Malware Analysis Report

2025-03-14 22:30

Sample ID 240304-q5g7dacg97
Target b2492bdc843d49836c7e0fa80254293d
SHA256 851b07389dbd01277c3dbfd07f2a4614b61f22f73579f5a2620a8d153d829dc2
Tags
upx evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

851b07389dbd01277c3dbfd07f2a4614b61f22f73579f5a2620a8d153d829dc2

Threat Level: Known bad

The file b2492bdc843d49836c7e0fa80254293d was found to be: Known bad.

Malicious Activity Summary

upx evasion persistence

Modifies firewall policy service

UPX packed file

Adds Run key to start application

Unsigned PE

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-04 13:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-04 13:50

Reported

2024-03-04 13:53

Platform

win7-20240221-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe"

Signatures

Modifies firewall policy service

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsAPI32 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b2492bdc843d49836c7e0fa80254293d.exe" C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\DNS C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe

"C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe"

Network

Country Destination Domain Proto
AR 190.31.200.202:3128 tcp
HU 84.2.147.165:3128 tcp
LT 78.60.149.239:3128 tcp
BR 201.67.236.179:3128 tcp
CN 222.218.225.102:3128 tcp
MK 77.29.11.76:3128 tcp
CN 124.227.143.70:3128 tcp
FI 80.221.18.54:3128 tcp
BR 201.80.228.201:3128 tcp
BR 200.185.238.109:3128 tcp
IN 122.160.77.177:3128 tcp
BR 189.18.119.153:3128 tcp
SE 83.254.188.23:3128 tcp
IN 122.160.77.177:3128 tcp
AR 190.49.20.187:3128 tcp
BR 200.185.238.109:3128 tcp
CO 190.159.19.46:3128 tcp
BR 200.219.71.158:3128 tcp
FR 86.76.203.124:3128 tcp
NO 84.212.77.38:3128 tcp
RO 86.120.75.28:3128 tcp
HU 82.144.189.166:3128 tcp
BR 201.31.233.130:3128 tcp
CO 190.157.228.126:3128 tcp
IN 117.201.81.83:3128 tcp
RO 89.137.144.142:3128 tcp
BR 200.219.70.137:3128 tcp
BR 200.201.40.243:3128 tcp
AR 190.51.97.34:3128 tcp
BR 189.117.164.14:3128 tcp
CL 190.160.218.6:3128 tcp
IN 117.198.227.207:3128 tcp
BR 189.62.121.237:3128 tcp
RO 86.121.161.149:3128 tcp
RO 86.120.75.28:3128 tcp
IN 117.199.243.3:3128 tcp
BR 189.4.214.96:3128 tcp
AR 201.254.73.62:3128 tcp
IN 59.99.28.5:3128 tcp
CN 124.227.87.84:3128 tcp
RO 82.79.102.194:3128 tcp
CO 190.25.120.223:3128 tcp
PY 200.85.47.251:3128 tcp
BE 62.88.15.66:3128 tcp
BG 212.233.212.92:3128 tcp
AR 190.50.207.75:3128 tcp
BR 201.94.178.179:3128 tcp
AR 190.137.51.87:3128 tcp
AR 190.50.230.224:3128 tcp
CN 116.17.1.10:3128 tcp
CZ 86.49.32.40:3128 tcp
FI 80.221.49.144:3128 tcp
RO 82.79.102.194:3128 tcp
CN 60.24.70.67:3128 tcp
IN 59.93.50.160:3128 tcp
DE 89.46.1.27:3128 tcp
DE 82.115.27.83:3128 tcp
CN 121.231.63.0:3128 tcp
IN 59.99.28.7:3128 tcp
CN 117.91.23.176:3128 tcp
UY 190.135.20.95:3128 tcp
AR 200.115.218.115:3128 tcp
CN 59.53.219.167:3128 tcp
IN 59.99.28.7:3128 tcp
PY 200.85.47.251:3128 tcp
BR 189.51.154.126:3128 tcp
IN 117.198.227.207:3128 tcp
HU 80.98.132.147:3128 tcp
IN 59.88.122.174:3128 tcp
RO 89.38.59.64:3128 tcp
IN 59.88.122.174:3128 tcp
IN 121.245.144.196:3128 tcp
IN 59.90.147.73:3128 tcp
BR 201.94.178.179:3128 tcp
CO 190.26.131.125:3128 tcp
CN 222.92.183.94:3128 tcp
CN 60.171.106.111:3128 tcp
BR 189.52.18.113:3128 tcp
BR 201.94.178.179:3128 tcp
CN 60.212.193.255:3128 tcp
CN 58.50.209.36:3128 tcp
HU 91.146.176.224:3128 tcp
HU 62.165.243.200:3128 tcp
CO 190.159.19.46:3128 tcp
AR 201.253.164.77:3128 tcp
TH 124.121.88.2:3128 tcp
AR 190.226.23.3:3128 tcp
CN 117.91.23.176:3128 tcp
CN 222.92.183.94:3128 tcp
CN 117.90.223.246:3128 tcp
TH 58.9.93.185:3128 tcp
VE 190.77.156.148:3128 tcp
TH 58.8.178.19:3128 tcp
AR 190.50.63.246:3128 tcp
AR 190.49.20.187:3128 tcp
BR 189.41.192.201:3128 tcp
AR 190.226.23.3:3128 tcp
IL 77.127.2.242:3128 tcp
BR 189.79.109.42:3128 tcp
IN 117.198.227.45:3128 tcp
BR 201.19.23.62:3128 tcp
LV 81.198.6.136:3128 tcp
TH 61.90.64.97:3128 tcp
RO 89.120.207.32:3128 tcp
BR 200.149.45.116:3128 tcp
DE 62.141.37.122:3128 tcp
CN 117.45.50.230:3128 tcp
IN 116.72.70.166:3128 tcp
BE 78.20.131.4:3128 tcp
KR 220.123.179.40:3128 tcp
CO 190.157.228.126:3128 tcp
BR 189.58.149.181:3128 tcp
GR 87.203.60.85:3128 tcp
CN 221.235.50.169:3128 tcp
IL 77.127.2.242:3128 tcp
BR 189.58.149.181:3128 tcp
CN 124.166.189.183:3128 tcp
AR 190.50.52.154:3128 tcp
AR 190.31.200.202:3128 tcp
BR 200.97.187.249:3128 tcp
BR 201.46.245.144:3128 tcp
IN 59.99.4.74:3128 tcp
AR 190.226.23.3:3128 tcp
DE 78.53.13.50:3128 tcp
VE 190.200.24.71:3128 tcp
AR 201.213.184.160:3128 tcp
ES 83.165.142.185:3128 tcp
CN 219.153.228.143:3128 tcp
CN 121.46.25.219:3128 tcp
BR 201.95.200.32:3128 tcp
IL 79.177.107.105:3128 tcp
BR 189.106.61.103:3128 tcp
NO 84.212.77.38:3128 tcp
CN 125.85.224.42:3128 tcp
BR 201.31.233.130:3128 tcp
BR 201.8.241.196:3128 tcp
AR 190.49.28.112:3128 tcp
TH 58.8.178.19:3128 tcp
LT 78.59.46.64:3128 tcp
BR 189.52.18.113:3128 tcp
UY 190.135.20.95:3128 tcp
NO 84.208.134.40:3128 tcp
CR 201.194.214.247:3128 tcp
HU 91.146.176.224:3128 tcp
CN 222.132.251.117:3128 tcp
IN 59.93.50.160:3128 tcp
CN 121.32.214.179:3128 tcp
SE 85.227.193.156:3128 tcp
CN 59.53.219.167:3128 tcp
CN 124.166.189.183:3128 tcp
TH 124.121.155.138:3128 tcp
CN 58.50.209.36:3128 tcp
BR 201.67.236.179:3128 tcp
BR 201.0.145.169:3128 tcp
AR 190.50.230.224:3128 tcp
CN 58.50.209.36:3128 tcp
BR 189.58.149.181:3128 tcp
IN 59.92.192.150:3128 tcp
CN 125.93.151.58:3128 tcp
TH 58.8.172.233:3128 tcp
CN 125.93.151.58:3128 tcp
BR 201.8.225.193:3128 tcp
ES 83.165.142.185:3128 tcp
GR 87.203.60.85:3128 tcp
BR 189.95.82.16:3128 tcp
BR 200.103.197.106:3128 tcp
IN 59.99.28.5:3128 tcp
IN 59.94.100.90:3128 tcp
LV 81.198.6.136:3128 tcp
AR 190.49.20.187:3128 tcp
LT 78.59.46.64:3128 tcp
AR 190.51.97.34:3128 tcp
US 69.117.247.1:3128 tcp
UY 190.135.17.1:3128 tcp
CN 125.93.151.58:3128 tcp
PL 77.252.60.46:3128 tcp
MX 200.39.115.7:3128 tcp
CO 201.232.59.50:3128 tcp
IL 77.127.2.242:3128 tcp
NO 84.212.77.38:3128 tcp
CO 201.232.59.50:3128 tcp
BR 200.219.71.158:3128 tcp
BG 212.233.212.92:3128 tcp
UY 190.135.17.1:3128 tcp
AR 190.50.207.75:3128 tcp
IN 59.93.50.160:3128 tcp
NL 217.120.129.70:3128 tcp
HU 84.3.202.190:3128 tcp
IN 59.99.4.74:3128 tcp
CN 222.92.183.94:3128 tcp
AR 190.31.200.202:3128 tcp
BR 201.95.200.32:3128 tcp
BR 189.92.132.235:3128 tcp
AR 201.254.73.62:3128 tcp
CO 190.157.228.126:3128 tcp
BR 201.19.23.62:3128 tcp
PT 85.240.33.196:3128 tcp
NL 217.120.129.70:3128 tcp
BR 201.92.217.149:3128 tcp
CN 116.17.1.10:3128 tcp
RO 86.120.75.28:3128 tcp
CN 59.53.219.167:3128 tcp
IN 123.237.41.134:3128 tcp
BR 201.31.233.130:3128 tcp
BR 189.29.108.228:3128 tcp
IN 59.93.50.160:3128 tcp
IN 117.199.243.3:3128 tcp
BG 212.233.212.92:3128 tcp
TH 58.8.172.233:3128 tcp
IN 59.90.147.73:3128 tcp
IN 122.169.5.193:3128 tcp
CN 116.17.70.240:3128 tcp
UY 164.73.172.117:3128 tcp
DE 217.76.52.182:3128 tcp
CO 190.157.228.126:3128 tcp
GR 62.38.55.146:3128 tcp
CN 219.137.80.4:3128 tcp
DE 217.76.52.182:3128 tcp
CO 190.25.120.223:3128 tcp
IN 59.99.28.5:3128 tcp
AR 201.253.174.235:3128 tcp
PK 58.27.167.111:3128 tcp
BR 201.80.228.201:3128 tcp
BR 189.74.151.70:3128 tcp
IN 117.198.227.45:3128 tcp
CN 116.17.1.10:3128 tcp
AR 190.137.95.177:3128 tcp
UY 190.135.20.95:3128 tcp
PY 200.85.47.252:3128 tcp
IN 59.99.28.7:3128 tcp
BR 201.95.193.102:3128 tcp
DE 78.53.11.247:3128 tcp
BR 189.62.121.237:3128 tcp
CN 218.61.224.130:3128 tcp
LT 78.59.46.64:3128 tcp
RO 89.137.144.142:3128 tcp
IN 118.94.23.117:3128 tcp
HU 82.144.189.166:3128 tcp
RO 86.120.75.28:3128 tcp
BR 189.79.99.191:3128 tcp
CN 60.212.194.120:3128 tcp
BR 189.31.139.247:3128 tcp
GR 62.38.55.146:3128 tcp
TH 58.8.178.19:3128 tcp
RO 78.97.163.148:3128 tcp
IN 117.199.243.3:3128 tcp
BR 201.26.99.177:3128 tcp
CN 121.41.212.189:3128 tcp
CN 211.144.95.136:3128 tcp
BR 189.29.108.228:3128 tcp
IL 77.125.158.46:3128 tcp
BR 189.42.164.184:3128 tcp
TH 58.8.177.209:3128 tcp
IN 117.199.243.3:3128 tcp
BR 189.79.109.42:3128 tcp
AR 200.127.104.197:3128 tcp
BR 189.74.151.70:3128 tcp
BR 189.4.214.96:3128 tcp
CN 124.227.87.84:3128 tcp
BR 189.71.161.6:3128 tcp
IN 122.169.5.193:3128 tcp
BR 189.106.160.108:3128 tcp
AR 201.213.184.160:3128 tcp
CN 218.19.177.60:3128 tcp
AR 190.50.207.75:3128 tcp
CN 117.91.23.176:3128 tcp
BR 201.8.253.163:3128 tcp
MY 60.53.62.167:3128 tcp
IN 59.88.122.174:3128 tcp
CN 117.90.246.233:3128 tcp
FI 80.221.18.54:3128 tcp
CN 60.171.106.111:3128 tcp
IN 59.99.28.7:3128 tcp
HU 84.3.202.190:3128 tcp
IL 77.126.58.197:3128 tcp
CN 59.52.50.34:3128 tcp
CN 121.32.214.179:3128 tcp
AR 190.50.52.154:3128 tcp
KZ 91.201.216.105:3128 tcp
BR 200.201.40.243:3128 tcp
CN 60.24.70.67:3128 tcp
IN 59.88.122.174:3128 tcp
AR 190.51.96.29:3128 tcp
DE 89.46.1.27:3128 tcp
GR 87.203.60.85:3128 tcp
CN 121.46.24.238:3128 tcp
BR 201.67.236.179:3128 tcp
RO 89.137.144.142:3128 tcp
CN 124.166.189.183:3128 tcp
IN 210.212.90.181:3128 tcp
CN 117.11.89.102:3128 tcp
BR 201.13.51.141:3128 tcp
AR 190.137.219.163:3128 tcp
CN 211.144.95.136:3128 tcp
RO 89.38.59.64:3128 tcp
CN 211.144.95.136:3128 tcp
CN 125.93.151.58:3128 tcp
ES 81.172.32.126:3128 tcp
AR 190.137.219.163:3128 tcp
PL 77.252.60.46:3128 tcp
BR 201.8.241.196:3128 tcp
TH 124.121.252.207:3128 tcp
NO 84.208.134.40:3128 tcp
TH 125.24.49.55:3128 tcp
CN 222.245.157.13:3128 tcp
IL 77.127.2.242:3128 tcp
TH 58.9.79.150:3128 tcp
TH 61.90.64.97:3128 tcp
CO 190.26.131.125:3128 tcp
CN 211.144.95.136:3128 tcp
BR 189.35.10.225:3128 tcp
TH 61.90.64.97:3128 tcp
HU 89.133.129.14:3128 tcp
UY 190.135.20.95:3128 tcp
UY 190.135.20.95:3128 tcp

Files

memory/2092-0-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2092-1-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-04 13:50

Reported

2024-03-04 13:53

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe"

Signatures

Modifies firewall policy service

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsAPI32 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b2492bdc843d49836c7e0fa80254293d.exe" C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DNS C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe

"C:\Users\Admin\AppData\Local\Temp\b2492bdc843d49836c7e0fa80254293d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
BR 201.80.228.201:3128 tcp
LV 87.110.133.123:3128 tcp
AR 190.137.219.163:3128 tcp
IL 77.125.158.46:3128 tcp
BR 200.185.238.109:3128 tcp
US 69.117.247.1:3128 tcp
CZ 86.49.32.40:3128 tcp
CN 121.46.24.238:3128 tcp
BR 189.25.20.129:3128 tcp
BR 201.92.217.149:3128 tcp
CO 201.232.59.50:3128 tcp
BR 189.62.121.237:3128 tcp
IN 122.160.77.177:3128 tcp
BR 189.122.43.230:3128 tcp
IN 59.94.107.21:3128 tcp
CN 218.61.224.130:3128 tcp
BR 189.35.10.225:3128 tcp
CN 222.218.225.102:3128 tcp
HK 116.206.27.55:3128 tcp
IN 59.99.4.217:3128 tcp
IL 84.110.190.75:3128 tcp
BE 78.20.131.4:3128 tcp
IN 117.196.3.126:3128 tcp
BR 200.141.173.8:3128 tcp
BR 189.95.148.5:3128 tcp
KZ 89.35.255.127:3128 tcp
CO 190.26.58.217:3128 tcp
BR 189.106.67.90:3128 tcp
AR 190.50.230.224:3128 tcp
PT 81.84.31.234:3128 tcp
MY 60.48.65.77:3128 tcp
TH 58.8.177.209:3128 tcp
CN 222.218.225.102:3128 tcp
AR 201.255.143.106:3128 tcp
IN 59.99.4.217:3128 tcp
DE 62.141.37.122:3128 tcp
BR 189.25.172.14:3128 tcp
CN 117.45.50.230:3128 tcp
BR 200.219.70.137:3128 tcp
IN 117.198.227.207:3128 tcp
ES 81.172.32.126:3128 tcp
IL 84.110.190.75:3128 tcp
AR 201.253.164.77:3128 tcp
AR 201.255.98.242:3128 tcp
BR 189.106.160.108:3128 tcp
IT 79.18.73.101:3128 tcp
IN 59.99.4.217:3128 tcp
MX 200.39.115.7:3128 tcp
CN 219.153.228.143:3128 tcp
AR 190.50.123.188:3128 tcp
CN 121.46.25.219:3128 tcp
IN 59.92.192.150:3128 tcp
BR 189.95.61.107:3128 tcp
AR 190.50.230.224:3128 tcp
CN 219.137.80.4:3128 tcp
PL 77.252.60.46:3128 tcp
UY 190.135.20.95:3128 tcp
TH 58.8.177.209:3128 tcp
BE 78.20.131.4:3128 tcp
BE 62.88.12.134:3128 tcp
NO 84.212.77.38:3128 tcp
CL 190.95.25.160:3128 tcp
HU 82.144.189.166:3128 tcp
CN 218.61.224.130:3128 tcp
BR 189.4.214.96:3128 tcp
NO 84.212.77.38:3128 tcp
IL 79.180.9.125:3128 tcp
BR 189.62.121.237:3128 tcp
HK 116.206.27.55:3128 tcp
IN 122.169.2.33:3128 tcp
CR 201.194.214.247:3128 tcp
TH 58.9.97.97:3128 tcp
CN 119.131.44.46:3128 tcp
IN 59.99.28.5:3128 tcp
TH 58.9.79.150:3128 tcp
CO 190.159.112.219:3128 tcp
BR 200.141.173.8:3128 tcp
BR 189.71.161.6:3128 tcp
TH 61.90.64.97:3128 tcp
BR 200.149.45.116:3128 tcp
CN 124.114.155.118:3128 tcp
FI 80.221.18.54:3128 tcp
CN 124.227.87.84:3128 tcp
CN 58.25.97.26:3128 tcp
IL 79.180.9.125:3128 tcp
TH 58.8.178.19:3128 tcp
IT 79.18.73.101:3128 tcp
CO 190.26.131.125:3128 tcp
IN 60.243.174.11:3128 tcp
BR 189.74.151.70:3128 tcp
IT 79.18.73.101:3128 tcp
N/A 224.0.0.251:5353 udp
BR 201.13.51.141:3128 tcp
GR 62.38.55.146:3128 tcp
PT 81.84.31.234:3128 tcp
FR 86.76.203.124:3128 tcp
CN 59.52.22.242:3128 tcp
BR 189.25.68.233:3128 tcp
BR 201.39.79.228:3128 tcp
CZ 86.49.32.40:3128 tcp
IN 117.201.81.83:3128 tcp
RO 85.122.13.20:3128 tcp
BR 189.95.118.79:3128 tcp
CN 61.185.8.49:3128 tcp
IN 59.99.28.5:3128 tcp
BR 200.155.46.233:3128 tcp
BR 201.0.145.169:3128 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
CN 218.19.177.60:3128 tcp
DE 78.53.11.247:3128 tcp
BR 189.25.172.14:3128 tcp
IL 84.110.190.75:3128 tcp
GR 87.203.60.85:3128 tcp
LT 78.59.46.64:3128 tcp
CN 59.52.22.242:3128 tcp
AR 201.255.143.106:3128 tcp
HU 84.2.147.165:3128 tcp
GR 87.203.60.85:3128 tcp
BR 189.18.119.153:3128 tcp
HU 84.3.202.190:3128 tcp
BR 200.155.46.233:3128 tcp
HU 91.146.176.224:3128 tcp
RO 85.122.13.20:3128 tcp
NL 83.84.25.125:3128 tcp
CN 125.73.255.135:3128 tcp
IN 59.99.28.7:3128 tcp
BR 200.210.219.236:3128 tcp
IN 59.98.152.33:3128 tcp
HK 116.206.27.55:3128 tcp
BE 62.88.12.134:3128 tcp
BR 189.123.58.43:3128 tcp
IT 79.18.73.101:3128 tcp
BR 201.80.228.201:3128 tcp
CN 117.91.23.176:3128 tcp
BR 189.23.49.193:3128 tcp
CA 24.226.247.192:3128 tcp
BR 189.31.139.247:3128 tcp
RO 78.96.115.54:3128 tcp
CO 190.157.228.126:3128 tcp
BR 201.8.253.163:3128 tcp
BR 189.123.58.43:3128 tcp
PL 62.87.214.127:3128 tcp
AR 200.127.16.54:3128 tcp
IN 122.169.2.33:3128 tcp
BR 200.103.197.106:3128 tcp
RO 85.122.13.20:3128 tcp
FI 80.221.18.54:3128 tcp
TH 124.121.252.207:3128 tcp
CL 190.160.218.6:3128 tcp
BR 200.100.195.3:3128 tcp
IL 77.127.2.242:3128 tcp
CN 219.137.80.4:3128 tcp
BR 201.1.47.54:3128 tcp
CN 117.90.220.127:3128 tcp
ES 81.172.32.126:3128 tcp
BR 189.106.67.90:3128 tcp
CO 190.26.58.217:3128 tcp
IN 117.198.227.207:3128 tcp
AR 190.50.52.154:3128 tcp
FR 86.76.203.124:3128 tcp
IT 79.18.73.101:3128 tcp
IN 59.88.122.174:3128 tcp
TH 58.8.177.209:3128 tcp
AR 190.226.23.3:3128 tcp
MY 60.53.62.167:3128 tcp
BR 189.106.67.90:3128 tcp
BE 62.88.12.134:3128 tcp
BR 201.19.23.62:3128 tcp
TH 124.120.20.61:3128 tcp
CO 200.116.180.125:3128 tcp
IN 210.212.90.181:3128 tcp
BR 189.92.132.236:3128 tcp
CL 190.160.218.6:3128 tcp
IL 77.126.58.197:3128 tcp
CO 190.159.112.219:3128 tcp
BR 189.117.164.14:3128 tcp
CN 121.41.212.189:3128 tcp
IN 116.72.70.166:3128 tcp
TH 58.8.177.209:3128 tcp
RO 86.120.75.28:3128 tcp
BR 200.149.45.116:3128 tcp
BR 201.34.161.218:3128 tcp
HU 85.66.106.68:3128 tcp
VE 190.77.156.148:3128 tcp
CN 124.227.143.70:3128 tcp
CA 24.226.247.192:3128 tcp
CN 117.90.223.246:3128 tcp
KZ 89.35.255.127:3128 tcp
BR 200.185.238.109:3128 tcp
KZ 91.201.216.105:3128 tcp
CN 58.50.209.36:3128 tcp
BG 212.233.212.92:3128 tcp
KZ 91.201.216.105:3128 tcp
HK 116.206.27.55:3128 tcp
BR 189.51.154.126:3128 tcp
IN 59.90.147.73:3128 tcp
CN 117.90.220.127:3128 tcp
US 69.117.247.1:3128 tcp
CO 190.182.63.41:3128 tcp
BR 189.62.121.237:3128 tcp
BR 200.97.187.249:3128 tcp
AR 200.127.16.54:3128 tcp
AR 190.49.27.17:3128 tcp
UY 190.135.17.1:3128 tcp
BR 200.219.71.158:3128 tcp
BR 200.141.173.8:3128 tcp
TH 58.8.172.233:3128 tcp
BR 189.106.160.108:3128 tcp
BR 189.71.161.6:3128 tcp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
BR 201.13.51.141:3128 tcp
BR 201.82.133.121:3128 tcp
US 69.117.247.1:3128 tcp
TH 58.8.178.19:3128 tcp
BR 189.95.82.16:3128 tcp
IN 122.169.5.193:3128 tcp
BR 189.92.138.124:3128 tcp
BR 201.0.145.169:3128 tcp
BR 189.49.177.48:3128 tcp
AR 190.226.23.3:3128 tcp
LV 87.110.133.123:3128 tcp
CO 190.26.131.125:3128 tcp
BR 201.8.253.163:3128 tcp
CN 117.90.246.233:3128 tcp
IL 77.125.146.96:3128 tcp
IN 122.169.2.33:3128 tcp
AR 200.115.218.115:3128 tcp
IN 117.196.3.126:3128 tcp
CL 190.160.52.49:3128 tcp
US 69.117.247.1:3128 tcp
CN 117.92.184.174:3128 tcp
BR 201.34.161.218:3128 tcp
IL 77.125.146.96:3128 tcp
CO 190.7.134.139:3128 tcp
CN 117.45.50.230:3128 tcp
NL 217.120.10.139:3128 tcp
BR 189.92.132.235:3128 tcp
DE 82.115.27.83:3128 tcp
GR 62.38.55.146:3128 tcp
BR 189.43.136.13:3128 tcp
MY 60.48.65.77:3128 tcp
HU 82.144.185.193:3128 tcp
RO 89.137.144.142:3128 tcp
HU 82.144.174.21:3128 tcp
CN 124.166.189.183:3128 tcp
RO 86.121.161.149:3128 tcp
BR 189.106.61.103:3128 tcp
GR 62.38.55.146:3128 tcp
BR 201.1.47.54:3128 tcp
IN 122.160.77.177:3128 tcp
KZ 91.201.216.105:3128 tcp
BR 201.39.79.228:3128 tcp
BR 189.92.132.236:3128 tcp
CN 211.144.95.136:3128 tcp
AR 201.255.98.242:3128 tcp
CN 117.90.223.246:3128 tcp
BR 200.201.40.243:3128 tcp
HU 82.144.174.21:3128 tcp
IN 122.160.77.177:3128 tcp
BR 201.46.245.144:3128 tcp
MK 77.29.11.76:3128 tcp
IN 59.99.28.5:3128 tcp
DE 78.53.11.247:3128 tcp
FR 86.76.203.124:3128 tcp
CO 190.158.57.101:3128 tcp
BR 201.13.51.141:3128 tcp
HU 80.98.132.147:3128 tcp
CN 124.227.143.70:3128 tcp
CN 116.17.70.240:3128 tcp
RO 85.122.13.20:3128 tcp
IN 117.196.3.126:3128 tcp
BR 201.1.47.54:3128 tcp
CN 121.32.214.179:3128 tcp
AR 201.254.73.62:3128 tcp
BR 189.71.161.6:3128 tcp
GR 62.38.55.146:3128 tcp
CN 116.17.70.240:3128 tcp
GR 62.38.55.146:3128 tcp
IL 77.125.158.46:3128 tcp
IL 79.180.9.125:3128 tcp
AR 201.251.230.52:3128 tcp
AR 190.50.230.224:3128 tcp
CO 190.25.120.223:3128 tcp
CN 60.212.194.120:3128 tcp
BR 189.74.151.70:3128 tcp
CN 117.11.89.102:3128 tcp
AR 201.253.174.235:3128 tcp
TH 125.24.49.55:3128 tcp
IL 77.127.2.242:3128 tcp
BR 201.95.200.32:3128 tcp
AR 190.226.122.69:3128 tcp
IN 59.99.4.217:3128 tcp
CN 58.25.97.26:3128 tcp
RO 89.38.59.64:3128 tcp
CO 190.182.63.41:3128 tcp
CL 190.160.52.49:3128 tcp
AR 190.50.207.75:3128 tcp
AR 190.137.95.177:3128 tcp
CN 219.153.228.143:3128 tcp
CN 124.227.143.70:3128 tcp
CN 121.231.63.0:3128 tcp
BR 201.92.217.149:3128 tcp
BR 201.94.178.179:3128 tcp
PT 82.155.30.212:3128 tcp
CZ 89.102.34.119:3128 tcp
CO 190.182.63.41:3128 tcp
RO 85.122.13.20:3128 tcp
BE 62.88.15.66:3128 tcp
CN 121.46.25.219:3128 tcp
AR 201.251.230.52:3128 tcp
BE 78.20.131.4:3128 tcp
HU 89.133.129.14:3128 tcp
HU 89.133.0.109:3128 tcp
NL 217.120.129.70:3128 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
CO 200.116.180.125:3128 tcp
CN 59.52.22.242:3128 tcp
TH 124.120.20.61:3128 tcp

Files

memory/2804-0-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2804-1-0x0000000000400000-0x000000000040E000-memory.dmp

memory/2804-3-0x0000000000400000-0x000000000040E000-memory.dmp