Malware Analysis Report

2025-08-05 17:36

Sample ID 241117-sljxza1rg1
Target Final.7z
SHA256 f33ddb2defd451bf77cc1ddd762e57f2a770a18035ecf6d9fb4dc6af10e04de6
Tags
discovery evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f33ddb2defd451bf77cc1ddd762e57f2a770a18035ecf6d9fb4dc6af10e04de6

Threat Level: Known bad

The file Final.7z was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence

Modifies visibility of file extensions in Explorer

Modifies visiblity of hidden/system files in Explorer

Disables taskbar notifications via registry modification

Event Triggered Execution: Image File Execution Options Injection

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 15:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 15:12

Reported

2024-11-17 15:14

Platform

win10ltsc2021-20241023-en

Max time kernel

91s

Max time network

71s

Command Line

"C:\Users\Admin\AppData\Local\Temp\crak\KeyAuthEmulator.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Disables taskbar notifications via registry modification

evasion

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GPU Priority = "8" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuMaxPerformance = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\DisableRenderingPreemption = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Affinity = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MinPerformance = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuBackgoundTaskPriority = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuClockSpeed = "65536" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Throttle Rate = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\DisableRenderingContextPreemption = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerSavingVsyncOn = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UnlimitedPerformance = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriorityForBackgoundTask = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuMax = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuTempData = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\TVSupportEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingOverTargetPriority = "80" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriority = "3" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableLatencyTimer = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IOPriorityClass = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SleepStudyDeviceAccountingLevel = "4" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableRenderingSlowDown = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IsLowPriority = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuUtilization = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\LatencyPerformance = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PerformancePriority = "8" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuThreadCount = "8" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MinimumPerformanceEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuStutter = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableRenderingCache = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuSlowDown = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuIdleEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingStutterEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingClockSpeed = "65536" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderThrottlingOff = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuPriority = "42" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuPrioritySeperation = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Priority = "6" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UseReferenceRasterizer = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuPowerControl = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RMHdcpKeyGlobZero = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\LatencySpread = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuCashing = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MaximumPerformanceEnabled = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PerformanceSpread = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuIdleLatencyEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerThrottlingOff = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\WatchdogSleepTimeout = "300" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuSpeed = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuSpread = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriority = "8" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IsRenderingLowPriority = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SmoothStutterEnabled = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UseBestResolution = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuThrottleRate = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnablePowerSlowDown = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerSavingBackgoundTaskEnabled = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuThrottleRate = "65536" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\BootmgrUserInputTime = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingSpread = "0" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingBasePriority = "130" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SpeedMode = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SpreadPriority = "1" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuAccelerating = "256" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server = "10" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer = "10" C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\crak\KeyAuthEmulator.exe

"C:\Users\Admin\AppData\Local\Temp\crak\KeyAuthEmulator.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp

Files

memory/772-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

memory/772-1-0x0000000000C90000-0x0000000000D8C000-memory.dmp

memory/772-2-0x0000000007CD0000-0x0000000007E56000-memory.dmp

memory/772-3-0x000000000B550000-0x000000000BAF6000-memory.dmp

memory/772-4-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-5-0x000000000B120000-0x000000000B1B2000-memory.dmp

memory/772-6-0x00000000017B0000-0x00000000017C2000-memory.dmp

memory/772-7-0x0000000005820000-0x000000000582A000-memory.dmp

memory/772-8-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-9-0x00000000095C0000-0x0000000009672000-memory.dmp

memory/772-10-0x0000000009980000-0x00000000099A2000-memory.dmp

memory/772-11-0x00000000099B0000-0x0000000009D07000-memory.dmp

memory/772-13-0x0000000009D70000-0x0000000009DAC000-memory.dmp

memory/772-14-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

memory/772-15-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-16-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-18-0x000000000A820000-0x000000000AA34000-memory.dmp

memory/772-19-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-20-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-21-0x0000000074D50000-0x0000000075501000-memory.dmp

memory/772-22-0x0000000074D50000-0x0000000075501000-memory.dmp