Analysis Overview
SHA256
fb7090afa187d1404a763ce8352a48a9c6fa47da4f1c0dd1b0cbfb87a59c56e0
Threat Level: Known bad
The file 03e11938813980f4ee92eafaa1ef0941.exe was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Adds Run key to start application
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-01 19:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-01 19:53
Reported
2024-01-01 19:56
Platform
win7-20231129-en
Max time kernel
46s
Max time network
123s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\Groztcac = "C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\PlozbGIa\\BitLockerWizardElev.exe" | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1368 wrote to memory of 1852 | N/A | N/A | C:\Windows\system32\eudcedit.exe |
| PID 1368 wrote to memory of 1852 | N/A | N/A | C:\Windows\system32\eudcedit.exe |
| PID 1368 wrote to memory of 1852 | N/A | N/A | C:\Windows\system32\eudcedit.exe |
| PID 1368 wrote to memory of 2452 | N/A | N/A | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe |
| PID 1368 wrote to memory of 2452 | N/A | N/A | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe |
| PID 1368 wrote to memory of 2452 | N/A | N/A | C:\Users\Admin\AppData\Local\uTM\eudcedit.exe |
| PID 1368 wrote to memory of 1080 | N/A | N/A | C:\Windows\system32\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 1080 | N/A | N/A | C:\Windows\system32\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 1080 | N/A | N/A | C:\Windows\system32\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 2528 | N/A | N/A | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 2528 | N/A | N/A | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 2528 | N/A | N/A | C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe |
| PID 1368 wrote to memory of 2676 | N/A | N/A | C:\Windows\system32\tabcal.exe |
| PID 1368 wrote to memory of 2676 | N/A | N/A | C:\Windows\system32\tabcal.exe |
| PID 1368 wrote to memory of 2676 | N/A | N/A | C:\Windows\system32\tabcal.exe |
| PID 1368 wrote to memory of 2008 | N/A | N/A | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe |
| PID 1368 wrote to memory of 2008 | N/A | N/A | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe |
| PID 1368 wrote to memory of 2008 | N/A | N/A | C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03e11938813980f4ee92eafaa1ef0941.dll,#1
C:\Windows\system32\eudcedit.exe
C:\Windows\system32\eudcedit.exe
C:\Users\Admin\AppData\Local\uTM\eudcedit.exe
C:\Users\Admin\AppData\Local\uTM\eudcedit.exe
C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe
C:\Users\Admin\AppData\Local\GfMbS8QNW\BitLockerWizardElev.exe
C:\Windows\system32\BitLockerWizardElev.exe
C:\Windows\system32\BitLockerWizardElev.exe
C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe
C:\Users\Admin\AppData\Local\aJKv2KXX\tabcal.exe
C:\Windows\system32\tabcal.exe
C:\Windows\system32\tabcal.exe
Network
Files
memory/2916-0-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/2916-2-0x0000000000110000-0x0000000000117000-memory.dmp
memory/1368-4-0x0000000077B06000-0x0000000077B07000-memory.dmp
memory/1368-15-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-31-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-35-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-37-0x0000000002B20000-0x0000000002B27000-memory.dmp
memory/1368-46-0x0000000077D70000-0x0000000077D72000-memory.dmp
memory/1368-45-0x0000000077C11000-0x0000000077C12000-memory.dmp
memory/1368-44-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-61-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-55-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-36-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-34-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-33-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-32-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-30-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/2452-73-0x0000000140000000-0x00000001401B7000-memory.dmp
memory/2452-78-0x0000000140000000-0x00000001401B7000-memory.dmp
memory/2452-75-0x0000000000090000-0x0000000000097000-memory.dmp
memory/1368-29-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-28-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-27-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-26-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-25-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-24-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-23-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-22-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-21-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-20-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-19-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-18-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-17-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-16-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-14-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-13-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-12-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-11-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-10-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/2528-97-0x0000000140000000-0x00000001401B1000-memory.dmp
memory/2528-102-0x0000000140000000-0x00000001401B1000-memory.dmp
memory/2528-99-0x0000000000220000-0x0000000000227000-memory.dmp
