Analysis Overview
SHA256
a3d87f6734559fd09dd0d6a2d7807fa1d23a500a2e08bc8faa8af548ff28f14e
Threat Level: Known bad
The file 0a612c4f364319bd4698e2b32d0a3197 was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Checks whether UAC is enabled
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 01:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 01:40
Reported
2023-12-31 05:06
Platform
win7-20231215-en
Max time kernel
127s
Max time network
124s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\Lgpbj = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\JjlDp\\AdapterTroubleshooter.exe" | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a612c4f364319bd4698e2b32d0a3197.dll,#1
C:\Windows\system32\tcmsetup.exe
C:\Windows\system32\tcmsetup.exe
C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe
C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe
C:\Windows\system32\AdapterTroubleshooter.exe
C:\Windows\system32\AdapterTroubleshooter.exe
C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe
C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Windows\system32\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe
C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe
Network
Files
memory/2416-0-0x0000000140000000-0x0000000140183000-memory.dmp
memory/2416-1-0x00000000000A0000-0x00000000000A7000-memory.dmp
memory/1380-4-0x00000000774E6000-0x00000000774E7000-memory.dmp
memory/1380-10-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-18-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-23-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-30-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-35-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-43-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-47-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-46-0x0000000002560000-0x0000000002567000-memory.dmp
memory/1380-55-0x00000000776F1000-0x00000000776F2000-memory.dmp
memory/1380-56-0x0000000077850000-0x0000000077852000-memory.dmp
memory/1380-54-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-45-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-44-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-42-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-65-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-41-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-40-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-39-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-71-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-37-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-38-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-36-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-33-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-34-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-32-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-31-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-29-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-28-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-27-0x0000000140000000-0x0000000140183000-memory.dmp
\Users\Admin\AppData\Local\fRwd\TAPI32.dll
| MD5 | cd553d0d10109d832547d990b411ac78 |
| SHA1 | 8be0fdfe52f4917bb45b65391b23d35b78bb830f |
| SHA256 | bca9e3c367fe2c9f5c2e5689f2f597c8b7606aba9ec0e0a3403079ce909be0ff |
| SHA512 | dea00287b5029d70823c4bcbe02485c8dd0bac500903105b848c4053e1beb2c83af5636404415dbbab8dd76059c2f2bfe6cb4fd389c3c47ebe8ac6262ce144c1 |
memory/2564-83-0x0000000000500000-0x0000000000507000-memory.dmp
memory/2564-84-0x0000000140000000-0x0000000140185000-memory.dmp
C:\Users\Admin\AppData\Local\fRwd\TAPI32.dll
| MD5 | 11ed06bad77821a717d6a25257e99347 |
| SHA1 | c80a3ed1266fa50a27f4d6f114d45076dae47fd9 |
| SHA256 | d07260b18ac591fb67fa0b8f9d506291e8d3352ed99253ebc315e00b16093724 |
| SHA512 | 1a1819885f896f555cb2979950b6bf4f5042e27ae6ea966d7ae9cfe6b23950d3d928809de8c0c45cc9ff20200e41197b559c2260f76469073d0c0dd9598ccf61 |
C:\Users\Admin\AppData\Local\fRwd\tcmsetup.exe
| MD5 | 0b08315da0da7f9f472fbab510bfe7b8 |
| SHA1 | 33ba48fd980216becc532466a5ff8476bec0b31c |
| SHA256 | e19556bb7aa39bbd5f0d568a95aec0b3af18dda438cc5737f945243b24d106e7 |
| SHA512 | c30501546efe2b0c003ef87ac381e901c69ddfc6791c6a5102cff3a07f56555d94995a4413b93036821aa214fc31501fa87eb519e1890ef75b2ec497983ffd58 |
memory/1380-26-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-24-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-25-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-22-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-21-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-20-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-19-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-17-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-16-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-15-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-14-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-13-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-11-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-12-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-9-0x0000000140000000-0x0000000140183000-memory.dmp
