Malware Analysis Report

2025-01-23 15:28

Sample ID 240416-xtqgyabf5x
Target f4237f22e131216fc80bd6038ad92642_JaffaCakes118
SHA256 fbd4e06219737ce801ecf9c15c10df19d60fcacbc73d7ecf54d21bd13839b73d
Tags
upx antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fbd4e06219737ce801ecf9c15c10df19d60fcacbc73d7ecf54d21bd13839b73d

Threat Level: Shows suspicious behavior

The file f4237f22e131216fc80bd6038ad92642_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx antivm

Checks computer location settings

UPX packed file

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Unsigned PE

Enumerates physical storage devices

Reads runtime system information

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 19:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

93s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe C:\Windows\system32\cmd.exe
PID 2428 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe

"C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\515C.tmp\515D.tmp\516E.bat C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/2428-0-0x0000000140000000-0x0000000140027000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\515C.tmp\515D.tmp\516E.bat

MD5 711f5ad5d6b048ff59bdcc288d9b0d34
SHA1 fd9f247f5b6ef89a5aa7b5ee48e90d6eff61bd3d
SHA256 b1d6606f612077f05b7ac402e54482e11a5be1c3a32eab51e280176d1d2e87e8
SHA512 20f34257e493dbf4c5e5f038a072e625b938b85ab0f5e81ee7f0318010413338d3094264c62cc4d6c04791496c7007f4c40f71ace381c8cbc7b875b12b2ddce6

memory/2428-3-0x0000000140000000-0x0000000140027000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-armhf-20240226-en

Max time kernel

10s

Command Line

[/tmp/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mime.ps1

[/tmp/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-mipsel-20240226-en

Max time kernel

6s

Command Line

[/tmp/node_modules/.bin/mime]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/mime

[/tmp/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mime]

/bin/uname

[uname]

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

0s

Max time network

135s

Command Line

[/tmp/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mime.ps1

[/tmp/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/snap/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.21:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.66.49:443 cdn.fwupd.org tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.9:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240221-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\array-flatten.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\array-flatten.js

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240319-en

Max time kernel

121s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\index.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:12

Platform

win7-20240221-en

Max time kernel

122s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\lib\read.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\lib\read.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

147s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\lib\read.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\lib\read.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

147s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1944 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe C:\Windows\system32\cmd.exe
PID 1944 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5757.tmp\5758.tmp\5759.bat C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\5757.tmp\5758.tmp\5759.bat

MD5 6d0f4158dd4535af1ab5b8f328f065c9
SHA1 7ece4ab8cc7a2be48336b5c0f48dd68c68881aa3
SHA256 588e0e165fa613bb53b2c3c8d7e40bd468c0c9fafb1929969c6fb84c15964a00
SHA512 60bb1dbfac1d441ceea2296a74c5bff9957dbb638545e492180da7c1d89200c7e756002cce33d9f0c37e29958f142699ad1386360a8034d5da4c8f5e7881bbe1

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20231129-en

Max time kernel

117s

Max time network

119s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mime.cmd"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

152s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mime.cmd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 137.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 137.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

92s

Max time network

116s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 137.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240319-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\index.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20231129-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\117E.tmp\117F.tmp\1180.bat C:\Users\Admin\AppData\Local\Temp\FluxVerify[x32].exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\117E.tmp\117F.tmp\1180.bat

MD5 6d0f4158dd4535af1ab5b8f328f065c9
SHA1 7ece4ab8cc7a2be48336b5c0f48dd68c68881aa3
SHA256 588e0e165fa613bb53b2c3c8d7e40bd468c0c9fafb1929969c6fb84c15964a00
SHA512 60bb1dbfac1d441ceea2296a74c5bff9957dbb638545e492180da7c1d89200c7e756002cce33d9f0c37e29958f142699ad1386360a8034d5da4c8f5e7881bbe1

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-armhf-20240226-en

Max time kernel

6s

Command Line

[/tmp/node_modules/.bin/mime]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/mime

[/tmp/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mime]

/bin/uname

[uname]

/usr/bin/node

[node /tmp/node_modules/.bin/../mime/cli.js]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240221-en

Max time kernel

121s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\README.js

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

147s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\accepts\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

149s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240319-en

Max time kernel

119s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2056 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\WebContent.exe C:\Windows\system32\cmd.exe
PID 2056 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\WebContent.exe C:\Windows\system32\cmd.exe
PID 2056 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\WebContent.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WebContent.exe

"C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5245.tmp\5246.tmp\5247.bat C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

Network

N/A

Files

memory/2056-0-0x0000000140000000-0x0000000140027000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5245.tmp\5246.tmp\5247.bat

MD5 711f5ad5d6b048ff59bdcc288d9b0d34
SHA1 fd9f247f5b6ef89a5aa7b5ee48e90d6eff61bd3d
SHA256 b1d6606f612077f05b7ac402e54482e11a5be1c3a32eab51e280176d1d2e87e8
SHA512 20f34257e493dbf4c5e5f038a072e625b938b85ab0f5e81ee7f0318010413338d3094264c62cc4d6c04791496c7007f4c40f71ace381c8cbc7b875b12b2ddce6

memory/2056-3-0x0000000140000000-0x0000000140027000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-mipsbe-20240226-en

Max time kernel

2s

Command Line

[/tmp/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mime.ps1

[/tmp/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\array-flatten.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\array-flatten.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-mipsbe-20240226-en

Max time kernel

2s

Command Line

[/tmp/node_modules/.bin/mime]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/mime

[/tmp/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mime]

/bin/uname

[uname]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

debian9-mipsel-20240226-en

Max time kernel

2s

Command Line

[/tmp/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mime.ps1

[/tmp/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mime.ps1]

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240221-en

Max time kernel

122s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\array-flatten\README.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20231129-en

Max time kernel

121s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\README.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\README.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240221-en

Max time kernel

121s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2988 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe C:\Windows\system32\cmd.exe
PID 2988 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe C:\Windows\system32\cmd.exe
PID 2988 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4328.tmp\4329.tmp\432A.bat C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\4328.tmp\4329.tmp\432A.bat

MD5 6d0f4158dd4535af1ab5b8f328f065c9
SHA1 7ece4ab8cc7a2be48336b5c0f48dd68c68881aa3
SHA256 588e0e165fa613bb53b2c3c8d7e40bd468c0c9fafb1929969c6fb84c15964a00
SHA512 60bb1dbfac1d441ceea2296a74c5bff9957dbb638545e492180da7c1d89200c7e756002cce33d9f0c37e29958f142699ad1386360a8034d5da4c8f5e7881bbe1

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win7-20240215-en

Max time kernel

117s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2824 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe C:\Windows\system32\cmd.exe
PID 2824 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe C:\Windows\system32\cmd.exe
PID 2824 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe

"C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1880.tmp\1881.tmp\1882.bat C:\Users\Admin\AppData\Local\Temp\Libloader[gui]v3.exe"

Network

N/A

Files

memory/2824-0-0x0000000140000000-0x0000000140027000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1880.tmp\1881.tmp\1882.bat

MD5 711f5ad5d6b048ff59bdcc288d9b0d34
SHA1 fd9f247f5b6ef89a5aa7b5ee48e90d6eff61bd3d
SHA256 b1d6606f612077f05b7ac402e54482e11a5be1c3a32eab51e280176d1d2e87e8
SHA512 20f34257e493dbf4c5e5f038a072e625b938b85ab0f5e81ee7f0318010413338d3094264c62cc4d6c04791496c7007f4c40f71ace381c8cbc7b875b12b2ddce6

memory/2824-3-0x0000000140000000-0x0000000140027000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\WebContent.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1152 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\WebContent.exe C:\Windows\system32\cmd.exe
PID 1152 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\WebContent.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WebContent.exe

"C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3E80.tmp\3E81.tmp\3E82.bat C:\Users\Admin\AppData\Local\Temp\WebContent.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

memory/1152-0-0x0000000140000000-0x0000000140027000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3E80.tmp\3E81.tmp\3E82.bat

MD5 711f5ad5d6b048ff59bdcc288d9b0d34
SHA1 fd9f247f5b6ef89a5aa7b5ee48e90d6eff61bd3d
SHA256 b1d6606f612077f05b7ac402e54482e11a5be1c3a32eab51e280176d1d2e87e8
SHA512 20f34257e493dbf4c5e5f038a072e625b938b85ab0f5e81ee7f0318010413338d3094264c62cc4d6c04791496c7007f4c40f71ace381c8cbc7b875b12b2ddce6

memory/1152-3-0x0000000140000000-0x0000000140027000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

93s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1456 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe C:\Windows\system32\cmd.exe
PID 1456 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe

"C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\33C2.tmp\33C3.tmp\33C4.bat C:\Users\Admin\AppData\Local\Temp\FluxVerify[x64].exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\33C2.tmp\33C3.tmp\33C4.bat

MD5 6d0f4158dd4535af1ab5b8f328f065c9
SHA1 7ece4ab8cc7a2be48336b5c0f48dd68c68881aa3
SHA256 588e0e165fa613bb53b2c3c8d7e40bd468c0c9fafb1929969c6fb84c15964a00
SHA512 60bb1dbfac1d441ceea2296a74c5bff9957dbb638545e492180da7c1d89200c7e756002cce33d9f0c37e29958f142699ad1386360a8034d5da4c8f5e7881bbe1

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/node_modules/.bin/mime]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/mime

[/tmp/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mime]

/bin/uname

[uname]

/usr/bin/node

[node /tmp/node_modules/.bin/../mime/cli.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.3:443 tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-16 19:08

Reported

2024-04-16 19:11

Platform

win10v2004-20240412-en

Max time kernel

147s

Max time network

165s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\body-parser\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 25.63.96.20.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 29.90.28.184.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A