Malware Analysis Report

2025-01-06 15:26

Sample ID 240525-s6y8dshd9v
Target 727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118
SHA256 4016a4561423b5b849066c2785e363d557fd5b6a3cea7b24e8de63d071b7b4be
Tags
miner upx 0 xmrig cobaltstrike backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4016a4561423b5b849066c2785e363d557fd5b6a3cea7b24e8de63d071b7b4be

Threat Level: Known bad

The file 727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

miner upx 0 xmrig cobaltstrike backdoor trojan

Xmrig family

Cobaltstrike family

Cobaltstrike

Cobalt Strike reflective loader

xmrig

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-25 15:44

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 15:44

Reported

2024-05-25 15:47

Platform

win7-20240221-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\lVHcrKQ.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\bBxbtaS.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\RvPIfrL.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\gGaqRTf.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\LsadDYm.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\ATbgfOa.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\KQPzrHd.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\TBkMOKY.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\IxpFsTM.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\RJRCwVv.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\rxJOJIG.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\mWlCjoz.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\uGPjgBP.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\WXnACrK.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\FZOSzXS.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\FYaihCv.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\xwWQNCo.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\vxaKTph.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\WmpfzFZ.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\ZoGmePX.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
File created C:\Windows\System\mTAJWyH.exe C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2752 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RvPIfrL.exe
PID 2752 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RvPIfrL.exe
PID 2752 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RvPIfrL.exe
PID 2752 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\xwWQNCo.exe
PID 2752 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\xwWQNCo.exe
PID 2752 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\xwWQNCo.exe
PID 2752 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\vxaKTph.exe
PID 2752 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\vxaKTph.exe
PID 2752 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\vxaKTph.exe
PID 2752 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WmpfzFZ.exe
PID 2752 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WmpfzFZ.exe
PID 2752 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WmpfzFZ.exe
PID 2752 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RJRCwVv.exe
PID 2752 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RJRCwVv.exe
PID 2752 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\RJRCwVv.exe
PID 2752 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ZoGmePX.exe
PID 2752 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ZoGmePX.exe
PID 2752 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ZoGmePX.exe
PID 2752 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\KQPzrHd.exe
PID 2752 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\KQPzrHd.exe
PID 2752 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\KQPzrHd.exe
PID 2752 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\uGPjgBP.exe
PID 2752 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\uGPjgBP.exe
PID 2752 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\uGPjgBP.exe
PID 2752 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\TBkMOKY.exe
PID 2752 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\TBkMOKY.exe
PID 2752 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\TBkMOKY.exe
PID 2752 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WXnACrK.exe
PID 2752 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WXnACrK.exe
PID 2752 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\WXnACrK.exe
PID 2752 wrote to memory of 596 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\gGaqRTf.exe
PID 2752 wrote to memory of 596 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\gGaqRTf.exe
PID 2752 wrote to memory of 596 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\gGaqRTf.exe
PID 2752 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FZOSzXS.exe
PID 2752 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FZOSzXS.exe
PID 2752 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FZOSzXS.exe
PID 2752 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\LsadDYm.exe
PID 2752 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\LsadDYm.exe
PID 2752 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\LsadDYm.exe
PID 2752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FYaihCv.exe
PID 2752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FYaihCv.exe
PID 2752 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\FYaihCv.exe
PID 2752 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\rxJOJIG.exe
PID 2752 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\rxJOJIG.exe
PID 2752 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\rxJOJIG.exe
PID 2752 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ATbgfOa.exe
PID 2752 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ATbgfOa.exe
PID 2752 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\ATbgfOa.exe
PID 2752 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\lVHcrKQ.exe
PID 2752 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\lVHcrKQ.exe
PID 2752 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\lVHcrKQ.exe
PID 2752 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mTAJWyH.exe
PID 2752 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mTAJWyH.exe
PID 2752 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mTAJWyH.exe
PID 2752 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\bBxbtaS.exe
PID 2752 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\bBxbtaS.exe
PID 2752 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\bBxbtaS.exe
PID 2752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\IxpFsTM.exe
PID 2752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\IxpFsTM.exe
PID 2752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\IxpFsTM.exe
PID 2752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mWlCjoz.exe
PID 2752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mWlCjoz.exe
PID 2752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe C:\Windows\System\mWlCjoz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe"

C:\Windows\System\RvPIfrL.exe

C:\Windows\System\RvPIfrL.exe

C:\Windows\System\xwWQNCo.exe

C:\Windows\System\xwWQNCo.exe

C:\Windows\System\vxaKTph.exe

C:\Windows\System\vxaKTph.exe

C:\Windows\System\WmpfzFZ.exe

C:\Windows\System\WmpfzFZ.exe

C:\Windows\System\RJRCwVv.exe

C:\Windows\System\RJRCwVv.exe

C:\Windows\System\ZoGmePX.exe

C:\Windows\System\ZoGmePX.exe

C:\Windows\System\KQPzrHd.exe

C:\Windows\System\KQPzrHd.exe

C:\Windows\System\uGPjgBP.exe

C:\Windows\System\uGPjgBP.exe

C:\Windows\System\TBkMOKY.exe

C:\Windows\System\TBkMOKY.exe

C:\Windows\System\WXnACrK.exe

C:\Windows\System\WXnACrK.exe

C:\Windows\System\gGaqRTf.exe

C:\Windows\System\gGaqRTf.exe

C:\Windows\System\FZOSzXS.exe

C:\Windows\System\FZOSzXS.exe

C:\Windows\System\LsadDYm.exe

C:\Windows\System\LsadDYm.exe

C:\Windows\System\FYaihCv.exe

C:\Windows\System\FYaihCv.exe

C:\Windows\System\rxJOJIG.exe

C:\Windows\System\rxJOJIG.exe

C:\Windows\System\ATbgfOa.exe

C:\Windows\System\ATbgfOa.exe

C:\Windows\System\lVHcrKQ.exe

C:\Windows\System\lVHcrKQ.exe

C:\Windows\System\mTAJWyH.exe

C:\Windows\System\mTAJWyH.exe

C:\Windows\System\bBxbtaS.exe

C:\Windows\System\bBxbtaS.exe

C:\Windows\System\IxpFsTM.exe

C:\Windows\System\IxpFsTM.exe

C:\Windows\System\mWlCjoz.exe

C:\Windows\System\mWlCjoz.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2752-0-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2752-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\RvPIfrL.exe

MD5 34219ac7dd1aeb26b8465c7164d0f9dc
SHA1 a79f6c5e7ef264edd62fa31db95e9b9989f79605
SHA256 8581050af362e594d7afd0a574edc762adf690acfbb8dd003acc66233800e338
SHA512 5098c4871cfe479985cbe5189a7fd24e3493dceea7c7e4a3e17c4915d899bb57fcfcb5a1f23c4051c1c748c9952245ed2fe4241b30a13ed6ec6604168f5fc1d8

C:\Windows\system\xwWQNCo.exe

MD5 df60bd58c96a69edd3d38df64ad4fd33
SHA1 40e40d9ba4ac110c83e0233de64a7deae8575151
SHA256 8ec80ab0deb1ad79f01dd5eb36e89ce0ee1a6840550078421c58bea64a31ee23
SHA512 885b772c1a174a22e7064dd974628025c2870161058fa28beb36a040b891d1084e2b035b45257f1a6a1263587c2dda1dbd20457b6942ab6375ce45256469a642

C:\Windows\system\vxaKTph.exe

MD5 076739315ba902f8f98561250a2ff991
SHA1 9098c413fed1d2afbd139695680a6f19d41300eb
SHA256 cbbcc0b64f80752b3684393ee94f7c77042e90b37bba21df24b2b9a19c07ebb7
SHA512 ab3239e15f2e0397db0fd711e30537088f62a97a6b6b4a7dca83a454f6066ca5dd2ee308b7f5e9eacf78044bb2dbadb65d76903b599bc44146ef8030a3501bcd

memory/2752-18-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/2752-26-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2752-24-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2648-22-0x000000013FF60000-0x00000001402B4000-memory.dmp

