Malware Analysis Report

2025-08-05 14:34

Sample ID 221126-28t6wsff8x
Target 534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e
SHA256 534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e
Tags
nanocore evasion keylogger persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e

Threat Level: Known bad

The file 534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e was found to be: Known bad.

Malicious Activity Summary

nanocore evasion keylogger persistence spyware stealer trojan

NanoCore

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of SetThreadContext

Drops file in Program Files directory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-26 23:15

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-26 23:15

Reported

2022-11-27 17:00

Platform

win10v2004-20220812-en

Max time kernel

158s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DDP Manager = "C:\\Program Files (x86)\\DDP Manager\\ddpmgr.exe" C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\DDP Manager\ddpmgr.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A
File opened for modification C:\Program Files (x86)\DDP Manager\ddpmgr.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 800 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

Network

Country Destination Domain Proto
N/A 52.168.117.170:443 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp

Files

memory/800-132-0x0000000074EC0000-0x0000000075471000-memory.dmp

memory/800-133-0x0000000074EC0000-0x0000000075471000-memory.dmp

memory/4648-134-0x0000000000000000-mapping.dmp

memory/4648-135-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4648-136-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4648-137-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4648-139-0x0000000074EC0000-0x0000000075471000-memory.dmp

memory/800-140-0x0000000074EC0000-0x0000000075471000-memory.dmp

memory/4648-141-0x0000000074EC0000-0x0000000075471000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-26 23:15

Reported

2022-11-27 16:59

Platform

win7-20220901-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AGP Manager = "C:\\Program Files (x86)\\AGP Manager\\agpmgr.exe" C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\AGP Manager\agpmgr.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A
File opened for modification C:\Program Files (x86)\AGP Manager\agpmgr.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe
PID 1724 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe

"C:\Users\Admin\AppData\Local\Temp\534e8c82674ceb71cc3fb0da8e2757a2b04f77ff5369c788a64d3cb7e312e46e.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp
N/A 8.8.8.8:53 connectbackto.twilightparadox.com udp
N/A 8.8.4.4:53 connectbackto.twilightparadox.com udp

Files

memory/1724-54-0x0000000074B51000-0x0000000074B53000-memory.dmp

memory/1724-55-0x00000000742A0000-0x000000007484B000-memory.dmp

memory/2028-56-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2028-57-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2028-59-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2028-61-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1724-63-0x0000000002156000-0x0000000002167000-memory.dmp

memory/2028-65-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2028-67-0x000000000041E792-mapping.dmp

memory/2028-69-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2028-71-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1724-73-0x00000000742A0000-0x000000007484B000-memory.dmp

memory/1724-74-0x0000000002156000-0x0000000002167000-memory.dmp

memory/2028-75-0x00000000742A0000-0x000000007484B000-memory.dmp

memory/2028-76-0x00000000742A0000-0x000000007484B000-memory.dmp