Malware Analysis Report

2024-11-16 13:06

Sample ID 240319-t68x9sgf77
Target silence.rar
SHA256 8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8cd446387f47cd667943aba6e1e636c36fe07fb2dbc0990201fb3552ca8077e4

Threat Level: Known bad

The file silence.rar was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discordrat family

Discord RAT

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-19 16:41

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-19 16:41

Reported

2024-03-19 16:44

Platform

win10v2004-20240226-en

Max time kernel

78s

Max time network

86s

Command Line

"C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3288 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE
PID 3288 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE
PID 3288 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE
PID 3288 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE
PID 3784 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE C:\Windows\system32\cmd.exe
PID 3784 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE C:\Windows\system32\cmd.exe
PID 3552 wrote to memory of 5108 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 3552 wrote to memory of 5108 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 3552 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 3552 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 3552 wrote to memory of 2836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 3552 wrote to memory of 2836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe

Processes

C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe

"C:\Users\Admin\AppData\Local\Temp\silence\silence-workspace.exe"

C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE

"C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE"

C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE

"C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 29.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 8.8.8.8:53 keyauth.win udp
US 104.26.1.5:443 keyauth.win tcp
US 8.8.8.8:53 5.1.26.104.in-addr.arpa udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
N/A 127.0.0.1:49823 tcp
N/A 127.0.0.1:49825 tcp
US 8.8.8.8:53 x2.c.lencr.org udp
DE 69.192.161.44:80 x2.c.lencr.org tcp
US 104.26.1.5:443 keyauth.win tcp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 44.161.192.69.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
N/A 127.0.0.1:49835 tcp
N/A 127.0.0.1:49837 tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 geolocation-db.com udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 162.159.137.232:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\CLIENT-BUILT.EXE

MD5 6f9c42f940f854243a2f445c8cb750ec
SHA1 aeed75218753dd1f184cc55ebbe8a1a80e5a59f3
SHA256 15fbe5942c60d92081fa93d5444a7abb355dc917c9ea3a44585d5a4b4219e91a
SHA512 612bfac0a8a079a67e361e87ac6eaf9c9cc5a4940b5dd74ecb6c61e2811707b2e60e60ee70102622c0bb222b01a3aced82853d130d2f07075e8d629e33bb8cb2

memory/2124-15-0x00000171955F0000-0x0000017195608000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE

MD5 99cd7ad997482bbb4608e22d6c1f8ce5
SHA1 870166172f7800ea652e44571b13cab43525f1e8
SHA256 f48ffcc29c01795b6a73a4d479fed81a0666acc9b18219f72a2ebec68c62d296
SHA512 f2d9c1b682a353e7826db9416354aa8c3911367f392e88e80c11f7704dc7e1614853f7076268bf9cd68472b8af737251964514934fec20915a99be586b378367

C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE

MD5 ac53e8b4fb2c02462158044a81f25213
SHA1 094fdb0b46f67e9b781ed49f2dc7562156eae92c
SHA256 cf26448737c8365bff5f9e0433ee9d1cf6aaab965b69342f325bed0e665dc8cd
SHA512 eb65c2cef8979b16abaf87303c8393a7e6601a6fd312e0bb50d32d08322e7a46bb7f394c1728b9d67a5c8456b22f0eb5fd4fae6fd720913ba89bf926709fb23a

memory/2124-19-0x00000171AFBD0000-0x00000171AFD92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\SILENCE-WORKSPACE.EXE

MD5 8b393057c5c9026495f8efbe7234b1c4
SHA1 21aff93ce1ff29a961ac947cafd75b6994fb5ae8
SHA256 c100648181026be6dbce91beb36b5cd859563c4b0edd8e4a0aa5d60829467b30
SHA512 57504769cff622817a129f4b0d235d2f148a381d588950949f0b0316c71aef46e3d0d17747a50a81a946e73af486962d52f23160fe937c1d6caf8db4b1996952

memory/2124-21-0x00007FFCD4460000-0x00007FFCD4F21000-memory.dmp

memory/2124-22-0x00000171AFB40000-0x00000171AFB50000-memory.dmp

memory/2124-23-0x00000171B0C80000-0x00000171B11A8000-memory.dmp

memory/2124-24-0x00007FFCD4460000-0x00007FFCD4F21000-memory.dmp

memory/2124-25-0x00000171AFB40000-0x00000171AFB50000-memory.dmp

memory/5272-27-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-26-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-28-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-32-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-33-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-34-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-35-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-36-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-37-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

memory/5272-38-0x000001A0B3700000-0x000001A0B3701000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-19 16:41

Reported

2024-03-19 16:45

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

156s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\silence\silence.json

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\silence\silence.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 68.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.250.179.170:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A