Analysis Overview
SHA256
8792ad217a3e74c8b3f09da095c98b0f75074e3d0a52711ccd46ff40b6e44d51
Threat Level: Known bad
The file 2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Modifies Installed Components in the registry
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-02-26 01:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-26 01:05
Reported
2024-02-26 01:08
Platform
win7-20240221-en
Max time kernel
133s
Max time network
125s
Command Line
Signatures
Cobaltstrike
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1968 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe | C:\Windows\Explorer.EXE |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\explorer.exe
explorer.exe
Network
Files
memory/1256-0-0x0000000002C00000-0x0000000002C01000-memory.dmp
memory/1256-1-0x0000000002C00000-0x0000000002C01000-memory.dmp
memory/1256-2-0x0000000002BE0000-0x0000000002BE1000-memory.dmp
memory/2996-3-0x0000000004240000-0x0000000004241000-memory.dmp
memory/2996-4-0x0000000004240000-0x0000000004241000-memory.dmp
memory/2996-8-0x0000000002750000-0x0000000002760000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-26 01:05
Reported
2024-02-26 01:08
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Cobaltstrike
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4992 wrote to memory of 3532 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe | C:\Windows\Explorer.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-26_20b5cf2c27b496d579eff920b6b020ea_ryuk.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| US | 8.8.8.8:53 | 234.58.204.154.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | 154.204.58.234 | tcp |
| HK | 154.204.58.234:4433 | tcp | |
| HK | 154.204.58.234:4433 | tcp |
Files
memory/3532-0-0x0000000002900000-0x0000000002901000-memory.dmp
memory/3532-1-0x000000000CE20000-0x000000000D292000-memory.dmp
memory/3532-2-0x000000000C620000-0x000000000CA20000-memory.dmp
memory/3532-3-0x000000000D2A0000-0x000000000D712000-memory.dmp
memory/3532-4-0x000000000CA20000-0x000000000CE20000-memory.dmp
memory/3532-5-0x000000000D720000-0x000000000DB92000-memory.dmp
memory/3532-6-0x000000000C620000-0x000000000CA20000-memory.dmp
memory/3532-7-0x000000000DBA0000-0x000000000E012000-memory.dmp
memory/3532-8-0x000000000CA20000-0x000000000CE20000-memory.dmp
memory/3532-9-0x000000000E020000-0x000000000E492000-memory.dmp
memory/3532-10-0x000000000C620000-0x000000000C786000-memory.dmp
memory/3532-11-0x000000000ECA0000-0x000000000F112000-memory.dmp
memory/3532-12-0x000000000E4A0000-0x000000000E8A0000-memory.dmp
memory/3532-13-0x000000000F120000-0x000000000F592000-memory.dmp
memory/3532-14-0x000000000E8A0000-0x000000000ECA0000-memory.dmp
memory/3532-15-0x000000000C620000-0x000000000CA20000-memory.dmp
memory/3532-16-0x000000000F5A0000-0x000000000FA12000-memory.dmp
memory/3532-17-0x000000000E4A0000-0x000000000E5FC000-memory.dmp
memory/3532-18-0x000000000C620000-0x000000000CA20000-memory.dmp
memory/3532-19-0x000000000CA20000-0x000000000CE20000-memory.dmp
memory/3532-20-0x000000000FE20000-0x0000000010292000-memory.dmp
memory/3532-21-0x000000000C620000-0x000000000C786000-memory.dmp
memory/3532-22-0x000000000E710000-0x000000000E873000-memory.dmp
memory/3532-23-0x00000000106A0000-0x0000000010B12000-memory.dmp
memory/3532-24-0x000000000E4A0000-0x000000000E8A0000-memory.dmp
memory/3532-25-0x000000000FA20000-0x000000000FE20000-memory.dmp
memory/3532-26-0x000000000E8A0000-0x000000000ECA0000-memory.dmp
memory/3532-27-0x0000000010B20000-0x0000000010F92000-memory.dmp
memory/3532-28-0x00000000102A0000-0x00000000106A0000-memory.dmp
memory/3532-29-0x000000000E4A0000-0x000000000E5FC000-memory.dmp
memory/3532-30-0x00000000113A0000-0x0000000011812000-memory.dmp
memory/3532-31-0x00000000102A0000-0x00000000106A0000-memory.dmp
memory/3532-32-0x0000000011820000-0x0000000011C92000-memory.dmp
memory/3532-33-0x000000000E710000-0x000000000E873000-memory.dmp
memory/3532-34-0x0000000010FA0000-0x00000000110F8000-memory.dmp
memory/3532-35-0x0000000011CA0000-0x0000000012112000-memory.dmp
memory/3532-36-0x000000000FA20000-0x000000000FE20000-memory.dmp
memory/3532-37-0x00000000102A0000-0x00000000103FD000-memory.dmp
memory/3532-38-0x00000000102A0000-0x00000000106A0000-memory.dmp
memory/3532-39-0x0000000012920000-0x0000000012D92000-memory.dmp
memory/3532-40-0x0000000012DA0000-0x0000000013212000-memory.dmp
memory/3532-41-0x0000000013220000-0x0000000013692000-memory.dmp
memory/3532-42-0x0000000010FA0000-0x00000000110F8000-memory.dmp
memory/3532-43-0x00000000124A0000-0x00000000125FF000-memory.dmp
memory/3532-44-0x00000000102A0000-0x00000000103FD000-memory.dmp
memory/3532-45-0x0000000013AA0000-0x0000000013F12000-memory.dmp
memory/3532-46-0x00000000136A0000-0x0000000013AA0000-memory.dmp
memory/3532-47-0x0000000012120000-0x0000000012520000-memory.dmp
memory/3532-48-0x00000000124A0000-0x00000000125FF000-memory.dmp
memory/3532-49-0x00000000136A0000-0x0000000013AA0000-memory.dmp