memory/2416-8-0x0000000140000000-0x0000000140183000-memory.dmp
memory/1380-7-0x0000000140000000-0x0000000140183000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\LV3xjhIuvz\tcmsetup.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1380-5-0x0000000002580000-0x0000000002581000-memory.dmp
\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe
| MD5 | d4170c9ff5b2f85b0ce0246033d26919 |
| SHA1 | a76118e8775e16237cf00f2fb79718be0dc84db1 |
| SHA256 | d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da |
| SHA512 | 9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608 |
C:\Users\Admin\AppData\Local\fNr12E\d3d9.dll
| MD5 | e2ea513859108e5821321ac39c19fa41 |
| SHA1 | 466aa8b91acb502aaf5e0f8cbeaff1e7aec793f3 |
| SHA256 | 419937a73e46b8c35f7b72bd47dc493c9d75d4b6ca9ffbd16d8e1e513c708a82 |
| SHA512 | c3af8bf708d4af72705919280abb1e69a2f1479bdef3b66d34194ad01571e29b35583220300789f2e74a6ea06961e1cfe48adf6b161c969b1eca62e225fbcbc1 |
C:\Users\Admin\AppData\Local\fNr12E\AdapterTroubleshooter.exe
| MD5 | ae6c4ee740c66561ca2db031b0549388 |
| SHA1 | 2f008bc62ebad93babd2fc31296b86b163a85eb5 |
| SHA256 | f1b261ea6e416a55ceef74c30d8869e0aaf6a7946276eb50eb7e7e779e3430ae |
| SHA512 | 9727e81581eeadae5fa660bef71ded70d3d57f8a5532969c2795d298fac42f30bb63e2938cb0166c208b954c41ac4ebfb1f18ab11b37b4c0dee03e5ba06692aa |
\Users\Admin\AppData\Local\fNr12E\d3d9.dll
| MD5 | 9b5a209ff89eb06dd9b732aa7a6dc5bb |
| SHA1 | efe0df54db5c75656938e0bc1579b5bfd18e1af0 |
| SHA256 | c10a2d58f3ff635cf5bb46acaece09bb99162eab458bdf3fcebc0197c004af1f |
| SHA512 | 17f7b8ada432007445bcf345288af36f2ec0310a6d53ed1c59baae2c4f0a4b9219eebe579f4b6d16a4d497feac8113e8129b80734f4815bc7cbb47faa1597eb9 |
memory/796-100-0x00000000000F0000-0x00000000000F7000-memory.dmp
\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe
| MD5 | 332b947249c3a04c10ffc8a649d4290c |
| SHA1 | 7d2b5f650a1798482005f9c37c4c895ed582bf90 |
| SHA256 | 681c3d459335b019ed7c499b70f114fccc8c936029ca64361ae3fc29f8631276 |
| SHA512 | d1d6dbba12daa9a9477178a734c11e7a9a99702befa5fc6425384dba09268b8b5c59068821d8b7717aa04ec23b31478a1fb2dbca4a7f2c03b81eeedaa5d1a1e0 |
C:\Users\Admin\AppData\Local\ToGP\SYSDM.CPL
| MD5 | fe18e0957b4f9876127c2cc08dd60d8b |
| SHA1 | 630236c832130f9fb616c165f4b97f83b7dc515c |
| SHA256 | f89b94d6f9560b98a8711cb64706dcf2111f9bf59b77e2fa496ee2c055f46113 |
| SHA512 | acad2c5715f34805a114eeb8b6145eeda0011ceb34655596c658e5e5a6cbcc3367e0703fda28dc5c7e0c560652b10105509a2a0f9b072bf2a6d1d2ffea4bb572 |
\Users\Admin\AppData\Local\ToGP\SYSDM.CPL
| MD5 | 8df124721077aebf708a5c1b64709b7b |
| SHA1 | aada6eef7e206213688c1d9a1e0d6e3c10e7a772 |
| SHA256 | 339682b2c8606aee7d10840e91e170fabca2bf8b6a910ee4cf4fc4b80b2dd9f2 |
| SHA512 | e0862ca2583c6d2f23a5f9b91a3532374d26179c93c09c232505fde86ecb623eecccffee35237a1c319189b0c27f11b951f086087a1ec3f12000afb8b6709db0 |
memory/2480-118-0x0000000000210000-0x0000000000217000-memory.dmp
C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe
| MD5 | 9af3659bf2776ac3daec2146b257013e |
| SHA1 | df8afd941b73e43c5bba781ee55e96eeb598fa70 |
| SHA256 | 61a8d562e11d5237d2888d0e18e7c1850c6559da4fa226c296377be307c84c7e |
| SHA512 | 458fc9f65f5e5d9ae9d12fecc5af4a8b4a4833446f4337eab22eb52a77591aee2d57648a10a37bfe54d1db84fb399f0a0797bce7f2ebc423c15b4790a619ec7d |
C:\Users\Admin\AppData\Local\ToGP\SystemPropertiesAdvanced.exe
| MD5 | 7eddb8647f66b938ab7b098e5ad88645 |
| SHA1 | 5a3c098d7a535724a59088500e308e227b751465 |
| SHA256 | 08eec5e3e1bd46d3f1badcbda0f5bd4017e335f486a2bf1a59dc280a30a76bb4 |
| SHA512 | e94b337580e21e70342e5dd0f9543046826e0b7b9503c5956a2ce8a8b12117e80b7e2c4ebb2a172cabbf3500a5f4c6d1f68b151e7d368a60d1037b301652bd0c |
memory/1380-130-0x00000000774E6000-0x00000000774E7000-memory.dmp
\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UNYu\SystemPropertiesAdvanced.exe
| MD5 | 4940c9f81b244b6e1d886b366c264237 |
| SHA1 | 43ad557a889bab02a764779501a81470d1dd6111 |
| SHA256 | 5e056cc7c12686a4124e4aff360766acbee71e4bdfaf7e8ee89eddb0e70173d6 |
| SHA512 | 67f5f07ac9ee62eb73a0a9d70458e9f84257ef88492279ae723e0fc7f4f8f8bc1d253198d7784d270a1ea7c7792949c00bb3f25e160bd4599a7496462487c564 |
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yiudzqwx.lnk
| MD5 | 9bd4d5b19ebc5fe26cde8e7c8b3c3c53 |
| SHA1 | bd881e7fecfd2f4e761f50bcc88c25512cd6193d |
| SHA256 | 6e8fd82f8faac78f98eedeb4a256751879c54307f6a2a942af8c279a05487f49 |
| SHA512 | a9b0b82b67f29e81fd902fa81cddf803a2c3b3e5b67b954a7ceda5eb7169bf4adbf1c56f7d78d8dc981b4171daaabe98c833e7b4014aa4103b6dbc3399624115 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\LV3xjhIuvz\TAPI32.dll
| MD5 | 2874ec8cb61f3ea1d78ad56cc33ec5b8 |
| SHA1 | 37b8b2618154d9f3df478ccd120fdbb2979147a3 |
| SHA256 | 1eb3c55d22cb9f65c382e5176279a2b4af24ad4a49d596a5327565f3785384c4 |
| SHA512 | 1ab98664e2b58e9dd1cf72fb462779e7399f4a0df3b37e018a1b9681f4c6fda5dcff474093b09dc7aeca5493ca5087671d58075a9bcad7bbe76fb6468f29a398 |
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\JjlDp\d3d9.dll
| MD5 | d8c5a61bcb24cc57e8edbc11e31cbb21 |
| SHA1 | 42cd79cc635d2063466502548e858772c9ed5f74 |
| SHA256 | 051561799bbf42dc11e84ee890c71e4ea08b12c81864c8b83224a2d110231ead |
| SHA512 | 92ed5acc324d815ef3304c1dab88878d8f2006469c7a5286bfb8bd49e22620196017a1d8fb54c86ad5c571bd27c97b66e658427ce9a21d713c1051b0b6a163ce |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 01:40
Reported
2023-12-31 05:06
Platform
win10v2004-20231215-en
Max time kernel
0s
Max time network
65s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a612c4f364319bd4698e2b32d0a3197.dll,#1
C:\Users\Admin\AppData\Local\WR9\rdpinit.exe
C:\Users\Admin\AppData\Local\WR9\rdpinit.exe
C:\Windows\system32\SysResetErr.exe
C:\Windows\system32\SysResetErr.exe
C:\Windows\system32\rdpinit.exe
C:\Windows\system32\rdpinit.exe
C:\Users\Admin\AppData\Local\GgAXdQI\mspaint.exe
C:\Users\Admin\AppData\Local\GgAXdQI\mspaint.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\mspaint.exe
C:\Users\Admin\AppData\Local\skcTKB8\SysResetErr.exe
C:\Users\Admin\AppData\Local\skcTKB8\SysResetErr.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
Files
memory/2796-2-0x00000270C72C0000-0x00000270C72C7000-memory.dmp
memory/2796-0-0x0000000140000000-0x0000000140183000-memory.dmp
memory/2796-7-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-14-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-21-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-28-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-35-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-43-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-49-0x0000000007A50000-0x0000000007A57000-memory.dmp
memory/3512-54-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-55-0x00007FF8E0F80000-0x00007FF8E0F90000-memory.dmp
memory/3512-66-0x0000000140000000-0x0000000140183000-memory.dmp
memory/396-75-0x0000000140000000-0x0000000140184000-memory.dmp
memory/396-81-0x0000000140000000-0x0000000140184000-memory.dmp
memory/396-76-0x0000015CCC890000-0x0000015CCC897000-memory.dmp
memory/3552-92-0x000001BD03140000-0x000001BD03147000-memory.dmp
memory/3552-93-0x0000000140000000-0x00000001401C9000-memory.dmp
memory/3764-112-0x00000270683F0000-0x00000270683F7000-memory.dmp
memory/3512-64-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-46-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-45-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-44-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-42-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-41-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-40-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-39-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-38-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-37-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-36-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-34-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-33-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-32-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-31-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-30-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-29-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-27-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-26-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-25-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-24-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-23-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-22-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-20-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-19-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-18-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-17-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-16-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-15-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-13-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-12-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-11-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-10-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-9-0x00007FF8DF6AA000-0x00007FF8DF6AB000-memory.dmp
memory/3512-8-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-6-0x0000000140000000-0x0000000140183000-memory.dmp
memory/3512-4-0x0000000007C00000-0x0000000007C01000-memory.dmp