Analysis Overview
SHA256
b8f0eff623b203f6c8fa507e2baf856e7c66fd2de98e805e2d6a98f53f73e39b
Threat Level: No (potentially) malicious behavior was detected
The file 91104c8c055814025febc82ee5539357_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:08
Reported
2024-06-03 08:11
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002e09edcbce119d5ddb5c55d32e86afce3792560faea9c473a0b74df78b51e092000000000e80000000020000200000003e27d36602e0f8bcad608cbdc6f5f6dc283ebff3f2026ce13a31ad9f92b125f120000000a5af15169ebe49d9ae8d343a3bba8c8ee1be54ad1d9622520aa98a2c89652a0440000000beed46407bb159a85ac470e66b129ead48f97b6e1dd0b5e23db6fb6502e0a16891ba5aebe1b06be4c9b09b3bbd88e679cc65c2a8a956fa43fcd27c0fd8d2311e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8803ED81-2180-11EF-B0DE-E64BF8A7A69F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423564006" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009dbc2f2e425baf93599e015c21177829951ebad8a5461d0f8f330a0d12569e84000000000e8000000002000020000000edd79b4dabd6d4bbd201f2fb0a11eb0a143d14173f554743d3964941ad811fab90000000cfbdc9689e2c2d50a3fc23ec117d4d201b81837bf2643eb266c2ee3ea7886a537e707b2d8d70982d3dd5bb789209ed67e7ed30c1c7d78941fc68621c2a7eb36552bbec58f909e4bbeb052e4ae9bf167ede5ab6a51cf2edd6022e6923b606b55b18ea55fc7dfcc5f50a5f41474927fb681c3644811001a245e95fc18d2c89e4b48e90dc14da7735e7721068efda4b3366400000009c52b5b84559afff3b539c4f9cbea7bb8929be936507a0fccac69791ead45851dc728abb5a087083a287135cdd296efb7d351f29253f29631292840a128df749 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d044b95d8db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1780 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1780 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f1.as.readspeaker.com | udp |
| US | 8.8.8.8:53 | www.paaet.edu.kw | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| KW | 196.1.70.163:80 | www.paaet.edu.kw | tcp |
| KW | 196.1.70.163:80 | www.paaet.edu.kw | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 8.8.8.8:53 | e.paaet.edu.kw | udp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 8.8.8.8:53 | cacerts.geotrust.com | udp |
| US | 8.8.8.8:53 | cacerts.geotrust.com | udp |
| SE | 192.229.221.95:80 | cacerts.geotrust.com | tcp |
| SE | 192.229.221.95:80 | cacerts.geotrust.com | tcp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1C48.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6168e53398c0744759e2f07095cf60b |
| SHA1 | ffceb3cb0edacf3d0df60d42a4ad9508c52716e0 |
| SHA256 | e4f7e25362d28ead6274b12f44bab8bd8673ac8d4375c56e3558a2d369fcffec |
| SHA512 | b2f49044da73cf3f658e19a45c30a195b87eb8525ab46a36fa1bfef94bb8f3225f5db9f39d8c7da697a5b9adcc3d68c07b49f5fcec1a9cf658662a3cbc4fd237 |
C:\Users\Admin\AppData\Local\Temp\Tar1E7E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab1EEE.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1F03.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c747436f83f669343b1f9e902898ed7 |
| SHA1 | c38f5b0328b470c69aff3402176a36971e6f90ba |
| SHA256 | 5be7405d71a92eb9961e628589cf8c60a328f2a65c41fc0ad56f13c73a7fda80 |
| SHA512 | eccb5c95e3938a2e0c84cde830dc7da9ff844cd2ee3a8121d7c214710dbac3d7c4be229f509281fb1309091c05f8aabf9633cc2691265676f975ced1b247213b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c52503b2c92e70a82e17a839299ffcab |
| SHA1 | dbedb7793862aefb7d986242593097f7c2810929 |
| SHA256 | b6274ffa91a88e121986fb6146a5f757b6faf0859ae827916e68d40a0826b302 |
| SHA512 | 14ac6712181c0185e24c3c9979e75777e23f126913f4d3c9047c628ddc93f6952e00eb1e24e59d42d32d42302691209cec117910e426a38e9be1860d09f49db8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8e133db3704391286c21e12d26c91d5 |
| SHA1 | 642a0c887982e617764b628323fe8f45410ff3fb |
| SHA256 | a1a5fd0db4aafef2e401a84e8f36982fd51b09235b5582c3d37754620001dc6b |
| SHA512 | 1cf2e6ceca05c6ffb5da5e00edabef08be71232a1a956981390009f8ec277a793fe27f88e69c72eee62606f6105e900981d11d2a77ec6c72a62ee5e9035c2503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 069aa575cd4fbb0cb960e8f544a9db56 |
| SHA1 | 262855b779e6d9eb28399bacc373f751dc762f62 |
| SHA256 | 94ef299e1b34f61ac4e39153d8e281080d86dc693efbc41cf7118badfff6ca82 |
| SHA512 | e8e6a491200b69b8f51c2122c03c05a4faa1f77548c3180d6d9107b7f1ad34d072a1a665a103c0dab62938b56a5e2a399080e3146a1bb22b7201f4e74296350c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9239D53CD30E1801AC20F5E85AC9D519
| MD5 | 05ee9c2ac66f75d964ac5f1a3c7de75d |
| SHA1 | 8b3c5b9b867d4be46d1cb5a01d45d67dc8e94082 |
| SHA256 | c06e307f7cfc1d32fa72a4c033c87b90019af216f0775d64978a2eca6c8a230e |
| SHA512 | 5d58f8efeeb6e87ed161a10ede36f1842642f362566f2a7687cd69ad0f586c43790cef444ba71a1f37eac234b728d956aa094f3033abd34839600652b5f48978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a04aaa6a2a259ba5ddd96e5796337f73 |
| SHA1 | 8d1186c2ddce8a6a9e59ce24f7669844f536ec1f |
| SHA256 | ff9ffce352386cdbf64763d663cc8aebd4a2c60e9935e4c8e1258fd0297128ae |
| SHA512 | f5e0994eae5b8615948159d8ba29da08b738a0830175d264fdbbb0d84ec449500852be16bb46418fa85d455c5fe48bdfc1c67a148f8011b83c3e9d060197af56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9239D53CD30E1801AC20F5E85AC9D519
| MD5 | c9c752e496072f7c0ab0684f7f28078e |
| SHA1 | 439b9f139e5eb3fe33fd715ab0443c8130c26f17 |
| SHA256 | de6d7a7e02373f2191a1c7b25c3b6bfc0acd49fc727901558057ff40b341f187 |
| SHA512 | 1b30f601ae347411d334cf0f6c2e649a81d0e985f6d6205f5a894e51414fcf33bb9a6982424aca9aa5a80f07bb094b83e6b6f89d0c8f0b05be59e4196869a804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32cf89df23b9bf5445bace53e82e22b1 |
| SHA1 | 089a721eaec1bb781190f1a5a80f676944360753 |
| SHA256 | baec2e19612189e85c0adf4d4321547de2859947a9077ae443ff5203b5d9de20 |
| SHA512 | 407f3dcdf08da01dbc69fedd0d628dd33d0c678a036b73ccfff1722e20e79fa383ecb4afc84694c6dc65d122996285577d34a6b0218f0aab42db61e81a73c78d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99e9698276103e15b4e193bf97fd7c28 |
| SHA1 | 7c2ef5341a776ba7c508b480d028572e6b46567d |
| SHA256 | 96017192d199b1ad6c10e0a0fec0036da9036d7b4dfb3f54df8ed96f9c35bcce |
| SHA512 | 67f4b4df93598eecd92f99c99c1069070cc0ae4e686691f32024e7e72bb025c307fa3c1d80a53269cab357d879cb98baec4d99d531b7c9a19eb118a6d61c0d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfbdb6823c581ee7274b3c8100051e0b |
| SHA1 | b1e3754cbfd853dd9306251f565dfc1548257d75 |
| SHA256 | 078038e50cc00d8b091f5b1300920fdeb9abce9d5b924ba25dd293c28c0246b7 |
