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:39
Reported
2024-06-13 09:42
Platform
win10v2004-20240226-en
Max time kernel
139s
Max time network
155s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4be0da7f0d670181d13d44cdc9c02_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5704 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5076 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4520 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5952 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=748 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6096 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | s19.cnzz.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| US | 8.8.8.8:53 | www.ynxing02.com | udp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 106.225.241.86:80 | s19.cnzz.com | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | jspassport.ssl.qhimg.com | udp |
| US | 8.8.8.8:53 | jspassport.ssl.qhimg.com | udp |
| US | 3.165.136.76:443 | jspassport.ssl.qhimg.com | tcp |
| US | 8.8.8.8:53 | s.ssl.qhres2.com | udp |
| US | 8.8.8.8:53 | s.ssl.qhres2.com | udp |
| US | 8.8.8.8:53 | 76.136.165.3.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 3.165.136.93:443 | s.ssl.qhres2.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| US | 8.8.8.8:53 | 93.136.165.3.in-addr.arpa | udp |
| CN | 180.163.251.231:445 | s.360.cn | tcp |
| CN | 180.163.251.230:445 | s.360.cn | tcp |
| CN | 171.8.167.90:445 | s.360.cn | tcp |
| CN | 171.13.14.66:445 | s.360.cn | tcp |
| NL | 23.62.61.144:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| US | 8.8.8.8:53 | 144.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |