Analysis Overview
SHA256
5ce97ad436f6aa47546f8f9866d4918d9681c060bd3051c18bb8c3d8850c13c5
Threat Level: Known bad
The file EnigmaSpf.exe was found to be: Known bad.
Malicious Activity Summary
Blankgrabber family
A stealer written in Python and packaged with Pyinstaller
Looks for VirtualBox Guest Additions in registry
Stops running service(s)
UPX packed file
Checks BIOS information in registry
Checks for VirtualBox DLLs, possible anti-VM trick
Launches sc.exe
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 23:02
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 23:02
Reported
2024-06-19 23:10
Platform
win7-20240611-en
Max time kernel
18s
Max time network
79s
Command Line
Signatures
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe
"C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color E
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq floss*" /IM * /F /T >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq floss*" /IM * /F /T
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color 0F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq floss*" /IM * /F /T >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq floss*" /IM * /F /T
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\drivers\etc\antivm2.exe
C:\Windows\System32\drivers\etc\antivm2.exe
C:\Windows\System32\drivers\etc\antivm2.exe
C:\Windows\System32\drivers\etc\antivm2.exe
C:\Windows\System32\drivers\etc\antivm2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49191 | tcp | |
| N/A | 127.0.0.1:49193 | tcp | |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 172.67.72.57:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 172.67.72.57:443 | keyauth.win | tcp |
Files
memory/2552-0-0x0000000077790000-0x0000000077791000-memory.dmp
\Windows\System32\drivers\etc\antivm2.exe
| MD5 | f0c8dc0a4a0157fbfce0a7105cd195f0 |
| SHA1 | 7244766403863fa1387ca42ad79932fb2dc16d80 |
| SHA256 | c9cdffbbcc3efe9527c13da931ee3a0fdc3c7e73b632b3046e7556653ea2ca81 |
| SHA512 | 77fd135913e9911b3ee8c13ed470aa493d3e903220584035d286d0f97f4b740fdda7ed94070bedcc8fdecc30fa20117ba8fb12a62b6ac6f30b1f2ad025505107 |
C:\Users\Admin\AppData\Local\Temp\_MEI19682\ucrtbase.dll
| MD5 | 0e0bac3d1dcc1833eae4e3e4cf83c4ef |
| SHA1 | 4189f4459c54e69c6d3155a82524bda7549a75a6 |
| SHA256 | 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae |
| SHA512 | a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd |
C:\Users\Admin\AppData\Local\Temp\_MEI19682\python312.dll
| MD5 | 18677d48ba556e529b73d6e60afaf812 |
| SHA1 | 68f93ed1e3425432ac639a8f0911c144f1d4c986 |
| SHA256 | 8e2c03e1ee5068c16e61d3037a10371f2e9613221a165150008bef04474a8af8 |
| SHA512 | a843ab3a180684c4f5cae0240da19291e7ed9ae675c9356334386397561c527ab728d73767459350fa67624f389411d03665f69637c5f5c268011d1b103d0b02 |
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfffa7117fd9b1622c66d949bac3f1d7 |
| SHA1 | 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2 |
| SHA256 | 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e |
| SHA512 | b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f |
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | d12403ee11359259ba2b0706e5e5111c |
| SHA1 | 03cc7827a30fd1dee38665c0cc993b4b533ac138 |
| SHA256 | f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781 |
| SHA512 | 9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0 |
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l1-2-0.dll
| MD5 | 1c58526d681efe507deb8f1935c75487 |
| SHA1 | 0e6d328faf3563f2aae029bc5f2272fb7a742672 |
| SHA256 | ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2 |
| SHA512 | 8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1 |
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 517eb9e2cb671ae49f99173d7f7ce43f |
| SHA1 | 4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab |
| SHA256 | 57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54 |
| SHA512 | 492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be |
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 724223109e49cb01d61d63a8be926b8f |
| SHA1 | 072a4d01e01dbbab7281d9bd3add76f9a3c8b23b |
| SHA256 | 4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210 |
| SHA512 | 19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c |
memory/1952-81-0x000007FEF5B70000-0x000007FEF6234000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 23:02
Reported
2024-06-19 23:11
Platform
win10v2004-20240611-en
Max time kernel
140s
Max time network
123s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2064 wrote to memory of 3564 | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | C:\Windows\system32\cmd.exe |
| PID 2064 wrote to memory of 3564 | N/A | C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe | C:\Windows\system32\cmd.exe |
| PID 3564 wrote to memory of 732 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\certutil.exe |
| PID 3564 wrote to memory of 732 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\certutil.exe |
| PID 3564 wrote to memory of 1012 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\find.exe |
| PID 3564 wrote to memory of 1012 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\find.exe |
| PID 3564 wrote to memory of 876 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\find.exe |
| PID 3564 wrote to memory of 876 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\find.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe
"C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\EnigmaSpf.exe" MD5
C:\Windows\system32\find.exe
find /i /v "md5"
C:\Windows\system32\find.exe
find /i /v "certutil"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 172.67.72.57:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:51196 | tcp | |
| N/A | 127.0.0.1:51198 | tcp | |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 57.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/2064-0-0x00007FFB4F1B0000-0x00007FFB4F1B1000-memory.dmp