| SHA512 | ed5f35538e51a692db2e92767e98568f20e9e4b80d0f2124d5679b754ef4cf98025ff24de618adcf70e5e1ea2d086c08cbc222ab4b9ceb4a6825a3b2561f6ef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8da6412aa840135ea9385e9c4420efba |
| SHA1 | 0a84dd7d9103144414e5d31f4b0c171f0cc76e67 |
| SHA256 | 6877552d1aea6b3c27388dcfcc25fa3ffd511b8d497d7f2cdccbe85b468ec328 |
| SHA512 | b2e94dcd1d2d5f7abd7f693d2254145351a2f22f575c2055f275be2bd47d2ae50d0ba91332670f87ba061913fd90436d886461f04b88f3217df07290709a5312 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfea8f5f819a37a57e57a69a9cf62fea |
| SHA1 | b16a37c2b69a8ccf3fa18331635640d641cae311 |
| SHA256 | 5375ac74cebb41947a92a402fd50e6e7be2f21658481a43ab0b0737aed11c305 |
| SHA512 | aa5c57ba25a62b434df6bf7ee622e370c62f75bf6932008b4949af542df4be36846ae6381f892e2191aa6fb4f0ac560cba0e0c8ac4ecfe81b2e88cc757862d0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abfdf565ed9571c05ad47bcfb8b49a40 |
| SHA1 | bd05086d780aac4690ede28cd73744454bd1d1be |
| SHA256 | 42822612051960a10c15e9ac61193847f564e3cf27345a2bf5488e7005b391a6 |
| SHA512 | aee66574c11065766bc5e6a9489e2d491b05b11728859e4e577dd25504a5053a9b70f7f6ece3e3dcc6f004b5fa03bc6ba57a7d387bbf118df46bd41f3701e4ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c650e3276db2438e02097725da1bee |
| SHA1 | 09585f3e84f178bd04d51010a5c0012f553ff5c4 |
| SHA256 | 93fcb981962832d958d32958602642f13eb32212a142b3749d35436b9120748f |
| SHA512 | b1006dcf24a4342a7d223e2b3ef79f9905650b2eeab6e48c42e9ec9d7e9ff28a26b28ac7ac05ccbfc6feb18637a4cc4d6d4579e702be2a20894beedaeaba9a30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d65e62e5ce2a13be1aeb0b02832c3e9b |
| SHA1 | 5075fb325a937675c18f35214345d2bd9fd1cd50 |
| SHA256 | db4c1682ebc8046ef62e0b26df0f2a0bd437edf7ec100e47b6d932fbb8858abf |
| SHA512 | 7b0ff9b287f3c440d5900c5428293f8563b73f64614979e5c2a97787c93f081c7b12c565ddf386a4c2026d83aff1c657b9d22a5f84242458aae5c60537db5243 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72f76b64129aaca311c655e0ceb72075 |
| SHA1 | 8b4881e9659c423be896f959afe874254d68e92e |
| SHA256 | ff68779e206e3177e01d432259c9f630607699022e45099ee36d106a74f79024 |
| SHA512 | b0f1eaf34472a4b1b3193ec641085b2313efa8381e4610991575583420c8250898c2aa82fab67ca7fd809ebfdd17a57105eade15175295fc5fc613b194914d4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64b71b5188ceda48ed79c10e7bbcbdfc |
| SHA1 | 611beb09882a08057694ea0ba10d6bed08e39198 |
| SHA256 | 062b143a23fa3da19161ff7fe787bc2e9294af6f8c5bba1cfbba859b58bd283b |
| SHA512 | 2061195ebf9cb723e10d1f3c44f452a01d167ec7e5adb3683e73a24ba1b934b8b23762d46f4c4e488724022e59c337dddc324bcf3e6b274879154fe5242091cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd75181b421d55101377a905654a525 |
| SHA1 | aa363e2fd6ae7ca99a3ecaff6c6e677b268c456a |
| SHA256 | e351559e72ab08cefc86f860a4d592a5b73102dc0701493c5d2fbe504c26776c |
| SHA512 | 9a9a528968902915aa07ac57c6e5aea2660d6e2575e7578a623cf060b2cc20988b792b2e58c95d8c81d6fd487fc6a335aa692cc928ca50fad01b70ed888fa331 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1651ae22d2f9e2dea25bc05ecc662ff2 |
| SHA1 | 81c06d670d6b1fe7cb7aeebe260447c53afb35d3 |
| SHA256 | 6c1cf6154b32ee636a3ab257e96622c51fae3c3bda26c2a33d050dab73cbe915 |
| SHA512 | 20073b6c0a6c3c69ddd6d9e3915569a114d3e52aa25f1671d3cad79b607d9b4d642178ff8b0dc1adb14b1288fe54071a96f868760efee163dbfc8e0e3b69303a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f5b31bf59857c67b37ea4747cba042 |
