Analysis Overview
SHA256
1ec45908ab3963572f2a79ddb1bf54f957e39b8a01f30fc54397317db93663f8
Threat Level: Known bad
The file 237197e4b0362983487191d246802ef2 was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Checks whether UAC is enabled
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-31 01:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-31 01:52
Reported
2024-01-05 03:07
Platform
win7-20231215-en
Max time kernel
152s
Max time network
133s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\Run\Niubkzso = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\9KUS4V\\SndVol.exe" | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1300 wrote to memory of 2764 | N/A | N/A | C:\Windows\system32\Magnify.exe |
| PID 1300 wrote to memory of 2764 | N/A | N/A | C:\Windows\system32\Magnify.exe |
| PID 1300 wrote to memory of 2764 | N/A | N/A | C:\Windows\system32\Magnify.exe |
| PID 1300 wrote to memory of 3004 | N/A | N/A | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe |
| PID 1300 wrote to memory of 3004 | N/A | N/A | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe |
| PID 1300 wrote to memory of 3004 | N/A | N/A | C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe |
| PID 1300 wrote to memory of 2968 | N/A | N/A | C:\Windows\system32\SndVol.exe |
| PID 1300 wrote to memory of 2968 | N/A | N/A | C:\Windows\system32\SndVol.exe |
| PID 1300 wrote to memory of 2968 | N/A | N/A | C:\Windows\system32\SndVol.exe |
| PID 1300 wrote to memory of 268 | N/A | N/A | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe |
| PID 1300 wrote to memory of 268 | N/A | N/A | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe |
| PID 1300 wrote to memory of 268 | N/A | N/A | C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe |
| PID 1300 wrote to memory of 1392 | N/A | N/A | C:\Windows\system32\TpmInit.exe |
| PID 1300 wrote to memory of 1392 | N/A | N/A | C:\Windows\system32\TpmInit.exe |
| PID 1300 wrote to memory of 1392 | N/A | N/A | C:\Windows\system32\TpmInit.exe |
| PID 1300 wrote to memory of 1740 | N/A | N/A | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe |
| PID 1300 wrote to memory of 1740 | N/A | N/A | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe |
| PID 1300 wrote to memory of 1740 | N/A | N/A | C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\237197e4b0362983487191d246802ef2.dll,#1
C:\Windows\system32\Magnify.exe
C:\Windows\system32\Magnify.exe
C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe
C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\SndVol.exe
C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe
C:\Users\Admin\AppData\Local\W9zOno7\SndVol.exe
C:\Windows\system32\TpmInit.exe
C:\Windows\system32\TpmInit.exe
C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe
C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe
Network
Files
memory/2312-0-0x0000000140000000-0x0000000140278000-memory.dmp
memory/2312-1-0x0000000000110000-0x0000000000117000-memory.dmp
memory/1300-4-0x0000000077986000-0x0000000077987000-memory.dmp
memory/1300-5-0x00000000026B0000-0x00000000026B1000-memory.dmp
memory/2312-7-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-8-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-11-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-13-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-15-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-16-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-21-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-23-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-24-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-26-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-28-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-31-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-30-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-34-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-35-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-33-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-32-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-37-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-38-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-40-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-41-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-42-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-43-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-39-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-44-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-45-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-46-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-36-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-47-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-49-0x0000000002680000-0x0000000002687000-memory.dmp
memory/1300-48-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-29-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-27-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-25-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-22-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-20-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-19-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-56-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-18-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-58-0x0000000077BF0000-0x0000000077BF2000-memory.dmp
memory/1300-57-0x0000000077A91000-0x0000000077A92000-memory.dmp
memory/1300-17-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-14-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-12-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-10-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-9-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-67-0x0000000140000000-0x0000000140278000-memory.dmp
memory/1300-73-0x0000000140000000-0x0000000140278000-memory.dmp
\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe
| MD5 | 25670619198b261cc229785ca3645d16 |
| SHA1 | 0c945cef84e71f77771c124684b73b497397656c |
| SHA256 | ad3c6a600a8bba614f78e2a18070485dadeaece7e1df22cac5c1bb95f95ec66b |
| SHA512 | f6522e50e7b7ac2bbcda98920491f04e4c84593cda798480ec14312bcbba27debc84d0761d59e198737638e351c502bd3855efae23355169a16c083ee1007899 |
C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe
| MD5 | e65470d86d7ca34533c429ed3f8f5740 |
| SHA1 | 91bc8f58bd13d6af3e354aaa89f2cbe6c99128d7 |
| SHA256 | c6a71578158db6f3b2c416b124a6ce9c059361ab855c629a31bf550a3209802e |
| SHA512 | ba51c9e3ed0f4088815ac7a0d4b5158f6cacea13e65c7b00d68a3475ede5fb956558a826a841490c9bbf384c5ea45bce0b56495f9470462d900b2d6331fd91fe |
C:\Users\Admin\AppData\Local\2DvHy84Rd\OLEACC.dll
| MD5 | 79f8732c8b33811a8e36f268fe95502b |
| SHA1 | c03bbc3b6841be472d5abb222b021d590ac47d5b |
| SHA256 | 3827970e187e0203b57ef4fc7ee363a1cad60c7e7566089b4b3122573c8ddf2a |
| SHA512 | cd53a6fa74177804290901f9c046b4f13b6437f024e3c997b65026955588e9db8c73d4539c9c65c46ff8c95248103617ed0a689f0eb3e37f691f32176923b36c |
\Users\Admin\AppData\Local\2DvHy84Rd\OLEACC.dll
| MD5 | 1fc69a5bc8584c5d1bb14a8a3d13fa49 |
| SHA1 | 91b2a334d46421fac98cea2fc55f92d19750811d |
| SHA256 | 5dc9ce7174650a586a3e7c569847d8e31d51a558a016c830bc8d1b89110aa966 |
| SHA512 | ee4630962c08706f21e9f61fa7a9486a96577dc85a8f69e34685c87c03cc9dd7d1beb96c7d75d0cbff59214b2225083a842c2e79beacefa768d5ec92fe705064 |
memory/3004-85-0x0000000000330000-0x0000000000337000-memory.dmp
C:\Users\Admin\AppData\Local\2DvHy84Rd\Magnify.exe
| MD5 | e4878e2cbd7622f3e9924ecb93fe8ad5 |
| SHA1 | cc07cb8e9ac808d4bc10afb3b40fb1059f6e6823 |
| SHA256 | dfa4f112cdbf8393f483b4e8e50e73a5c1724bb568727f44c2e38c0d6cb79a16 |
| SHA512 | fd5905d33d83cb318a0d17f523bfdd18ccac8305623a990d120d959782ac347aebb2c9a82ffce48e6291a5a140acebf94d7909e7d9ab6c692c86d965dadb618a |
memory/1300-96-0x0000000077986000-0x0000000077987000-memory.dmp
\Users\Admin\AppData\Local\W9zOno7\SndVol.exe
| MD5 | c3489639ec8e181044f6c6bfd3d01ac9 |
| SHA1 | e057c90b675a6da19596b0ac458c25d7440b7869 |
| SHA256 | a632ef1a1490d31d76f13997ee56f4f75796bf9e366c76446857e9ae855f4103 |
| SHA512 | 63b96c8afb8c3f5f969459531d3a543f6e8714d5ca1664c6bbb01edd9f5e850856931d7923f363c9dc7d8843deeaad69722d15993641d04e786e02184446c0c9 |
C:\Users\Admin\AppData\Local\W9zOno7\dwmapi.dll
| MD5 | 3f0d3e57a5589d004394f3ec7a4a9565 |
| SHA1 | d37d326036699debea1abf9cc399472ae0191b0c |
| SHA256 | 178c308dc8f04c09f7d8d11d7df9c38af7e54e5b754b3a2c5b1b2f977dd0ddba |
| SHA512 | 14dd811cd4e3cc2eabd300e6305e9952b5ee671dd39836cea709d9f5e6db92dc5d4017af1fc753b9951ab4c4e1df7b15150851033630ffb652e32d01cb58f49c |
memory/268-104-0x0000000000100000-0x0000000000107000-memory.dmp
C:\Users\Admin\AppData\Local\gOYlzgk\TpmInit.exe
| MD5 | 8b5eb38e08a678afa129e23129ca1e6d |
| SHA1 | a27d30bb04f9fabdb5c92d5150661a75c5c7bc42 |
| SHA256 | 4befa614e1b434b2f58c9e7ce947a946b1cf1834b219caeff42b3e36f22fd97c |
| SHA512 | a7245cde299c68db85370ae1bdf32a26208e2cda1311afd06b0efd410664f36cafb62bf4b7ce058e203dcc515c45ebdef01543779ead864f3154175b7b36647d |
C:\Users\Admin\AppData\Local\gOYlzgk\Secur32.dll
| MD5 | 3d501a84706e7cb75ac9caa88298d0de |
| SHA1 | 177dedc91d44eb2178967ebdae86adcdfe3981e9 |
| SHA256 | c0271df3b08b6c90b15a9b8f43ed6e7f2557489568fa1bf325c25c1078630c2c |
| SHA512 | 89720227bbc2e08a7475b43938f2b9a5c6034c0dd94f6903f7aead31ffb6030954fdaf7d61565c92c87c0d8906f8a510eb179c036dd695164a74e901e27d73a1 |
memory/1740-122-0x0000000000180000-0x0000000000187000-memory.dmp
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Efrsxj.lnk
| MD5 | 9ee5d382275967909c130a70ccb50995 |
| SHA1 | de08264452dfcfd3e9c83a9d5cbb63ee905cbdc8 |
| SHA256 | 8f20ef8fead08f94935c702855468e44fce350b1c8f8766b752ed0de10a0a5d1 |
| SHA512 | eae9b6f5010fb7cda56df689989651b7f7400319e45a43c5d22b82f17d0d0f3c15e858b523cbc4fe2ef1cbadbc2504d149dfddefe4309d112d18a415bb54f25a |
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\AWY\OLEACC.dll
| MD5 | cc8269f5e41e9c012550d54b509a1a16 |
| SHA1 | 80b9fd236265df823f32db5f326d44a587590b28 |
| SHA256 | 1b2c36c9152c2109bf6a1fc67a3f3dbfcbb8056eb5541e359ce6e1630f4e4346 |
| SHA512 | 81db5010fa8d889c20ac91ee9e1eb5614d3352c90e9fa3eeebddaf08fd512f3416f8b998ca074f3de020a39b5a2f756aa9e0aa8bcf99954812b55e8475f0e03a |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-31 01:52
Reported
2024-01-05 03:05
Platform
win10v2004-20231222-en
Max time kernel
3s
Max time network
121s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\237197e4b0362983487191d246802ef2.dll,#1
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Utilman.exe
C:\Windows\system32\Utilman.exe
C:\Users\Admin\AppData\Local\BiPoMJ\Taskmgr.exe
C:\Users\Admin\AppData\Local\BiPoMJ\Taskmgr.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\system32\SnippingTool.exe
C:\Users\Admin\AppData\Local\cEOVxZ\SnippingTool.exe
C:\Users\Admin\AppData\Local\cEOVxZ\SnippingTool.exe
C:\Users\Admin\AppData\Local\NbbiR1JBX\Utilman.exe
C:\Users\Admin\AppData\Local\NbbiR1JBX\Utilman.exe
C:\Users\Admin\AppData\Local\qho\msra.exe
C:\Users\Admin\AppData\Local\qho\msra.exe
C:\Windows\system32\msra.exe
C:\Windows\system32\msra.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.135.221.88.in-addr.arpa | udp |
Files
memory/2472-1-0x0000000140000000-0x0000000140278000-memory.dmp
memory/2472-0-0x00000174F9AE0000-0x00000174F9AE7000-memory.dmp
memory/3436-7-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-12-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-15-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-20-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-25-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-30-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-34-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-37-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-41-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-45-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-48-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-49-0x0000000000F80000-0x0000000000F87000-memory.dmp
memory/3436-56-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-57-0x00007FFE990E0000-0x00007FFE990F0000-memory.dmp
memory/3436-68-0x0000000140000000-0x0000000140278000-memory.dmp
memory/4020-84-0x0000000140000000-0x0000000140279000-memory.dmp
memory/4020-79-0x0000000140000000-0x0000000140279000-memory.dmp
memory/4020-78-0x000001D824DE0000-0x000001D824DE7000-memory.dmp
memory/3436-66-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-47-0x0000000140000000-0x0000000140278000-memory.dmp
memory/2412-95-0x0000000140000000-0x000000014027A000-memory.dmp
memory/2412-97-0x000001ED5B600000-0x000001ED5B607000-memory.dmp
memory/3436-46-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-44-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-43-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-42-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-40-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-39-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-38-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-36-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-35-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-33-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-32-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-31-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-29-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-28-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-27-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-26-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-24-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-23-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-22-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-21-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-19-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-18-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-17-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-16-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-14-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-13-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-11-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-10-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-9-0x00007FFE98C3A000-0x00007FFE98C3B000-memory.dmp
memory/3436-8-0x0000000140000000-0x0000000140278000-memory.dmp
memory/2472-6-0x0000000140000000-0x0000000140278000-memory.dmp
memory/3436-4-0x0000000002D80000-0x0000000002D81000-memory.dmp
memory/3188-124-0x000001F68E6E0000-0x000001F68E6E7000-memory.dmp