Analysis Overview
SHA256
c46467e9766eda6141c54e4306f6eff0417cb24c7a56c96834c83b3bb95f1369
Threat Level: Shows suspicious behavior
The file AAFK.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:09
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:09
Reported
2024-05-29 07:12
Platform
win7-20231129-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2392 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | C:\Users\Admin\AppData\Local\Temp\AAFK.exe |
| PID 2392 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | C:\Users\Admin\AppData\Local\Temp\AAFK.exe |
| PID 2392 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | C:\Users\Admin\AppData\Local\Temp\AAFK.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\AAFK.exe
"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
C:\Users\Admin\AppData\Local\Temp\AAFK.exe
"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI23922\AAFK.exe.manifest
| MD5 | 23c05a628bf3ab7fea10d3b003b2a361 |
| SHA1 | bb453b9f9a1acf85d9c28bac0ab9bc61aa915389 |
| SHA256 | 822b987aca05525d355da813d7310c495b74332372dc9a72e71ecf9dc6d96e64 |
| SHA512 | e5d39d019dc4bf530ab442486c7b4920e72bac4bc1dd23b6b8962ee83e92fea0d7cef541dc946c5cde86e8549491a35470946656dd745138201aa9f5482df499 |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\python37.dll
| MD5 | 28f9065753cc9436305485567ce894b0 |
| SHA1 | 36ebb3188a787b63fb17bd01a847511c7b15e88e |
| SHA256 | 6f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a |
| SHA512 | c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54 |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\VCRUNTIME140.dll
| MD5 | 0e675d4a7a5b7ccd69013386793f68eb |
| SHA1 | 6e5821ddd8fea6681bda4448816f39984a33596b |
| SHA256 | bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1 |
| SHA512 | cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66 |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\base_library.zip
| MD5 | eb671d3503e4e9bb11d953bba80aa04f |
| SHA1 | e8236e2bdca2b6cc889ed0e57dd6879c27685992 |
| SHA256 | ca3d2485651dd58e22924d2e3ff269400a325f363657eb2980353ae82b2476e2 |
| SHA512 | d203cc1e2c3e205277a3a659c2908b186fbd5041985b62ee45445fb1853cb213e333159e3704a1b64ac2be528a46c41a07dfa3893b5a7282ac85d7f70dc747d3 |
\Users\Admin\AppData\Local\Temp\_MEI23922\_ctypes.pyd
| MD5 | 985d2c5623def9d80d1408c01a8628be |
| SHA1 | 317c298cb2e1728f9c7f14de2f7764c9861be101 |
| SHA256 | 7257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976 |
| SHA512 | be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_queue.pyd
| MD5 | 3f536949d0fcae286b08f6a90d4c5198 |
| SHA1 | 04877dff7e8c994e4875a1b85b7388684b97da25 |
| SHA256 | 613c0fc66b1f2f8dccb47f24f1578137a99c5a62550719f0402f13337ad5c60a |
| SHA512 | cd59a4a2d839dec513b912e33bd92281a0fdfe0a210ae972cce8b77347e000bb87c8074d8b8cbfeba75158f2b8f3d0669f778fccec0dec936f055616cedbbb4c |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\unicodedata.pyd
| MD5 | 2b2156a32b7ef46906517ae49a599c16 |
| SHA1 | 892134a20f118d9326da6c1b98c01f31d771a5d1 |
| SHA256 | 2c5f5abf982e8b4bb5e28d217a5e437907acfb7a7e9ee96cd9fa64c4ba304418 |
| SHA512 | d6aa25cdfca13db260110b3f34a3d731b325efcaccde5ec36b4f88406841b4ec9c9ab88ad54944eba476772bfd69c3975d9cb1a92994b0ae8e56278353214100 |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_hashlib.pyd
| MD5 | d61618c28373d7bbdf1dec7ec2b2b1c1 |
| SHA1 | 51f4bab84620752aedf7d71dcccb577ed518e9fd |
| SHA256 | 33c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb |
| SHA512 | ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de |
C:\Users\Admin\AppData\Local\Temp\_MEI23922\libcrypto-1_1-x64.dll
| MD5 | 8c75bca5ea3bea4d63f52369e3694d01 |
| SHA1 | a0c0fd3d9e5688d75386094979171dbde2ce583a |
| SHA256 | 8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0 |
| SHA512 | 6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 07:09
Reported
2024-05-29 07:12
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
129s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1528 wrote to memory of 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | C:\Users\Admin\AppData\Local\Temp\AAFK.exe |
| PID 1528 wrote to memory of 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\AAFK.exe | C:\Users\Admin\AppData\Local\Temp\AAFK.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\AAFK.exe
"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
C:\Users\Admin\AppData\Local\Temp\AAFK.exe
"C:\Users\Admin\AppData\Local\Temp\AAFK.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.242.123.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI15282\python37.dll
| MD5 | 28f9065753cc9436305485567ce894b0 |
| SHA1 | 36ebb3188a787b63fb17bd01a847511c7b15e88e |
| SHA256 | 6f2f87b74aea483a0636fc5c480b294a8103b427a3daf450c1e237c2a2271b1a |
| SHA512 | c3bbc50afb4a0b625aff28650befd126481018bd0b1b9a56c107e3792641679c7d1bfc8be6c9d0760fff6853f8f114b62490cd3567b06abc76ab7db3f244ab54 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\AAFK.exe.manifest
| MD5 | 23c05a628bf3ab7fea10d3b003b2a361 |
| SHA1 | bb453b9f9a1acf85d9c28bac0ab9bc61aa915389 |
| SHA256 | 822b987aca05525d355da813d7310c495b74332372dc9a72e71ecf9dc6d96e64 |
| SHA512 | e5d39d019dc4bf530ab442486c7b4920e72bac4bc1dd23b6b8962ee83e92fea0d7cef541dc946c5cde86e8549491a35470946656dd745138201aa9f5482df499 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\VCRUNTIME140.dll
| MD5 | 0e675d4a7a5b7ccd69013386793f68eb |
| SHA1 | 6e5821ddd8fea6681bda4448816f39984a33596b |
| SHA256 | bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1 |
| SHA512 | cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\base_library.zip
| MD5 | eb671d3503e4e9bb11d953bba80aa04f |
| SHA1 | e8236e2bdca2b6cc889ed0e57dd6879c27685992 |
| SHA256 | ca3d2485651dd58e22924d2e3ff269400a325f363657eb2980353ae82b2476e2 |
| SHA512 | d203cc1e2c3e205277a3a659c2908b186fbd5041985b62ee45445fb1853cb213e333159e3704a1b64ac2be528a46c41a07dfa3893b5a7282ac85d7f70dc747d3 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\_ctypes.pyd
| MD5 | 985d2c5623def9d80d1408c01a8628be |
| SHA1 | 317c298cb2e1728f9c7f14de2f7764c9861be101 |
| SHA256 | 7257178f704cd43e68cd7bc80f9814385b2e5d4f35d6e198ae99dce9f4118976 |
| SHA512 | be6a9d3465a5e00e6752a4b681fb8ef75126b132965624d4373b8817d68ed11337b068034ebedcfe59fb9486b86a03e67e81badc29375a776f366bf7f834f0dc |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\_hashlib.pyd
| MD5 | d61618c28373d7bbdf1dec7ec2b2b1c1 |
| SHA1 | 51f4bab84620752aedf7d71dcccb577ed518e9fd |
| SHA256 | 33c4d06c91166db9ece6e6ad6b9fa1344316f995f7db268bf1b7f9c08ed3e6fb |
| SHA512 | ca7ca581c8d8d67f43e7858d7b4859fec1228fd1ba6e63711d508c1ab3477a071d40090fdae6ec0c8d1445e15fbb2fc60154e32e03f8398056388f1148f920de |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\libcrypto-1_1-x64.dll
| MD5 | 8c75bca5ea3bea4d63f52369e3694d01 |
| SHA1 | a0c0fd3d9e5688d75386094979171dbde2ce583a |
| SHA256 | 8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0 |
| SHA512 | 6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\unicodedata.pyd
| MD5 | 2b2156a32b7ef46906517ae49a599c16 |
| SHA1 | 892134a20f118d9326da6c1b98c01f31d771a5d1 |
| SHA256 | 2c5f5abf982e8b4bb5e28d217a5e437907acfb7a7e9ee96cd9fa64c4ba304418 |
| SHA512 | d6aa25cdfca13db260110b3f34a3d731b325efcaccde5ec36b4f88406841b4ec9c9ab88ad54944eba476772bfd69c3975d9cb1a92994b0ae8e56278353214100 |
C:\Users\Admin\AppData\Local\Temp\_MEI15282\_queue.pyd
| MD5 | 3f536949d0fcae286b08f6a90d4c5198 |
| SHA1 | 04877dff7e8c994e4875a1b85b7388684b97da25 |
| SHA256 | 613c0fc66b1f2f8dccb47f24f1578137a99c5a62550719f0402f13337ad5c60a |
| SHA512 | cd59a4a2d839dec513b912e33bd92281a0fdfe0a210ae972cce8b77347e000bb87c8074d8b8cbfeba75158f2b8f3d0669f778fccec0dec936f055616cedbbb4c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-29 07:09
Reported
2024-05-29 07:12
Platform
win7-20240221-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pyc\ = "pyc_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\pyc_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.pyc | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1308 wrote to memory of 2696 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1308 wrote to memory of 2696 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1308 wrote to memory of 2696 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2696 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2696 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2696 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2696 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\AAFK.pyc
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AAFK.pyc
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AAFK.pyc"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | b8cf8f8d1e95ee0eeeefeefba3856ec3 |
| SHA1 | cb1543dea8416197bf4aefb77aadbac83f1f8aca |
| SHA256 | 05cd24299c39fac2cc6754c2b7fd432cf9ca8b905052850202df7fc6e75eae20 |
| SHA512 | cde45639a2e58835749d8b15bee1c79b2233701158447af89cfa5525d27c0d922dedc5e58e0e609501c0256ab61c911453355a6ed2c2f0b2fb7ac713eb2463ef |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-29 07:09
Reported
2024-05-29 07:12
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
122s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\AAFK.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |