Malware Analysis Report

2025-01-22 12:52

Sample ID 240520-q6gbgacg94
Target Beatware Internal v1.8.exe
SHA256 09056146a9fc630956948e30d8d9c58272a887fa0c4fc3e839cf21ab740f1a8e
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

09056146a9fc630956948e30d8d9c58272a887fa0c4fc3e839cf21ab740f1a8e

Threat Level: Shows suspicious behavior

The file Beatware Internal v1.8.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

VMProtect packed file

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Unsigned PE

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-20 13:52

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 13:52

Reported

2024-05-21 00:51

Platform

win10v2004-20240226-de

Max time kernel

1795s

Max time network

1804s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{72633604-4B8D-4E0B-AFAE-F34A1ED93294} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3192 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 4160 wrote to memory of 4120 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 4160 wrote to memory of 4120 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 4160 wrote to memory of 3484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4160 wrote to memory of 3484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4160 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4160 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 3192 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3192 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3192 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3192 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 1308 wrote to memory of 1152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1308 wrote to memory of 1152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1308 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1308 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe

"C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beatware.xyz/discord

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=760 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5160 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5736 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5652 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=de --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5076 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=de --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5952 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=de --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5264 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=2280,i,12495260388534045372,17604500157273288941,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c start cmd /C color b && title Error && echo check_section_integrity() failed, don't tamper with the program. && timeout /t 5

C:\Windows\system32\cmd.exe

cmd /C color b

C:\Windows\system32\timeout.exe

timeout /t 5

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 127.0.0.1:49816 tcp
N/A 127.0.0.1:49818 tcp
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 5.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 beatware.xyz udp
US 8.8.8.8:53 beatware.xyz udp
US 8.8.8.8:53 beatware.xyz udp
US 104.21.71.116:443 beatware.xyz udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 142.250.200.14:443 tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 dsc.gg udp
US 8.8.8.8:53 dsc.gg udp
US 8.8.8.8:53 dsc.gg udp
US 8.8.8.8:53 beatware.xyz udp
US 104.21.7.223:443 dsc.gg udp
US 8.8.8.8:53 116.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 2.18.121.10:443 bzib.nelreports.net tcp
US 8.8.8.8:53 r.dsc.gg udp
US 8.8.8.8:53 r.dsc.gg udp
US 8.8.8.8:53 r.dsc.gg udp
US 104.21.7.223:443 r.dsc.gg udp
NL 2.18.121.10:443 bzib.nelreports.net tcp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 223.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 10.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 discord.gg udp
US 162.159.130.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com udp
US 8.8.8.8:53 234.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
GB 142.250.200.10:443 tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 162.159.135.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 127.0.0.1:6466 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 5.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 153.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 72.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp

Files

memory/3192-0-0x00007FF6035D5000-0x00007FF60393E000-memory.dmp

memory/3192-1-0x00007FF991FB0000-0x00007FF991FB2000-memory.dmp

memory/3192-6-0x00007FF603540000-0x00007FF603EBA000-memory.dmp

memory/3192-7-0x00007FF6035D5000-0x00007FF60393E000-memory.dmp

memory/3192-8-0x00007FF603540000-0x00007FF603EBA000-memory.dmp