Analysis Overview
SHA256
80841d1a1a0203d9316994925575cea9999fcb9c4cbb534203026738fd35e9d9
Threat Level: Likely benign
The file . was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:36
Reported
2024-06-13 18:38
Platform
win7-20240611-en
Max time kernel
138s
Max time network
153s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002e3a654f515c90010bb090997a6ec02a51f62c76b40ba21d7a4ab3aaf87ac1a3000000000e8000000002000020000000c837a942b50c257597aff6867af9aaad7b0b6143c443d897072fa6695d28bd3d20000000dbce7fc5954baee442e2bc2bb8e68c3891eea0bb3377c15c11d98bc78f0a4a4b40000000c3f4717f5043867a70242a43c106ad7732aa3c600282271daa576e0f32458702268e029c831373f816496a77a9b6fa7cc0e09319b16ac218294154f2aac5a8ff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90332ca1c0bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000086f6cd7b433fa6798363c3e28b478a659ae06430c9cd67b49e2eb7d35645d102000000000e8000000002000020000000c48d648e87fffcec90533f7d0306f5a3d0e7e0ae6e5e65d63e6080d6ff29345b900000006268723f46ca4d18478fb2089ce4b6f512646f659712809956f6eab963277d7bef50c7828660357c8c96b0b0966baa695d4bfac73b1d0b62ff92f55c5f7f002f3e638e037c1dc65001ceabd06bd2a8b50655d41b1597a67b4ec04b877964fb3c7bba4f7bd18745645095981d94a5a969abf42316934929e38cfea644655e7e815756db60e6b57111fbbb4a7ce845dd43400000004c3cff2c28b4668f1000a487e9bb3345e3a32a849601d36ce5504256e8656a1b4bd9cfbb485506ef4f38e15fd628dbf780e7d7e31a7036b970608f64dee67c2e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC0B34D1-29B3-11EF-A8D3-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424465635" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5200310000000000cc58f81a100057696e646f7773003c0008000400efbeee3a851acc58f81a2a0000008a020000000001000000000000000000000000000000570069006e0064006f0077007300000016000000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\addins\FXSEXT.ecf
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5699758,0x7fef5699768,0x7fef5699778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2440 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1032 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3824 --field-trial-handle=1192,i,12088000357720339112,16916275892361268373,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab68B5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6963.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce7757ee044e7022a65305403db807b4 |
| SHA1 | de79d03f2332f2ea411d946638c00d79e653756d |
| SHA256 | 6a3586575a3f68c0cbbc99b02f8b1b758bccc04dc022b1509e4113c5b6ccf90a |
| SHA512 | 414c85efed771fe90184002479addb4f65dd7c3febd8c85d19ff27e500884f8ec41186e4277424f376392964fdb35753751337c5a26e8ed249db0eaa1fe1931e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64287297e56605f1f7c4d6718515d53e |
| SHA1 | a80ddf38909220bf31698712e47d63f9b0af205d |
| SHA256 | 318f846107f3d932eb2f1ab441f752ad8a58c10bc7a57b3b5cb58438d86b632e |
| SHA512 | df9ca118e9589e2c39d6dcd5b867b0abd8bf1d236440d9a251c378e794ae0fc37baed8a7131ce3a24f8409b8a06541f887abf13ba2546b12454d0282ee5caecc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0b2940ef60ec87d53dbc921541a8258 |
| SHA1 | 7b79dfd56a6a41b6c1de8a843cc4cff4abd6c22d |
| SHA256 | cd57a8ba9c4babc9b99a38f8f275a8fafa4734b902bc989384183abcd108902b |
| SHA512 | 567390c13321b063336666d45b3d7048d6d949597af89174661facf1e2199b396d96b1021c6d6b746988f7089cae6714929b707557c5d4be4f1ee97575d03951 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 182d78ed5b21ac8760d203ae388eb62b |
| SHA1 | 13ede862fd8e231c805ac4030aa1f45e206547dc |
| SHA256 | a92680349e92def0ed74b6c5135d2ce5645562de36edf4e60cd33fd0eefa4a7e |
| SHA512 | 8d327ef5ce484c31103b782bae85a19bee2e0b9af9870ece111c1e7ae6e91a069d74f197574d9443dae8ca7ef974e2fd15e014b58dc1841a17cddc6265102ab4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62aac2f934042576892794c573d8e583 |
| SHA1 | d7bb1a2273f1962582aa3ba5ca9f83608a43ec6c |
| SHA256 | e2575f91993ff15ab701763a9e1fce118e0be66d35639f17735f0ae797ec353e |
| SHA512 | 7683995e171e2a6bb72cd2ca50fd51c5ac29b3edb2420126c8b46b9953e0ec254123c20be3a28b80d3526c2a862e7bff06c51648a766b53f9feed4c6d80d9680 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60006fc7e32d4da4f75a6be37facd04d |
| SHA1 | 2eb5c2d6677f7c085cb984bbc1acb12d43db710c |
| SHA256 | 155467897cb07b72bfd0361ff9abe594cb29c81fdf41a440cc16edf9cdfb08d5 |
| SHA512 | c5435a65d43cad4e3743b1773f3dd72f42f6c3aa6ad30a93c9920a5087d68341a37ba060a51c38554aa47d38bdbf16bbaa3c5931e7ebe6d0eb9a339ccb28a47b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21e29bef1e8001efd1b233dcfaeae3b8 |
| SHA1 | 41e3d61ee9eb5f255e6ba97637e917f68232ec86 |
| SHA256 | e3fd198964bed7e0903dbb4fd5358b63e70c4c9d66d8c60e04dfafa779e49a4a |
| SHA512 | 98605b9affda474c997f346e9b665a9fd344214f310b64ce0902f191c8c17cbba7af979c15342e067bc5414154c7ddd029b976e762e6604816e76d6958b4d82a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b37a574eb40c89849ec74bfa0efa9749 |
| SHA1 | 219628afe420e8bde26458ec52c7b3c691547855 |
| SHA256 | 5e2284dd34ae7d37282f4f3309e21406ea87bb61f67a09883b2230ad5ea99e1b |
| SHA512 | 508341d5b6ddcd9464b0aff576defad6e626cf0433a34a933c8618708d9b23e271018dd656dfe7c54716037909da963965cf86a1aae7c61dddbfd860bfe21aa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381eaf15be04467417aa0da2aaaba8a7 |
| SHA1 | c694a5450ea1e4410d54732e4dc3e758678dca3f |
| SHA256 | 8108e4883ffecc9cd14fb4832e306c78b6367befaf78f6dc070c9b86c869efcd |
| SHA512 | c60c21377a21891cc6028b2e528ad03c59356c5da59b4ab84e3639d3ac001bc7a16db33a4399c6f881f88048c00d28ed3615f6a250d11af94e8e6854f8ce5a87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6eb9dfa1fc24f611e82b47d95a41942 |
| SHA1 | 016f1ca9dcb67c8394dc6cd26cc609379a26c704 |
| SHA256 | 8164216d1ba1b5ca78f711e484f425a425051c55103bfcb02b23a90f644870e1 |
| SHA512 | c3f3113bff433d0f3fd1cbb5599de34aa8ea79127602c39be701659832e6c889ab8b8d319085a528f98c708eeb389e81725b517dc1793a83e1c26e48722ba1ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30683605f68140abb97a561c971616ed |
| SHA1 | 84a2a8b6f05f9eb97e93cabc7b6407000a40f8a7 |
| SHA256 | 42d0182b120798bd02bd92b4832902f31ecf056d1d3319d175bc26d6d1b98cd0 |
| SHA512 | cdae693bf7b635b5b59b0e29f3ffece147749a0476ecd52ceebfc4fb78a5464a2fbfafca998185200d2360fdb5b326eefe4a7f2db495740fc17043a483eeb020 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa16003b47c7e96347f78b0a45934d4d |
| SHA1 | a04011976f5795adbff0c81c152b3bcf948dccab |
| SHA256 | 9ebc8cf7166a84d54c563db3402494f5c87b9bab9197dfee6bf92cc44ef3907e |
| SHA512 | e6394f12f59b2079d05c77f78c0c36da0bc35206fc375512f8492e0deb576a35b51da086ea0763680280ca2c743d78bc4f5e611774e79e0047df010a40003624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d2471681bfc19f04740de5c966575c5 |
| SHA1 | 6dfac6086681e1c2c83fc5f3e625cf4fe90b9051 |
| SHA256 | 87ce08b4f516d67ecc7d88f34de13971ff3c20a98f91edb0ca97e9635ecb3b03 |
| SHA512 | 5816765ebe5766cffdb652d42d4ec962ed7d3f1a94195cef74cf99c41cb992ac9d6f3cdbe17472ecd2cc638dcfba2503a4f74bda6564f639f50e756be9c20150 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f71f5a900c3ec4b1707aa821b80864ad |
| SHA1 | c15f5717e863d412702b05200e97dec1a7833b12 |
| SHA256 | 1b88c3fb3c2a41158bb34dcfc99149fb60c0e9062ddb257a11b7fe7af1017adb |
| SHA512 | 269e8a99864f12b42084edba67696f50921c66e7f811415014bdc69909d9e86eec2eb5585cd4a253834dc8817cdf4dae3884d04190bad906c0c5c87dde71778b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d09e721c729f999126151ce03a9352 |
| SHA1 | 34b99c49bb172740db73c2d88c759c2350870fda |
| SHA256 | 83be8c4b978ad87ec2136bc79695522ed8a6c5290413cc4944b53d73f6907292 |
| SHA512 | 6242fa8f678c764ecdaeacaa442b57210f1523dec4810d6331498526df1bfed2d69a6b5e5105423f2912ab1c40cf814efec33850076ba999fb44ae4a5c16c1f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8371dff39019236119a0db789c0ca22 |
| SHA1 | 19a8a9174e11f05d87f1196087050482d8f4fca1 |
| SHA256 | 0c3e39ef5f4e30d1f7e0ea0b7f28b2c37d51f1a1d708cd37a2d2a8273ce5a910 |
| SHA512 | a01d24e97dc83d53760512442c589bc665d1bea82f4943eab43cf4808b2da56d576ece029fe21c5a7601e1486fd1a06e94f79216b0dbd6aa2e17df82b04d8060 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc3e3f450a816f395ffbe46d2d68a303 |
| SHA1 | 41a9b8c74be4d1126044270df05e5b9b733e075a |
| SHA256 | 55681fe550499853b3515996ed419d11e72a6697c84d7c4dc4ea7cc34ff888a0 |
| SHA512 | 0741d7fe87e7bdc18e83c27c840c6648ef6ad74401ad788805725e7302152471295706d6fbe31e93b7d6de58a57addad52105b8ad7ad5f717dc14126a8dce113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d7ef5dd26f6bcd782d88b49961c856b |
| SHA1 | d1e01373f5a066aa406dc1ca510420096b9f5ebd |
| SHA256 | 03638cd48e596f650d0867d3e8e93f0349dbdd4be539f763f042cef407f06e7e |
| SHA512 | cdcc4d90b4b55ecd3e757a11142ca03714d8cf74312934d87133288d90db83d14818c21a227910412dc82db298e2f6e6f20b9e286bae9d31360c1abd071c2f7d |
\??\pipe\crashpad_2208_RZEPVXDHOEBRDACX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:36
Reported
2024-06-13 18:38
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5712 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5716 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2536 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5720 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 2.18.121.23:443 | bzib.nelreports.net | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | 242.197.17.2.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| BE | 88.221.83.232:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 232.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |