Analysis Overview
SHA256
3562a5f8252a9565a66004e56051b0bb69deaa3f9ab4c016e6a051b0158813d3
Threat Level: No (potentially) malicious behavior was detected
The file a119ef498d0c484bae96064933c66936_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win7-20240611-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a477e1e863079b0305d578c4bba89c5a510487adf5558c965664e87717815fda000000000e80000000020000200000009e4ba9d2366ac66401d4a8982eb5df6d529bc7e2d7b44d82e31141d6bcd180d9200000009f871a4083ef238bee0549d39c1a47769b439c4f0ead816a91dff9efee3694da4000000076cbee4b51141cfee4a773383e0462731ef4f5b9f053363c95501a779799e1e695ff84638ef32faedccd3622dc5fb183f009d22f5f984397589b9dfbd37eff75 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3065758bdabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366814" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4FBF2C1-28CD-11EF-A1F0-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007da8ec7d31105e93a5d99b739ba0bdb01fb73184cf8d2404fca6991df6e2d680000000000e8000000002000020000000c7c278d642784a90e8bad23033178908c54cbf5c9200b8ff96fa92fb12de283c9000000066a7da030fb235b6d653715df6fa45b01dcb5b8bcf0e19e2ab53e6a3cf1af3e2905378fa26719715671ef2b732a4559034276cbcc6ce9d2b992882d1b12f985746c3300834296ed34c913f6a812482e406c22832685577a420eb321323b086b17100e8bfbf84f87549a43b799abd95e52dcc72bb54f2c31307be65f5c043bdf4527d787f60f1075bc026b4d3bc34cb6840000000c82089a367690ce9c9f383b017f8c4fba939258ae54b19d8cd93ecb19d0f12f026dc8c251d899fe2fff42ed9d485656193f4dc4ed00d78b47ebbce6e2d68c26b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3040 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3040 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a119ef498d0c484bae96064933c66936_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 192.0.72.22:80 | sdgambiranom.files.wordpress.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:80 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.21.58.53:80 | www.tembi.org | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.21.58.53:80 | www.tembi.org | tcp |
| NL | 142.250.102.82:80 | tahuweb.googlecode.com | tcp |
| US | 192.0.72.22:80 | sdgambiranom.files.wordpress.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| NL | 142.250.102.82:80 | tahuweb.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 192.0.72.22:443 | sdgambiranom.files.wordpress.com | tcp |
| US | 104.21.58.53:443 | www.tembi.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | tembi.org | udp |
| US | 172.67.201.19:443 | tembi.org | tcp |
| US | 172.67.201.19:443 | tembi.org | tcp |
| US | 8.8.8.8:53 | sdgambiranom.wordpress.com | udp |
| US | 192.0.78.13:443 | sdgambiranom.wordpress.com | tcp |
| US | 192.0.78.13:443 | sdgambiranom.wordpress.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 729503bfabb8f437c5421f73cd7ea057 |
| SHA1 | 8e2496b63d2206674f8d731e9e81e5089d34fdb9 |
| SHA256 | 4fb73d17eb2a773e11c0bd6e2161b848d1d0248a73f12538d7cfac0a5e0e4905 |
| SHA512 | 460a0bbda1e67573587138f98b65ff80a331862e0b0be930458cdaa389957c072fae7bb461c7c4996c950a388191fca352e07337cfb5f9e3b0878c232b057fe3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 962debf6fda6f65f06a5df811f4a7407 |