memory/1368-9-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/2916-8-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-7-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/1368-5-0x0000000002B40000-0x0000000002B41000-memory.dmp
memory/1368-144-0x0000000077B06000-0x0000000077B07000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-01 19:53
Reported
2024-01-01 19:56
Platform
win10v2004-20231215-en
Max time kernel
8s
Max time network
150s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\xc8V\rstrui.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Rjk\sigverif.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\xc8V\rstrui.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Rjk\sigverif.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kqgfxymewp = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Office\\Recent\\vSNl\\rstrui.exe" | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\xc8V\rstrui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Rjk\sigverif.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3364 wrote to memory of 3980 | N/A | N/A | C:\Windows\system32\wlrmdr.exe |
| PID 3364 wrote to memory of 3980 | N/A | N/A | C:\Windows\system32\wlrmdr.exe |
| PID 3364 wrote to memory of 3300 | N/A | N/A | C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe |
| PID 3364 wrote to memory of 3300 | N/A | N/A | C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe |
| PID 3364 wrote to memory of 4784 | N/A | N/A | C:\Windows\system32\rstrui.exe |
| PID 3364 wrote to memory of 4784 | N/A | N/A | C:\Windows\system32\rstrui.exe |
| PID 3364 wrote to memory of 4636 | N/A | N/A | C:\Users\Admin\AppData\Local\xc8V\rstrui.exe |
| PID 3364 wrote to memory of 4636 | N/A | N/A | C:\Users\Admin\AppData\Local\xc8V\rstrui.exe |
| PID 3364 wrote to memory of 3436 | N/A | N/A | C:\Windows\system32\sigverif.exe |
| PID 3364 wrote to memory of 3436 | N/A | N/A | C:\Windows\system32\sigverif.exe |
| PID 3364 wrote to memory of 4224 | N/A | N/A | C:\Users\Admin\AppData\Local\Rjk\sigverif.exe |
| PID 3364 wrote to memory of 4224 | N/A | N/A | C:\Users\Admin\AppData\Local\Rjk\sigverif.exe |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03e11938813980f4ee92eafaa1ef0941.dll,#1
C:\Windows\system32\wlrmdr.exe
C:\Windows\system32\wlrmdr.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\rstrui.exe
C:\Users\Admin\AppData\Local\Rjk\sigverif.exe
C:\Users\Admin\AppData\Local\Rjk\sigverif.exe
C:\Windows\system32\sigverif.exe
C:\Windows\system32\sigverif.exe
C:\Users\Admin\AppData\Local\xc8V\rstrui.exe
C:\Users\Admin\AppData\Local\xc8V\rstrui.exe
C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe
C:\Users\Admin\AppData\Local\kkeYnOm4\wlrmdr.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.17.96.in-addr.arpa | udp |
Files
memory/3660-0-0x0000024D0CFA0000-0x0000024D0CFA7000-memory.dmp
memory/3660-1-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-4-0x0000000002F50000-0x0000000002F51000-memory.dmp
memory/3660-7-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-15-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-25-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-33-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-38-0x0000000002EE0000-0x0000000002EE7000-memory.dmp
memory/3364-44-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-45-0x00007FFF70720000-0x00007FFF70730000-memory.dmp
memory/3364-56-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-54-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-36-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-35-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-34-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-32-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-31-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-30-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3300-68-0x0000019932880000-0x0000019932887000-memory.dmp
memory/3300-71-0x0000000140000000-0x00000001401F6000-memory.dmp
memory/4636-88-0x0000000140000000-0x00000001401B1000-memory.dmp
memory/4224-102-0x000001DAF5240000-0x000001DAF5247000-memory.dmp
memory/4224-105-0x0000000140000000-0x00000001401B1000-memory.dmp
memory/4636-83-0x000002489A9B0000-0x000002489A9B7000-memory.dmp
memory/4636-82-0x0000000140000000-0x00000001401B1000-memory.dmp
memory/3300-65-0x0000000140000000-0x00000001401F6000-memory.dmp
memory/3364-29-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-28-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-27-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-26-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-24-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-23-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-22-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-21-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-20-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-19-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-18-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-17-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-16-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-14-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-13-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-12-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-11-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-10-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-8-0x0000000140000000-0x00000001401B0000-memory.dmp
memory/3364-9-0x00007FFF6E88A000-0x00007FFF6E88B000-memory.dmp
memory/3364-6-0x0000000140000000-0x00000001401B0000-memory.dmp