C:\Windows\system\WmpfzFZ.exe

MD5 c553230bb76fe3ccd4fe49da01f6d922
SHA1 41b2406faa158b47c772d7245af510649014406f
SHA256 fc4ccc224923a4b8b419bce9ac210d8835261be0edc33baa69d8e46887956124
SHA512 e6564387ec0bdd9ea823e4e3663e387948d3b60c7e7e6dc3c46920106f975d07179760ba4e5c6d334555fd49544a4e68f9af94d385d3cde147301828d0ad7460

C:\Windows\system\ZoGmePX.exe

MD5 89df8f21dc829451c7e58fb9a6462b4d
SHA1 c2e1dd9505e7ec8876c04cc6451b6bdd3de78d21
SHA256 1b23d1321ceacbfe92f87635b1e7adcc0b2efe4de2d8d5b40b550a25a0a66bef
SHA512 6031ef061219774c5de4463c3a955e271131930d43ceea11a469ae406ea494c19d6646ba3d5b2102f6a2f021764a93c19b7f9c267bef5f9bfb068c6e742a41f8

memory/2752-40-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2548-41-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2528-35-0x000000013F930000-0x000000013FC84000-memory.dmp

C:\Windows\system\RJRCwVv.exe

MD5 f118382d7d61861891833da92e2c6858
SHA1 0ffd02f4ccfd60935598fcce657643ee54ebda54
SHA256 8cee3cd7adcb16a9090a80cede48abdb931222537f94e46dbe34818315b6d3d9
SHA512 4b531d012a6e5f2c5a610b6bfa148200a98bf6c00ecaf92072c9708d555d6e67011d4683afebea663117aa418681cdce2ee2cf96f42acac2cad084c4cd810027

memory/2752-33-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2636-32-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/3064-30-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1684-16-0x000000013F400000-0x000000013F754000-memory.dmp

C:\Windows\system\KQPzrHd.exe

MD5 c5b1b3a53cc3c35015a84211ea16824a
SHA1 8dc1b2b1cd840dbf79ef8109c4951fbc50d99ac7
SHA256 9ec579fe5c82ed6fa2b3e1056053315d40037fc099a83e07a15426d6d19a3421
SHA512 91d49b5a8f17a89c534441a9ebdfed87a99779391de6861505336c79025e3c167da1eee8c7f9eb967f7c47efbf12145b2220ddb7488904b0878552e29b26a942

memory/2752-52-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2412-54-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2432-53-0x000000013F7D0000-0x000000013FB24000-memory.dmp

C:\Windows\system\uGPjgBP.exe

MD5 8058ffbd3e07d41761b901edf60651ad
SHA1 9ee254d41b78d17cb7e22d35aa03ec0dd6e0ad25
SHA256 41d479559aa3f33090aaf848c8c286b7315e2c7656aca985c571920fbb8a057f
SHA512 543e578dca62755db6e7a842a759b714fb5404104cc41e619472e413a994c08c70e6209c2cb22f823627403aa774a536c1ddbba9929d3fb957b55aff45ddaf72

memory/2752-57-0x000000013F960000-0x000000013FCB4000-memory.dmp

\Windows\system\TBkMOKY.exe

MD5 ffe174bb5f5188fa96235b0d0664b570
SHA1 2a2dfa96f7ad20aaaf876087ec6691156bc25562
SHA256 5288b1c5018874f1dc6a1b8bfa3e4e04c53ad505845fa7baf2b9382cacf6fafd
SHA512 766a42c1fc2dd02b1e53ccf39a189258782ce0cabe07de1167b6afe87487a02fa17d18a100b9e37181152387b8ae696084e71ca1407d7b194d5f981af669045b

memory/1684-62-0x000000013F400000-0x000000013F754000-memory.dmp

memory/2848-68-0x000000013FE90000-0x00000001401E4000-memory.dmp

\Windows\system\FZOSzXS.exe

MD5 617378a1e0534ae706b02dbe524b56e2
SHA1 409ab5fe38ceea41f2823cfd5f2af64b9c880c5a
SHA256 6299f62e093dc75f2f9c304e4f8d062b94ecbd446e046e3491e15a9a39aa3211
SHA512 1e8aa625e956c9a4ab5bc610e5c2282f73910d8de15f8abeacf0b498fefc176c532a764d3ebfecf3c7ff6536a0138fea292836c147fd7bd40fba47c9d901bf85

memory/2752-83-0x000000013F310000-0x000000013F664000-memory.dmp

C:\Windows\system\gGaqRTf.exe

MD5 2a93ba1cf0cbc68b945ee1092bf319ef
SHA1 17922e5baadf24fbe2a0783fd311f02eab2622c0
SHA256 799a8b86a1d5cce43e66df21da91a17a24dffa4af9f6ae9dba299ff14de5d8c8
SHA512 f2bd4aeecc800dbb7bd13f8fcf24a1beef5e0de83a67ffbdd35247653ec689dd608d023726c5ed2b9813b13e5641a7043f811f5cb6cb4de77c09eed2c8a1882f

memory/1304-85-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2752-95-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2548-97-0x000000013FA60000-0x000000013FDB4000-memory.dmp

C:\Windows\system\LsadDYm.exe

MD5 b05a93c8958674d368601148d012eaab
SHA1 d83093cbf57f230ce7fe5fff5e30fea894ad11aa
SHA256 b1b242c03c2f1785bb5b505788d818dc0e1f78db34f50cd1c4f3181ed4be7f77
SHA512 ddf3f0b12c33a0bbf6234d32d11f8de75fb2a4a3afd0d91d854c5d162a58dce6575e637128d1bdac0ea5df9c04e6541b270022903e11c6026858d3aec9869fd5

memory/596-91-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2528-89-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2064-101-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2752-75-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2752-98-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2592-96-0x000000013F780000-0x000000013FAD4000-memory.dmp

C:\Windows\system\FYaihCv.exe

MD5 8952db307d104728cfa5382c10264a01
SHA1 75fe53772a46df3961e5191001f1c8ab969be5a6
SHA256 f7de53b31a847911b4dc4d0dbeecc76f31678b5217d98c0fdbd3133b2a393eb0
SHA512 17eab68504561ae59801618dcb7707432338d05f81e21e5940a2ddef8fa057d649842adaff551e8acb1d5b7f8fe02ea7c0dfab1c467081adbc84e3789538507e

memory/2752-84-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2752-79-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2752-77-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/684-71-0x000000013FB50000-0x000000013FEA4000-memory.dmp

C:\Windows\system\WXnACrK.exe

MD5 3365ec7065a05cf4612be1783c580611
SHA1 f626ca3a776d601efcf7f6355473288b11c8c433
SHA256 0334daed19ec297be3f534cb914fcf59987a102282952a261a9bf502dcd28696
SHA512 11a47984858767cba2e182aff60c48619e9c25aee0c2a86a3ff6819925f3cb24c08c182bbd43f851b375dfe276b7f8b8fa8a42464169eb2476eff6e5012f0b89

memory/2752-64-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/2412-104-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2432-103-0x000000013F7D0000-0x000000013FB24000-memory.dmp

\Windows\system\rxJOJIG.exe

MD5 d547cdc2d87be7f972b2a0c0b69ada7a
SHA1 4453e1897d26231dfcf042972bb4f0f0b418029c
SHA256 d0d52b66519a12ccf48aaee6c313afb08e8e66cacc2153fecc4f6af58b6be78f
SHA512 ff1e1f54dbb719f03c84cfc617329e3c7df26a282d16e440857469b05efe42ca15853b42b34760056cfddf8d890b41194ec91d92c73b250ec2a25e1054777a23

C:\Windows\system\ATbgfOa.exe

MD5 37f6da97ec42a8f5792ea32cd09f447c
SHA1 b2376719114e74e5430126071bb3a8a292040b36
SHA256 abd6d11333a7db83bad0b69d217fe62b61a29cd36c80969a058ea0cf122e8068
SHA512 22f002e7a0a0ecea6f41254ef77fb4c1f8b539c1a8d5a15fa5651d6882fef774ec6d9c9cd2e937be81c7ce9fe6b148d4fa36705f297eef2b823454653e4fd49c

\Windows\system\lVHcrKQ.exe

MD5 1db0240c485ea00e50655844969353d4
SHA1 359a2d5445661e69fd6b8af58b21964f210e465f
SHA256 3d006b3ec62c1058638ad86387db22426638936b4367e003e5a3a9ecf90d31d5
SHA512 fd8b0653a0105920ad793f7e64192e1d5937120dda67e7eced4839aebb1a8e77b36ed78f9c3ac92fb12b9d648ac06753670ee25a70e5f0dcb7019427393efe9b

\Windows\system\bBxbtaS.exe

MD5 1a3f5f4a53a4a75be0ccd1f75c18a09b
SHA1 cb37e771e3894f1fafa4605a9da800f6d0c37dfc
SHA256 7e975d9fdeb8348c41c0630cfbffc42989b812b7a99740bd45290be3f235e3b1
SHA512 ff1f50d5a0a3baa8d2771a3c3486d51be2ec680a21ee6281927f2d229a78ce476d5382ebbfa90613c52c1e67f5ac0d212865528c0f66dfa1943901424bb37e71

\Windows\system\IxpFsTM.exe

MD5 079330afe59b45534f83c0eabde31356
SHA1 cae06360b2e7936f2d529e86ffbfddd4cce6872d
SHA256 5326aaaaa06d2db3aaafcd6b880d8f894ab9995ece32882ecd9d6063fc1e1ec4
SHA512 1de02d0e3a91e0aa29f56766a0c7b63075dc42cc77cfc7700563e2e5fa16e927e9dd782d55c408565819d3c26e5f12fc5ca7a5d2f99bb95c082715e190ff2bc9

C:\Windows\system\mTAJWyH.exe

MD5 795d562e09185db9499878815f7a34b4
SHA1 601dc5f75fa476394d83cd969ad32a77db74f76f
SHA256 1378914b31837bb919aa77b8973b314212e3895bd74503766385225381b08b07
SHA512 eaece92e2e0a1078aa8d5a41ea83a9a584e93da9fb8cfc705e8ee8662112b3adf6457205ad45a5eca635ef1c710230b4becb0cddbb2c3245bc211ff2438b2145

\Windows\system\mWlCjoz.exe

MD5 3e39e811881f97d64b36e350ba929cd6
SHA1 891d9f5b1831ec269a7a113180d6a91d644a4da6
SHA256 a0bf795d8a0b686f3b3e5dbb20e86fc9d0b9ff75ecc04f6622e48224174a0e99
SHA512 25211e6cbdbe304f3129651b6cfd3dcc23f47f152ddbbd89eeafbe0942dbe0f11526b219a7b9f968fd0e03d616a3291043b5f02e47d1098d73a7a511bf62e955

memory/684-141-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/2752-142-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2752-143-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/596-144-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2592-145-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2752-146-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2064-147-0x000000013FCD0000-0x0000000140024000-memory.dmp

memory/2752-148-0x00000000024B0000-0x0000000002804000-memory.dmp

memory/2648-149-0x000000013FF60000-0x00000001402B4000-memory.dmp

memory/1684-150-0x000000013F400000-0x000000013F754000-memory.dmp

memory/3064-151-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2636-152-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2528-153-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2548-154-0x000000013FA60000-0x000000013FDB4000-memory.dmp

memory/2432-155-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2412-156-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2848-157-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/684-158-0x000000013FB50000-0x000000013FEA4000-memory.dmp

memory/1304-159-0x000000013F310000-0x000000013F664000-memory.dmp

memory/596-160-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2592-161-0x000000013F780000-0x000000013FAD4000-memory.dmp

memory/2064-162-0x000000013FCD0000-0x0000000140024000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 15:44

Reported

2024-05-25 15:47

Platform

win10v2004-20240426-en

Max time kernel

133s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\727433bc99315ea686fe6b4b8b7cdeaa_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/4820-0-0x00007FF627680000-0x00007FF6279D4000-memory.dmp