| SHA1 | f6257069f9287554248fb2e067271b77ac9a7136 |
| SHA256 | d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a |
| SHA512 | 8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cd5d42dba5e69fe1590a22220a03e000 |
| SHA1 | c932c4e05d905565b9301db903806f88dda46001 |
| SHA256 | 1347ecbb273f8fecc417c591e99c55c9eb9fc8d48adc86e09d6dcb926208b332 |
| SHA512 | f1e9406cee8da577f8018a56c62fccb0d72f87de9bb2e063b3c80da7058c5fa91fca45a821b1af4044746d40b619c42f71cc8656c869a0d7b66ee340349bca0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 341198e8fb63b20466cc2c02b7ad4255 |
| SHA1 | 60695067c94a2243d9c3753039db28ab34ad15c2 |
| SHA256 | 00c34a115ef9fc9c33fdb6d63a71cac9c06e8e0b2262dfe39f39bd4d1f325a35 |
| SHA512 | 245cdb4620c314b882c6b1fda435928e73c9261cdb9ff400e43f7174e01bc178f97f1502ad169ec948d13e5b28180ba1acbe4e7c3ecc6d38c91eacc9ae29bf02 |
C:\Users\Admin\AppData\Local\Temp\Tar7C08.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab7C05.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 4e1589349170d28ace0e5dd9527bb5e8 |
| SHA1 | ca923560f4e6404561ba9467597d4316db1a9c84 |
| SHA256 | 4d5655333b3885a51ff5a22a8b3d6d56b7739990890c8b651c8128d8c9cf4b42 |
| SHA512 | 8d807908964013af0c86a663375be7b6f27e9ee348cb9172c3cb2ac5c41383b529e27de83d40df2d1cdd5bd0ad156e0458f9e9d9f4e2ffc9250ec7709936796a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9b49b9c322f7c72f7fec6ef976a3444 |
| SHA1 | 602084195c56e50c765faf23c5d1d037db9c54a5 |
| SHA256 | ab3ff49701fce447960897036a4922d9528bc2b8c37a614fa6ea953a22fd5a44 |
| SHA512 | 39e000cb2bd87ce4ed6d6982be5605874acc5995e54ffd78177030c39784e216f8d8ae0adf23d14399eaa070f22115360ce017b2b717bd271a459dc1c8c27eb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70facd5fa71c23b560cf6701e548974d |
| SHA1 | 83c46f7e22f7fa9c035586b7a2ecaff3888fbd53 |
| SHA256 | c03f823caef0a9c208ae898b847e6bcb076df990384d9a4c0d71e75c49a0f939 |
| SHA512 | 87ff1066ce1e91bcb708aa9d098d898b43b28dd5291b5e2e1c12114c261ef66c0520f481aa938db27a394ec05cf6ad2f7d3cf23e70f9969f50f239ba8c8c97df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0730fb28a8f233b22c72a23695f6ba4 |
| SHA1 | 2b56b41696c77cc91352dcae31af18be48623b4d |
| SHA256 | b5e8483267b40f5975c6e5529e46f28f8ab28aad964e7d402b91926f9065503c |
| SHA512 | 511d82f790879094a6420ec1d00464bb1d411b575b7e42ba222989e910434a9d5beaca59a0711dcc2b5a799ca8ff2580e2504f6da66c02d0eb20507225edb9ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 976512f26dc2f19d6d737c2a498cff51 |
| SHA1 | f693fa02b94a9e01757967dcea58ad24542b222e |
| SHA256 | 44c2159278841fd3098764d9a5a0f1415f3cc051488ba7300839bb51c863623b |
| SHA512 | 8b4c7e298e6cc7a7de4b36ab44bceb305423a9a8633d65f5a9ca36de19ec80936f42a6a2ab0352422deff6c6966341b7e103697b97a7e8aef1dd4e7bcd7b4242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d736a991d5a35fee5f6f6c1d0573c87 |
| SHA1 | 215be00c21a4984fd4490b3effcc15a4dfb573fe |
| SHA256 | 60fedb88b00bb4daa10fbfc651894b95219e9fb9bfeb05efad476df63fba2631 |
| SHA512 | 72319dcd15c0da7aec0ff3c602c881f2f50769016ff3cc473940b3f02e174900a0396b1cb1d86fc82208be74ff3269a1d5e4c0a750fc058cfb8e8a45d53be2dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dc0e6f176a29e4030355844398890e5 |
| SHA1 | fc0b8d44d1ec75311043038c4e0368e829c8dc88 |
| SHA256 | 1a33353a9420e19b23f864f3ed4ad1e644d75f233ce3ca0eab9e23a7bf7fc69b |
| SHA512 | d990af4dc3c084a91bef90c8b91b1aa3405fd5f01eb7e0daddb46f5961ab90b43e1ceb13fa78f7d5034fb4395be65d12f3042c1ff9ddb8e247005d39a55fce1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3badc2249e3e4d30995f1c348ac578f4 |
| SHA1 | a3949d721e9dc12c9753639f668d01ace3235322 |
| SHA256 | 150db5368b18e9f80600311faa84d8a5dc5fa2696ef722e0d71950107cb96c92 |
| SHA512 | c12d795561457daf7cd8148190164d841fde20f9b5f1d555f77f4cf72eee553b2cfdd70873372de8ec585a642a788c9f35ded33e1856bf4902e818baf1ecaaf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f40829d2958a8087696a3aa379f4f1 |
| SHA1 | b874ede11c3b63a44ea206c88ab842c9c4b85d51 |
| SHA256 | a4a0cc7f9dc184f9e1e07262b73f9f0cd1889d1d77a5eb8f3f6445df92b72226 |
| SHA512 | 64ee3f001841b7cc8eecc1eb70d277392ffc398ac3cd8ae9671a0c58b98e266196daa6fa4f0efcfabcd08ef015ff0926bc3dd1e36b17c2cc3dffa063b2c34373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bed89631463880e071f092858098918f |
| SHA1 | 19f27aee0b623bc78d5303a598b2b27aeb43c46d |
| SHA256 | 16dbc30782af18169cc52e377557608ca01aad3916e5f1bbee0be448654abcd8 |
| SHA512 | 4c1e1861a757137dd1c345336e08bb9e1ad7d34a6ee8c6629d4c2ecaf74233ca42b0bccbcb1229b947d618a110fe32c7058b7e7ff358d2cba7d6d1a90f85d38e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ca9b5d5b21b5eee1f2ae91b070de99 |
| SHA1 | c5789c2d16cd678633304f760f2edb41a08e8b7b |
| SHA256 | f080a707af21be865d6a274d7f9ad1982b2ed5a69901a5b86da59395ca10c429 |
| SHA512 | 9321e67eb6d72c52fdffdb1ea748e9ec9e8b54040d0bb111127a196f8980213a7a399ec3a7716dd68c07da0ee88d3edf05a4fe28939a2b3fa32d8f0c8bfcd7be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf9424e9ce3691e87be7c35b1bc0dae9 |
| SHA1 | eb0c4b6c779d89423aa328fbfb380b19901be1e5 |
| SHA256 | 6117b5b019cbc10ef0cea26b0e629ba0e95f913ce1daf8060494127dfe25649c |
| SHA512 | 0c2790f45d739271be3f6dc24af4a828870edb4e36f25e20de55d1d51389315e5e1554daefd014c34a7a234b1346c8391ab502c0e2b5a240b9e901f7879f401f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f6882ad04669d11b9d3093c31b0693a |
| SHA1 | 19a2bdf9ba9be068c05625be77a29ccd64beee7d |
| SHA256 | c68ca3070485f2184e9b12bcd53d05c43d451f453e5f6215a69e581d3ab49018 |
| SHA512 | 53e0cb4ff143af3ce562055ce64c1e59bad16565ad41d72bb9172a4990f53cdc23e2e79186392779596e39a837abd58eaffc066aeb46fb5afb333938d034fa63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 380eee445db80b0dcc2158115fd8b77f |
| SHA1 | 7fe354a73b4bf3565a0177314d3a28457e7c29fd |
| SHA256 | 7a06315a36de3298e1041291bdd6402d35504594f68eb9b928c4fad838c356ed |
| SHA512 | 221032e78b63f54d31304704a6925d3fbc8c46555dd0dd25412e8cf2b097b76c05f867e799b68a9a0f28030d1585922453b73b2816f02fa1b418182befedcb2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e10bfd52085235ce42ee7c779c4f4d6 |
| SHA1 | 4a7b832311ada035af69c71e5866a5ea7fc75d80 |
| SHA256 | f35be98c7e3c134ae1d05d4c4b3f729dd5e42d01b1cfa1da235835b3f78586f1 |
| SHA512 | c27ed9c92d9fe569880b5c18491ad2bfd2b8d77e39be950434dc5e7261c241aed7774bd64cfd27b353115c412efe1ef1a42f9ec3edc820c64aa0906537743ed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e51952d6437e668793f0c4591c21acd |
| SHA1 | 3e1a82db6fd8905955c5a06b9235ee55cf317cf9 |
| SHA256 | 8dd9b0d1b2e2c6feae7bcac61cac2bef8823bcf4aacbb03a5f0383276d8e287a |
| SHA512 | a6c1eb91c260aae3edc7b7c074068ba31aa4d7a33b88ab56b5b66b219b9700dbc4b623caf08b6536f893ef6573a7b57690afba264b939432822d37c149807b02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 355374ea47f61ef82c27ad2f2bb1a9c9 |
| SHA1 | 74cbd28b698256e2572b9d5524648df6167e3cb3 |
| SHA256 | be0b1ab5b58de4d4474b8f770dda7c467013fc0f821dd8f85bd19da29afc785c |
| SHA512 | b497af5ee59f85c840ea9a85c79ce76e84ff8d444dbc59d5ae5893155ad2d2deadee424898d9c896be89baf6e8c4af4e16945fcd0c41ce73865d25275c08e543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa80c4111c98dfeeafddddb97db9982 |
| SHA1 | e4775dedaa6848023f6d772ed9f02fb2c196b4a7 |
| SHA256 | 3f57e1ddd258b3eb65d910fbaf79dc8e9976cc81540e74cf6d8fee87f0acbbe3 |
| SHA512 | 9c503b0e841fc14c0a25f8e2b2ca3c6a6e38fcf7aaae824b8d05fac8a845ce44ce0138d63057f9b00a805ca8987d4efee57cb6fe43305d6f1d3d67d3ead30df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdf2043bda5cbb1ae5b5adf3ac0378ba |
| SHA1 | d0b57b533be15f1b6121bf3b8aea11d0f836fe82 |
| SHA256 | 4f28d84f124187abc7b1a0478f1ec05830d9a249c46507e08af36c1f985126a5 |
| SHA512 | d3ab2f10b0cd7b2f2004e2269417cedd5253be02b2a235472faac80c822457c4bb705994d0019f9fd3f1d4e843afa9d3ba10e1113a140dbe709d9dff89a3b6b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6c18d0b6c3a31a9c497c9be32b0a971 |
| SHA1 | 964ba01d3955065fc6edb748b5ec3ab85aa48209 |
| SHA256 | 612e299cbc8f480ec85dd60588767a01cea6900fd78046443ee60be9602e0683 |
| SHA512 | 8e4cda3ae670350392c0a8efe3f6042b2056f93701d1a1a7cf91a793344135e1fa3b26ff20422b7b94110f46fbe67794cd2cf3a44dc50ee3f23b3245fed08aba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:08
Reported
2024-06-12 15:11
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a119ef498d0c484bae96064933c66936_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4008,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4140,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5240,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5268,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5416,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6824,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3884,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5476,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6132,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | tahuweb.googlecode.com | udp |
| US | 8.8.8.8:53 | sdgambiranom.files.wordpress.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.tembi.org | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | crucut.blogspot.com | udp |
| US | 8.8.8.8:53 | crucut.blogspot.com | udp |
| US | 8.8.8.8:53 | crucut.blogspot.com | udp |
| US | 8.8.8.8:53 | crucut.blogspot.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |