Analysis Overview
SHA256
ab5a5dd0ed8c853ca132ade226fa80b5241ab688d2b39a19bab5287d653b8544
Threat Level: Known bad
The file 7f57583bb712456c4352e068ab6e9184_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
simda
Simda family
Modifies WinLogon
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-30 13:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 13:19
Reported
2024-10-30 13:21
Platform
win7-20240903-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Simda family
simda
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\82439f2 = "M‰³M{Þ’E=ÔîaK6³\x06J\x1cn³»ëPì\\o\x1aþ\x1cÚFÅ\x16ŒÛŒ=Ÿùg*Ò3Ý`,£.‹x\x14—9æ€2$úªs/c\x04ì\f{\x05pä/w+Dor\x06ÎVû\x13\"l„¡œù\a\x15\x0e²\x0eh\x06¹¡á~TÆï_2/þcs´8u‡´a{\x10GÄ»…‹~ß_\bO‚¤˜þusuï\x05ß••\t¦6á{¸Ó4Ò3\x1eŠF\a±÷ÚFD_Œ\x18ŒËÄ\x10Ìþ~MÀ-½\"äM\aƒ´Ú4œ\x1bêó÷P\x1eŒIO\x0e\x01Ýã¹|ê¶°rêh»\x06•øÖ ÝiÄ#Ë,-…_0H…\b÷÷F÷ŒÚuñ28=—\a˜j\x05¢»\x1bMZÄÝNü{ŒÂ´\x18ÃI:\a&HïZ]\v™u82439f2" | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 95.100.195.15:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | lyryfyd.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | pufymoq.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | vocyruk.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | vofygum.com | udp |
| US | 8.8.8.8:53 | puzywel.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | qedyfyq.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | lymysan.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 172.234.222.143:80 | vojyqem.com | tcp |
| DE | 178.162.203.202:80 | gatyfus.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 75.2.71.199:80 | puzylyp.com | tcp |
| US | 44.221.84.105:80 | qetyfuv.com | tcp |
| US | 44.221.84.105:80 | qetyfuv.com | tcp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 172.234.222.143:80 | vojyqem.com | tcp |
| US | 75.2.71.199:80 | puzylyp.com | tcp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 172.67.173.131:80 | qegyhig.com | tcp |
| US | 162.255.119.102:80 | gahyqah.com | tcp |
| US | 69.162.80.56:80 | lysyfyj.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 8.8.8.8:53 | www.gahyqah.com | udp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| DE | 91.195.240.19:80 | www.gahyqah.com | tcp |
| US | 8.8.8.8:53 | survey-smiles.com | udp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| US | 199.59.243.227:80 | survey-smiles.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| NL | 5.79.71.205:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| DE | 178.162.217.107:80 | gatyfus.com | tcp |
| NL | 5.79.71.225:80 | gatyfus.com | tcp |
| NL | 5.79.71.225:80 | gatyfus.com | tcp |
| DE | 178.162.203.211:80 | gatyfus.com | tcp |
| DE | 178.162.203.226:80 | gatyfus.com | tcp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| DE | 178.162.203.202:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | lykymox.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | qebylug.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | pujygul.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | vojygut.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 172.67.136.136:80 | lysyvan.com | tcp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 104.155.138.21:80 | lygynud.com | tcp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| CN | 111.6.96.18:80 | lyrysor.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
Files
memory/2872-0-0x0000000000400000-0x0000000000596000-memory.dmp
memory/2872-1-0x0000000000290000-0x00000000002E8000-memory.dmp
memory/2872-2-0x0000000000400000-0x0000000000464000-memory.dmp
memory/2872-3-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2872-4-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-6-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-8-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-10-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-14-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-15-0x0000000000400000-0x0000000000596000-memory.dmp
memory/2872-12-0x0000000001DE0000-0x0000000001E94000-memory.dmp
memory/2872-16-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-18-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-22-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-20-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-54-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-56-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-60-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-55-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-57-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-58-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-79-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-59-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-62-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-92-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-61-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-63-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-65-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-64-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-66-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-67-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-68-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-73-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-76-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-97-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-96-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-95-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-94-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-93-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-91-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-90-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-89-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-88-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-87-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-86-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-85-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-84-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-83-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-82-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-81-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-80-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-78-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-77-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-75-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-74-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-72-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-71-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-70-0x00000000027A0000-0x0000000002863000-memory.dmp
memory/2872-69-0x00000000027A0000-0x0000000002863000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\396.tmp
| MD5 | 8aeb3c3ed6df6d1489b61be4bb282c2f |
| SHA1 | 0eb1fd79669c8b54e338c5cf2145b3fe265c231e |
| SHA256 | e107d4800424c74a05664fc1660ca9dff83146d4f288dc34ddb03639f5d29267 |
| SHA512 | a802bbefb667190982f6fe67b8cb6c7609ffc439d7edffda20c0de09c99819da1a370aad6bffff51d4fa91d369923d9d44b466040f4f3baad1f2d1e69cde9350 |
C:\Users\Admin\AppData\Local\Temp\346.tmp
| MD5 | a19b22b13067480da79ea9f5e78bbde1 |
| SHA1 | 096d62a600b2ce0a3041c27ca0cf672902c5e467 |
| SHA256 | ca4ff023cc7850a2fbc6426561c4924b3a06fcc276cdc4cf60746c087388d95b |
| SHA512 | ea6e3c218bdc56d156683c4d024a0c0e00b628af42c9f7fcd837b95aba36a2d452fbe14440654b5c46cc8486279a599a47b69011c1257b44895d67caff761d49 |
memory/2872-218-0x0000000000290000-0x00000000002E8000-memory.dmp
memory/2872-219-0x0000000000400000-0x0000000000464000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-30 13:19
Reported
2024-10-30 13:21
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7f57583bb712456c4352e068ab6e9184_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |