Analysis Overview
SHA256
f847eea309a31dc654b4b9d0d834a5d657cfc94822995c47364b3292b4f7371f
Threat Level: Known bad
The file 2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia was found to be: Known bad.
Malicious Activity Summary
GandCrab payload
Gandcrab
Enumerates connected drives
Adds Run key to start application
Program crash
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-24 04:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 04:53
Reported
2024-03-24 04:56
Platform
win7-20240221-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
GandCrab payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gandcrab
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxxkwushvbd = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\lftjgm.exe\"" | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
Enumerates connected drives
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipv4bot.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ransomware.bit | udp |
| US | 8.8.8.8:53 | ns2.wowservers.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | carder.bit | udp |
| US | 8.8.8.8:53 | ns1.wowservers.ru | udp |
Files
memory/2508-0-0x0000000000220000-0x000000000023B000-memory.dmp
memory/2508-1-0x0000000000220000-0x000000000023B000-memory.dmp
memory/2508-2-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2508-3-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2508-5-0x0000000000240000-0x0000000000257000-memory.dmp
memory/2508-12-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2508-13-0x0000000000220000-0x000000000023B000-memory.dmp
memory/2508-15-0x0000000000240000-0x0000000000257000-memory.dmp
memory/2356-18-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2356-19-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2356-20-0x0000000000450000-0x0000000000467000-memory.dmp
memory/2356-23-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1088-26-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1088-27-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1088-31-0x0000000000400000-0x0000000000444000-memory.dmp
memory/768-34-0x0000000000400000-0x0000000000444000-memory.dmp
memory/768-35-0x0000000000400000-0x0000000000444000-memory.dmp
memory/768-37-0x00000000002E0000-0x00000000002F7000-memory.dmp
memory/768-40-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1892-42-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1892-43-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1892-45-0x0000000000270000-0x0000000000287000-memory.dmp
memory/1892-48-0x0000000000400000-0x0000000000444000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-24 04:53
Reported
2024-03-24 04:56
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
GandCrab payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gandcrab
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-24_f28cb34b9fd9b7d8cebf117475a9c5c2_karagany_mafia.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2312 -ip 2312
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 476
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.77.24.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
memory/2312-0-0x00000000005F0000-0x000000000060B000-memory.dmp
memory/2312-1-0x00000000005F0000-0x000000000060B000-memory.dmp
memory/2312-2-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2312-3-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2312-4-0x0000000000640000-0x0000000000657000-memory.dmp
memory/2312-9-0x00000000005F0000-0x000000000060B000-memory.dmp