Analysis Overview
SHA256
b7d91f0e15cf0258fc857699171b6627337d511ecca9ab22adf668e0918eec50
Threat Level: Known bad
The file b7d91f0e15cf0258fc857699171b6627337d511ecca9ab22adf668e0918eec50 was found to be: Known bad.
Malicious Activity Summary
Detects PlugX payload
PlugX
Unexpected DNS network traffic destination
Deletes itself
Executes dropped EXE
Loads dropped DLL
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-10 13:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-10 13:48
Reported
2024-04-10 13:51
Platform
win7-20240221-en
Max time kernel
157s
Max time network
166s
Command Line
Signatures
Detects PlugX payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PlugX
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 123.111.231.1 | N/A | N/A |
| Destination IP | 114.114.114.114 | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\FAST | C:\Windows\system32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\FAST\CLSID = 37004500440030003700340037004200430033003100320038003900310033000000 | C:\Windows\system32\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe
"C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe"
C:\ProgramData\Bitdefender\USOPrivate.exe
"C:\ProgramData\Bitdefender\USOPrivate.exe" 100 1636
C:\ProgramData\Bitdefender\USOPrivate.exe
"C:\ProgramData\Bitdefender\USOPrivate.exe" 200 0
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe 201 0
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe 209 2652
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.255.255:53 | udp | |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| KR | 123.111.231.1:53 | caonimade.11i.me | udp |
| US | 8.8.4.4:53 | caonimade.11i.me | udp |
| CN | 114.114.114.114:53 | caonimade.11i.me | udp |
Files
memory/1636-1-0x0000000001C10000-0x0000000001D10000-memory.dmp
memory/1636-0-0x0000000076F70000-0x0000000076F71000-memory.dmp
memory/1636-3-0x0000000000160000-0x000000000019A000-memory.dmp
\ProgramData\Bitdefender\USOPrivate.exe
| MD5 | 10866465a9b0c56af2cd093b80cdbc9f |
| SHA1 | fc77be3e68a79b597ffed1b307d1b447787e7995 |
| SHA256 | 9831526e475a4ed0d149bec15f69193a48249c3cda1ddb2f2140292afd862cfa |
| SHA512 | 975c0c3abe71d29a1391bc9a258df9560466f40764ff6dd8b06db5234d45a6c12f27c77bd26409fda051de598cdc0087afd847e46818553c5ed3eff53cfe2091 |
C:\ProgramData\Bitdefender\log.dll
| MD5 | 03797703f999e8e5029edbee30446ed2 |
| SHA1 | 272c7b26c3dabfbbdb9150f2e041e228f9692efb |
| SHA256 | eb9ffe12dff87a143ea188fc6c16f2b3f44e43c2ae20506c4a69c23c3c74e6c2 |
| SHA512 | b4622a56e0576bb736e74ee5d1f20574a81cd9c55eac9ae64f4f4d3bd61baefaa3128b902c17b019280357687121e6ddd95de7a24f5bdfff0f4c213fbf70d1a7 |
C:\ProgramData\Bitdefender\USOPrivate.dat
| MD5 | 2f1466d3d0aa472ea9bfadf077188cc6 |
| SHA1 | 6f9e0b8beb971d9ceb5b72c21c9b70fdb60d7e7a |
| SHA256 | 08d1bc104c618d7237071005641413215224c7f81eff86911619b6b99e23a28c |
| SHA512 | 721d8964a70e387057acc4e2b826c0c8cea33fd2e0919b8caecc17ba9b59d0ec2c9966b8377bd429647e843e91e229225514fed87b8ed5272ea842a2cc5892ad |
memory/2648-21-0x0000000076F70000-0x0000000076F71000-memory.dmp
memory/2648-24-0x0000000000470000-0x00000000004AA000-memory.dmp
memory/2700-28-0x0000000000290000-0x00000000002CA000-memory.dmp
memory/2652-36-0x00000000000B0000-0x00000000000B2000-memory.dmp
memory/2652-38-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2652-34-0x0000000000080000-0x00000000000A5000-memory.dmp
memory/2652-30-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2652-39-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-42-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-43-0x0000000000290000-0x00000000002CA000-memory.dmp
memory/2700-41-0x0000000000290000-0x00000000002CA000-memory.dmp
memory/2652-56-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-57-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-58-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-55-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-54-0x0000000000060000-0x0000000000061000-memory.dmp
memory/1636-51-0x0000000000160000-0x000000000019A000-memory.dmp
memory/2652-59-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2652-60-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2648-64-0x0000000000470000-0x00000000004AA000-memory.dmp
memory/2688-71-0x0000000000320000-0x000000000035A000-memory.dmp
memory/2688-73-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2688-74-0x0000000000320000-0x000000000035A000-memory.dmp
memory/2688-75-0x0000000000320000-0x000000000035A000-memory.dmp
memory/2688-76-0x0000000000320000-0x000000000035A000-memory.dmp
memory/2652-77-0x0000000000510000-0x000000000054A000-memory.dmp
memory/2688-78-0x0000000000320000-0x000000000035A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-10 13:48
Reported
2024-04-10 13:51
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects PlugX payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PlugX
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| N/A | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\FAST | C:\Windows\system32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\FAST\CLSID = 38003600420030004300320045004400300044004500390033003300420046000000 | C:\Windows\system32\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\ProgramData\Bitdefender\USOPrivate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe
"C:\Users\Admin\AppData\Local\Temp\Bitdefender\USOPrivate.exe"
C:\ProgramData\Bitdefender\USOPrivate.exe
"C:\ProgramData\Bitdefender\USOPrivate.exe" 100 2364
C:\ProgramData\Bitdefender\USOPrivate.exe
"C:\ProgramData\Bitdefender\USOPrivate.exe" 200 0
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe 201 0
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe 209 4852
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| N/A | 10.127.255.255:53 | udp | |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
| US | 8.8.8.8:53 | caonimade.11i.me | udp |
Files
memory/2364-0-0x00007FFF07230000-0x00007FFF07231000-memory.dmp
memory/2364-1-0x000001C801B60000-0x000001C801C60000-memory.dmp
memory/2364-2-0x000001C801AD0000-0x000001C801B0A000-memory.dmp
memory/2364-3-0x000001C801AD0000-0x000001C801B0A000-memory.dmp
C:\ProgramData\Bitdefender\USOPrivate.exe
| MD5 | 10866465a9b0c56af2cd093b80cdbc9f |
| SHA1 | fc77be3e68a79b597ffed1b307d1b447787e7995 |
| SHA256 | 9831526e475a4ed0d149bec15f69193a48249c3cda1ddb2f2140292afd862cfa |
| SHA512 | 975c0c3abe71d29a1391bc9a258df9560466f40764ff6dd8b06db5234d45a6c12f27c77bd26409fda051de598cdc0087afd847e46818553c5ed3eff53cfe2091 |
C:\ProgramData\Bitdefender\log.dll
| MD5 | 03797703f999e8e5029edbee30446ed2 |
| SHA1 | 272c7b26c3dabfbbdb9150f2e041e228f9692efb |
| SHA256 | eb9ffe12dff87a143ea188fc6c16f2b3f44e43c2ae20506c4a69c23c3c74e6c2 |
| SHA512 | b4622a56e0576bb736e74ee5d1f20574a81cd9c55eac9ae64f4f4d3bd61baefaa3128b902c17b019280357687121e6ddd95de7a24f5bdfff0f4c213fbf70d1a7 |
memory/1268-19-0x00007FFF07230000-0x00007FFF07231000-memory.dmp
C:\ProgramData\Bitdefender\USOPrivate.dat
| MD5 | 2f1466d3d0aa472ea9bfadf077188cc6 |
| SHA1 | 6f9e0b8beb971d9ceb5b72c21c9b70fdb60d7e7a |
| SHA256 | 08d1bc104c618d7237071005641413215224c7f81eff86911619b6b99e23a28c |
| SHA512 | 721d8964a70e387057acc4e2b826c0c8cea33fd2e0919b8caecc17ba9b59d0ec2c9966b8377bd429647e843e91e229225514fed87b8ed5272ea842a2cc5892ad |
memory/1268-22-0x0000020D3ACF0000-0x0000020D3AD2A000-memory.dmp
memory/4936-27-0x0000020500600000-0x000002050063A000-memory.dmp
memory/4852-28-0x000002EF4D0B0000-0x000002EF4D0B1000-memory.dmp
memory/4852-30-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-32-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4936-34-0x0000020500600000-0x000002050063A000-memory.dmp
memory/2364-39-0x000001C801AD0000-0x000001C801B0A000-memory.dmp
memory/4852-44-0x000002EF4D0B0000-0x000002EF4D0B1000-memory.dmp
memory/4852-45-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-46-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-47-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-48-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-49-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-50-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/4852-53-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/1268-54-0x0000020D3ACF0000-0x0000020D3AD2A000-memory.dmp
memory/3556-56-0x000001C776530000-0x000001C77656A000-memory.dmp
memory/3556-58-0x000001C7764C0000-0x000001C7764C1000-memory.dmp
memory/3556-60-0x000001C776530000-0x000001C77656A000-memory.dmp
memory/3556-59-0x000001C776530000-0x000001C77656A000-memory.dmp
memory/3556-62-0x000001C776530000-0x000001C77656A000-memory.dmp
memory/3556-61-0x000001C776530000-0x000001C77656A000-memory.dmp
memory/4852-63-0x000002EF4D470000-0x000002EF4D4AA000-memory.dmp
memory/3556-64-0x000001C776530000-0x000001C77656A000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-10 13:48
Reported
2024-04-10 13:51
Platform
win7-20240221-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bitdefender\log.dll,#1
Network
Files
memory/2300-0-0x00000000771A0000-0x00000000771A1000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-10 13:48
Reported
2024-04-10 13:51
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
160s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bitdefender\log.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/4840-0-0x00007FFA86A80000-0x00007FFA86A81000-memory.dmp