| SHA1 | e9b783c4dc3ebe6011a97e367cc429ea07ece877 |
| SHA256 | 902e6fb3d5776c3f865fb274094b1bdb16da268af34cb789e6fbf33bdfefd549 |
| SHA512 | a3d041d51b31a99d69c8bf5c409eadf2cf4c817a1b5fb6bbf0a083d25baccb08494c3390dc3faa01f1496d0e71056eb0b5f462881bd5f32cf753a24d02e1a6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37d4282e10ff9c5246bcaef4be4e9b98 |
| SHA1 | 9630a910e7ef3af1d4226c7395455db6efb3c4f9 |
| SHA256 | 3c4a168c27fd15ad86aaff8e7c0d6071c71bb4bb4f409949f8cc1363316b2cba |
| SHA512 | 54a33eb0604b19ed3a556ec9384714dcd64c83bcff34cb8f7fb858fafbf3f7cfd1da65f75cb23fbb29f1af622c459c4ea21233d1886a6ad6543fcb842b36f48d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e215cbb0808b2cd7d758f0f69287e6b |
| SHA1 | 3e5df530aaf0523e50213cfc6014be08f1d6010e |
| SHA256 | 5907cd7fef849919ab4bb9a2f210f63e982de1af83300a245d998a4530b2f9ca |
| SHA512 | d4e9f740ad1e883a40f5402f5934deec5e01f141c2a734405bf70b96d8ab9940a44dcf1a4a03633c9b8d00e2a6265353b7f3969c5af1d1520327aeceaa830364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 001e5e8f80f0e6896fc11c1eb053b9e5 |
| SHA1 | f7525705014595b310fde47d97480d5e040536ce |
| SHA256 | 474051c5170f91df7f34d56ba3cd03fd583aa50d0fcc13bafa1839f694ad4134 |
| SHA512 | 770918e110b4fc84ffd8f50c4783706807254e9f1c63a0fd33d1f518fad72d1602de6a5dcbd7d9eaba250145224cfdad07507146d146112153268e1a7c12e5cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5fba2dfb8ce3afae66d2c8ac4128110 |
| SHA1 | a5b6443abe818468ea8d4f54def58671ed11ed8f |
| SHA256 | 07c6660ab23c7c4950e7aeb9fc131c2153ae4d10f1e2e1b52f374a2a55bf71eb |
| SHA512 | 04c9b2988991435a05bf7384b73924db5a318f622b87cd68da452e2d15e5a8bf853b543d2fe72f1d28fd3749833038687d74e2c1a03c9eb41440b7b0a1633e85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe08236f9e325b887bb62ffc2d6702b5 |
| SHA1 | cf20c2b2a5dffed6eb25fbc77ef783669449844c |
| SHA256 | 9bf14354db9008348172df6e1518a126b21d7c3f6ba0c5ec50f21eeb17717a71 |
| SHA512 | e837ef26eb1b85204aff7c369c12ece66aeea553828f629c4124c6f0024309e7e2ba1eec125f5dc5b6c025d34c09db80b4639e0caa8bb0fe98dc1abc42a78572 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aafe089ddfa67008a2f734956d77674 |
| SHA1 | 9d4427e414e309d484d60715dea4bcc088f5fe58 |
| SHA256 | bc32d4768acc160ff2e95fe9e28425a5160fba1c2adf006118704a832679d7f8 |
| SHA512 | a4c04253bf6566700ce07936899ea90d40e8adc860ab0a2ac041f3e5d3b451d8e3f6f82d2eb65b65dea9267710be76c8a41dafa8c99a49554243679900129540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6422174cf8cf1d79eae0fa4a695598d1 |
| SHA1 | ec5c116c3ee4f941144f059d61d50afac957a08b |
| SHA256 | 2d2c123024053d07cbc364ecf434815be50d8665b5ce5c8a5f106f95fc3dd0dd |
| SHA512 | 0458db9d99614370c93edf2bcc7802660d3f122511bb955e092662ca896582de6db0b538a73f6539de2edb50f27a377518a8c4b7a360ac81a47594494bb6b13a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20b288227148d2e04206cbb2e1e911aa |
| SHA1 | beab37191bbb858b211ab5edf3d2b7cceaa3192e |
| SHA256 | 61999d7d956deff7cb9cb6e5f432e2afdf38a5241bc819041f27559bfa92dc6e |
| SHA512 | 001cbff24e32f593ac96c8c5f2228e28ccc64f077719dad1c897a96e9f2ce9b37c9bc48dfec6cb703e6f2cf8fd671cb6007be9e6a0110cb47d550f078dbf95bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0aa979d244d97182d98a1b6b9e5b1677 |
| SHA1 | 598aa0538eea26fb29e9e11ed34df3cd107704a1 |
| SHA256 | b547380fc19430ff106074e1493eb7119e10f3a6107ceec3d7edb6e67f7e4f36 |
| SHA512 | b5b32643783f55342ee70a9c0006efd5cf51b377b3ecbb8399a9bbcb6f1560508670b4ba44aa5efdd6481c5b19a2314b4554a01ee12ffce4775af565b5fdf37c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49df56f56eba4b6e554002c9af891a7f |
| SHA1 | 8831a8a94b40ae2c8aacf3c17d5547fe73f63a5c |
| SHA256 | 39b5f0db92679c65588e67b46de351bfd2e4af0b9da1327c6cc9a2fc38d6ed3b |
| SHA512 | 5969ab1f5c694d4b6c85cd732d3b3893b6f80472cc7ff798279db65f692f920c14927a8847f8633686d2d30337db7493be83e91f176abc26d18425cd59da751e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 525a7df2e3eb46e6573f06230ebcad9a |
| SHA1 | a44dd5aa29726ea55430459803047039c63c9e84 |
| SHA256 | e2dfe17fe65dfcffc906b0fee71dcf5b09ad4a49b72929cae69d13ab2e67da38 |
| SHA512 | dca6791d59552bc2d704a75e34b1a0d607e63ed23a183b11699928e151e9fdaee76bc5c9a3b26e45dde2d87f97d49c51c809a8deee9237c4192b5018bf58c062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a7c0a8048005175f80a69f327b6357a |
| SHA1 | 01483ddd8158f7d21c8db9d9e6ec34c331308cad |
| SHA256 | e417c48d2a913cfe6f8e3fa975b652599a0c4f20ed68e609cfbdcfaaf8699702 |
| SHA512 | 1208c2699dbe50db5ca2f901f13fe2f29c780c728b9abe2642bce5b5de9987de3949d12bc5325821a0176f08f9a0855f6e368a209407e2274c62ec9e506836b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e19af40fca7e0058484a902e5dfac7b |
| SHA1 | 6918c6b903e7e92773a2adc5af25dbbe63fdebc7 |
| SHA256 | 8caf7ec8a64dd25cd95c815e46f074f5aca7adbf5a63ac92363d3087d4d142e1 |
| SHA512 | a07cfb4b232725e3ced08286d5c6b9b9b5034022cfd3321752fb03a9897309e5856b96bfda767709399e81f00fa182bbd05728584b7ed4f29f38b8ec0c009dd5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:08
Reported
2024-06-03 08:11
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3820 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4508 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3296 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5488 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | f1.as.readspeaker.com | udp |
| US | 8.8.8.8:53 | f1.as.readspeaker.com | udp |
| US | 8.8.8.8:53 | www.paaet.edu.kw | udp |
| US | 8.8.8.8:53 | www.paaet.edu.kw | udp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| KW | 196.1.70.163:80 | www.paaet.edu.kw | tcp |
| KW | 196.1.70.163:80 | www.paaet.edu.kw | tcp |
| KW | 196.1.70.163:80 | www.paaet.edu.kw | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.paaet.edu.kw | udp |
| US | 8.8.8.8:53 | e.paaet.edu.kw | udp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| US | 8.8.8.8:53 | cacerts.geotrust.com | udp |
| US | 8.8.8.8:53 | cacerts.geotrust.com | udp |
| SE | 192.229.221.95:80 | cacerts.geotrust.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.175.78.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.70.1.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.70.1.196.in-addr.arpa | udp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 185.78.175.253:80 | f1.as.readspeaker.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| KW | 196.1.70.124:443 | e.paaet.edu.kw | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |