Malware Analysis Report

2025-08-11 01:08

Sample ID 240404-qlnvtahe86
Target b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118
SHA256 64a753aeb9f4b178c8b1a8d8385d7eab119d21d7fee0f167ba1b044d0f96caa3
Tags
persistence upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

64a753aeb9f4b178c8b1a8d8385d7eab119d21d7fee0f167ba1b044d0f96caa3

Threat Level: Shows suspicious behavior

The file b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence upx

Loads dropped DLL

UPX packed file

Deletes itself

Executes dropped EXE

Adds Run key to start application

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-04 13:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-04 13:21

Reported

2024-04-04 13:23

Platform

win7-20240221-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\63dcf9addd66ec6a.exe\"" C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\63dcf9addd66ec6a.exe\"" C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\63dcf9addd66ec6a.exe\"" C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\63dcf9addd66ec6a.exe\"" C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe

:*C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe *

C:\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe

a ZZZZZZYZRVG

Network

Country Destination Domain Proto
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:80 microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 readion.deaftone.com udp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 8.8.8.8:53 youhappenes.flnet.org udp
NL 37.48.65.143:4666 youhappenes.flnet.org tcp
US 20.112.250.133:80 microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 192.64.151.240:4666 readion.deaftone.com tcp
NL 37.48.65.143:4666 youhappenes.flnet.org tcp

Files

memory/2200-0-0x0000000000340000-0x000000000036D000-memory.dmp

memory/2200-1-0x0000000000400000-0x0000000000541000-memory.dmp

\Users\Admin\AppData\Local\Temp\63dcf9addd66ec6a.exe

MD5 e6ec64b6cd5bfbe9efc874cd853d2df9
SHA1 0231e014e3abb379def3ec6a123b12158ce26157
SHA256 bcf8dfba617599264bbaad0fea97a96862931da5ca5c95bbaa24bf849f542313
SHA512 05c868fd6819882a4b69fc3b2531d6636348e43bbf8a611258bafe37e4e4c39d93c42e14d624fb0f58f34bf9da5def852d13825dafc1e2074c2ec63cbacce77f

memory/1084-11-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2200-10-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-15-0x0000000000400000-0x0000000000541000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar6169.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/1084-73-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-74-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-75-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-76-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-77-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-78-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-79-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-80-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-81-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-82-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-83-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-84-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-85-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-86-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-87-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-88-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-90-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-89-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-91-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-92-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-153-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-154-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-155-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-156-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-157-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-158-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-159-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-160-0x0000000000400000-0x0000000000541000-memory.dmp

memory/1084-161-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2308-162-0x0000000000400000-0x0000000000541000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-04 13:21

Reported

2024-04-04 13:23

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\fe9b758c1c41f0ee.exe\"" C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\fe9b758c1c41f0ee.exe\"" C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\fe9b758c1c41f0ee.exe\"" C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*System Health Monitoring Service Pro = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\fe9b758c1c41f0ee.exe\"" C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe

:*C:\Users\Admin\AppData\Local\Temp\b96781c5601f3e5c44e955e9f1d261c8_JaffaCakes118.exe *

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4376 -ip 4376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 300

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4376 -ip 4376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 348

C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe

a ZZZZZZXYQTG

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3060 -ip 3060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 900

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 900

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 896

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1092

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1092

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1536

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1532

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1600

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 804

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 864

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1820

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:80 microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 readion.deaftone.com udp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.162.23.2.in-addr.arpa udp
US 8.8.8.8:53 youhappenes.flnet.org udp
NL 37.48.65.143:4666 youhappenes.flnet.org tcp
US 8.8.8.8:53 202.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 20.112.250.133:80 microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 192.64.151.240:4666 readion.deaftone.com tcp
US 192.64.151.240:4666 readion.deaftone.com tcp
NL 37.48.65.143:4666 youhappenes.flnet.org tcp
US 8.8.8.8:53 udp

Files

memory/4376-0-0x0000000000800000-0x000000000082D000-memory.dmp

memory/4376-1-0x0000000000400000-0x0000000000541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fe9b758c1c41f0ee.exe

MD5 39b10c324d86ce8046883254bad2c7aa
SHA1 18c742d608282ba46acfe3ff78ae380eaabe9e24
SHA256 30c2196730d7399219b0419d9944f45f461d83ef8ea4655e73a3f99bce07611a
SHA512 b79235674283250bac15eb3c836a61fcae1f826a14158a3b8ee42a4ae3c2f0813ed2699998bbc9123848f42ae3cfefb4acb9e31f0f4fe1ebc6fac3e43f14c162

memory/2196-6-0x0000000000400000-0x0000000000541000-memory.dmp

memory/4376-7-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-9-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-15-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-16-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-17-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-18-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-19-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-20-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-21-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-22-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-23-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-24-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-25-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-26-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-27-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-28-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-29-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-30-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-31-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-32-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-33-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-36-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-37-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-38-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-39-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-40-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-41-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-42-0x0000000000400000-0x0000000000541000-memory.dmp

memory/2196-43-0x0000000000400000-0x0000000000541000-memory.dmp

memory/3060-44-0x0000000000400000-0x0000000000541000-memory.dmp