Malware Analysis Report

2025-03-15 08:12

Sample ID 240530-dqyjlacd5y
Target 82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118
SHA256 521183d9266bde2a78c84d7cf3ff89b4af900ce5143ff2da95617a025ea953eb
Tags
miner upx 0 xmrig cobaltstrike backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

521183d9266bde2a78c84d7cf3ff89b4af900ce5143ff2da95617a025ea953eb

Threat Level: Known bad

The file 82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

miner upx 0 xmrig cobaltstrike backdoor trojan

Cobalt Strike reflective loader

xmrig

Xmrig family

Cobaltstrike family

XMRig Miner payload

Cobaltstrike

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 03:13

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike family

cobaltstrike

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 03:13

Reported

2024-05-30 03:16

Platform

win7-20240221-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\vAqkfbB.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\oMzfdBt.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\dRgoUBW.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\vHimNXK.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\cWcFMyD.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\OaItDPR.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\EkrMzyv.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\jcfDToa.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\snnhFIK.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\lkoJhrX.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\JsHerrv.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\xHSYjcu.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\dxKXbzv.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\elyYOEr.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\qAjgfTM.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\qnkWKsZ.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\UzmORRV.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\pyqOCit.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\oDDHSSS.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\dxjxMih.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
File created C:\Windows\System\wTClCli.exe C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2068 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\OaItDPR.exe
PID 2068 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\OaItDPR.exe
PID 2068 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\OaItDPR.exe
PID 2068 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\EkrMzyv.exe
PID 2068 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\EkrMzyv.exe
PID 2068 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\EkrMzyv.exe
PID 2068 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oDDHSSS.exe
PID 2068 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oDDHSSS.exe
PID 2068 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oDDHSSS.exe
PID 2068 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\jcfDToa.exe
PID 2068 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\jcfDToa.exe
PID 2068 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\jcfDToa.exe
PID 2068 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vAqkfbB.exe
PID 2068 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vAqkfbB.exe
PID 2068 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vAqkfbB.exe
PID 2068 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oMzfdBt.exe
PID 2068 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oMzfdBt.exe
PID 2068 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\oMzfdBt.exe
PID 2068 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\xHSYjcu.exe
PID 2068 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\xHSYjcu.exe
PID 2068 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\xHSYjcu.exe
PID 2068 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxKXbzv.exe
PID 2068 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxKXbzv.exe
PID 2068 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxKXbzv.exe
PID 2068 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\elyYOEr.exe
PID 2068 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\elyYOEr.exe
PID 2068 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\elyYOEr.exe
PID 2068 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qnkWKsZ.exe
PID 2068 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qnkWKsZ.exe
PID 2068 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qnkWKsZ.exe
PID 2068 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dRgoUBW.exe
PID 2068 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dRgoUBW.exe
PID 2068 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dRgoUBW.exe
PID 2068 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vHimNXK.exe
PID 2068 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vHimNXK.exe
PID 2068 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\vHimNXK.exe
PID 2068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\cWcFMyD.exe
PID 2068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\cWcFMyD.exe
PID 2068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\cWcFMyD.exe
PID 2068 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\UzmORRV.exe
PID 2068 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\UzmORRV.exe
PID 2068 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\UzmORRV.exe
PID 2068 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxjxMih.exe
PID 2068 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxjxMih.exe
PID 2068 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\dxjxMih.exe
PID 2068 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\pyqOCit.exe
PID 2068 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\pyqOCit.exe
PID 2068 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\pyqOCit.exe
PID 2068 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\JsHerrv.exe
PID 2068 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\JsHerrv.exe
PID 2068 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\JsHerrv.exe
PID 2068 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\snnhFIK.exe
PID 2068 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\snnhFIK.exe
PID 2068 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\snnhFIK.exe
PID 2068 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qAjgfTM.exe
PID 2068 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qAjgfTM.exe
PID 2068 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\qAjgfTM.exe
PID 2068 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\lkoJhrX.exe
PID 2068 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\lkoJhrX.exe
PID 2068 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\lkoJhrX.exe
PID 2068 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\wTClCli.exe
PID 2068 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\wTClCli.exe
PID 2068 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe C:\Windows\System\wTClCli.exe

Processes

C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe"

C:\Windows\System\OaItDPR.exe

C:\Windows\System\OaItDPR.exe

C:\Windows\System\EkrMzyv.exe

C:\Windows\System\EkrMzyv.exe

C:\Windows\System\oDDHSSS.exe

C:\Windows\System\oDDHSSS.exe

C:\Windows\System\jcfDToa.exe

C:\Windows\System\jcfDToa.exe

C:\Windows\System\vAqkfbB.exe

C:\Windows\System\vAqkfbB.exe

C:\Windows\System\oMzfdBt.exe

C:\Windows\System\oMzfdBt.exe

C:\Windows\System\xHSYjcu.exe

C:\Windows\System\xHSYjcu.exe

C:\Windows\System\dxKXbzv.exe

C:\Windows\System\dxKXbzv.exe

C:\Windows\System\elyYOEr.exe

C:\Windows\System\elyYOEr.exe

C:\Windows\System\qnkWKsZ.exe

C:\Windows\System\qnkWKsZ.exe

C:\Windows\System\dRgoUBW.exe

C:\Windows\System\dRgoUBW.exe

C:\Windows\System\vHimNXK.exe

C:\Windows\System\vHimNXK.exe

C:\Windows\System\cWcFMyD.exe

C:\Windows\System\cWcFMyD.exe

C:\Windows\System\UzmORRV.exe

C:\Windows\System\UzmORRV.exe

C:\Windows\System\dxjxMih.exe

C:\Windows\System\dxjxMih.exe

C:\Windows\System\pyqOCit.exe

C:\Windows\System\pyqOCit.exe

C:\Windows\System\JsHerrv.exe

C:\Windows\System\JsHerrv.exe

C:\Windows\System\snnhFIK.exe

C:\Windows\System\snnhFIK.exe

C:\Windows\System\qAjgfTM.exe

C:\Windows\System\qAjgfTM.exe

C:\Windows\System\lkoJhrX.exe

C:\Windows\System\lkoJhrX.exe

C:\Windows\System\wTClCli.exe

C:\Windows\System\wTClCli.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2068-0-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\OaItDPR.exe

MD5 c78e2df6efe86f2bc36d4d4cf61feb19
SHA1 2b2501f4dcfd9c42ce3559342a939aa37c18b416
SHA256 104047967d31885a082076aad28e9fbb9bc158daea6ed188a31cadbe62a15c55
SHA512 4aeeeeb89806db75a881f00105118e02615d25817af0691f29861f31d342f88036aef073dcd60cdf7bf64f1bb186085fc6eaebaa4e2aa2f9c65cf0d30dccef39

memory/2068-6-0x00000000023F0000-0x0000000002744000-memory.dmp

\Windows\system\EkrMzyv.exe

MD5 f44c842de127eeb34312baebabc353bf
SHA1 f3cd4a382709420fb2c2780f52bea90d344ab612
SHA256 38bffa4409a45ffad06ed6fe20f641922e40a205a728b1cc74ffb993e5419898
SHA512 c873a929004117dfe21c5f0d205b720f85cd387410fcfab20b81a61c536ceb97cb08db0061b8c5209d9ad0356ae7c8effb1b51701eff5c5be10b0ad662e975eb

C:\Windows\system\oDDHSSS.exe

MD5 95cd5f2554542c2baf853ac0f0358ad6
SHA1 be19d081312c8efadfb6954f3cc87f42f6633db1
SHA256 6ce638ae3c53799f3f9f9de0404da73e73eeb559a7ce6a56f6f3c770a2e4050d
SHA512 d4139119220e1c6a1aaa6e0b20b2baaefaf0c86374bb50c8c3cc68e35f9c4448fd09fcac944b5de9f67d656c706ede28f109e5761c2c66cbc759837f43f3b969

memory/2060-15-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/1116-8-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2068-18-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2068-13-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/1068-23-0x000000013F1F0000-0x000000013F544000-memory.dmp

C:\Windows\system\jcfDToa.exe

MD5 5b474134dc911fe58f81d277b545cd7b
SHA1 feec829efa7ccd88f802afa1c2283332c1231fa7
SHA256 6f673517c843c8e66d7318d417373f407c77b3fc89670a7c3716be8e9239ec6e
SHA512 0f6bbc55ff45f3a3ac5f96909adad4a0830dca7b8b76d28b3bbeb62f4f9788158dac8bf51bedf96d504f637524fe04d3c7666eb4a0e5899b2988a74a791be57f

\Windows\system\vAqkfbB.exe

MD5 8847170e7c2be8c9037d3ec32ddadc71
SHA1 65c0b9bb4251d57993ec04588d6c8d4c06e4567f
SHA256 b38873649a52768ef80f6d18669f3539bb67ddfa2eab2761d5522b846b809916
SHA512 832140828f7f0d2bf1625e2c1da22370da782104a8b00abc4fde7298d1365f8d4cfcfe24fb32ddc6387c646513c91d6e862d7a2de286dce5f55c2bfd9f26a58a

\Windows\system\oMzfdBt.exe

MD5 2809e0093f3796781a225f19cf2a92ee
SHA1 c6b2f443aa15959fa76f3092cdbc74eb74b3714b
SHA256 eea05efc590cca14ae52b1c8fb8ae5e02407fd3df9808ce33335deafb0817896
SHA512 c3c2b4cf2670a9f03b00d44be860b5f477a079677707a5698c339fbeb7fcbb1410be8e4bdc6ea68fc023efbca4195e6499aa6e1c61581a59344c29d14e3f7213

memory/2068-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2516-42-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2068-37-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2068-29-0x000000013FEC0000-0x0000000140214000-memory.dmp

\Windows\system\dxKXbzv.exe

MD5 db9ebc988b542bc19ba0f9c6fe526904
SHA1 3e49d55a4bcca84b4924c17dee9c3bdb0f7615ae
SHA256 a94ed348e0540c27e3d61acb971c603ced82bdf3e1a142174b3a10645cd09ae0
SHA512 56ac92329e8630f512eff99664d1f372862cdd37ace8f4bf75cac3c8983916429365627310ed4c015bd721ad56dadc49fabd87d7aab9dbb52036ddfa8d446b1d

memory/2060-51-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/2384-52-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2656-33-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2644-57-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2068-56-0x00000000023F0000-0x0000000002744000-memory.dmp

\Windows\system\elyYOEr.exe

MD5 1de44de16fdcb74dccd5327dca4335f2
SHA1 5a1f0fa93c0d8e54e116afacdf4ae25e080ac1e6
SHA256 b93523ea9bd5d43f0985aa5b26fbd146f4726ec731823925df6af0c6dccd2a5d
SHA512 8e3ae417854ea4255c81f65b86f53b56a6b459255f694f47db9a3d74f56a0e37581a15c546186a8387c665180e51b3014caa88c9e04283eb86a7df4fdfb9412f

C:\Windows\system\qnkWKsZ.exe

MD5 f8e67a79609db446ca3fb4fd672dc1da
SHA1 2ab3c57435b6fd8dcbe7545417e3a56463c1e8d0
SHA256 ddccc392b186091e954c3c7449f0f72eef8e290e053d04796e9f9300371b159b
SHA512 8b7fde2c5f4598911a2e7af0859b17ddd85d372839be3e25c06372a650aec3e3502e49e20808133f4806c454b9e518b442b06be2b710c20bf14f5cb62ea25d67

memory/2608-71-0x000000013F530000-0x000000013F884000-memory.dmp

C:\Windows\system\vHimNXK.exe

MD5 bbe9f01b9cb3e115420277075ccb3876
SHA1 2ae099e761813db7579555c3fd660bc6f8ad4c52
SHA256 0cbd5f5c65a0698d807473ee12252a65790d3f23415fb3833083fdaa05c1f86c
SHA512 b7f299d2c525721d79f1fe04824ab3a7c5ede050617e96c39fa688b7f0e7ac4762d6b425d5649bb544e7e8beced07c8de3ca6dcf319dc55b0f79a7edb70bed81

memory/2396-77-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2816-84-0x000000013FF70000-0x00000001402C4000-memory.dmp

C:\Windows\system\UzmORRV.exe

MD5 7cf78b2fed88a2775c3e8b0151da95ea
SHA1 93ed655e9c3478b09ad922b549e2d9479845caee
SHA256 a2ec254b0ccf0ac83d1637415e5170b1ff148705a3e71d443b62bec14a98dbd7
SHA512 c58c725ac3e9af40e41cf3f1600564b6b8646615a0bb15edb044e52a6ab5301593b3f1e6c4a2a9b70a1752fe52bc47b53abb31249b07b1abcd63cbd6a31ee709

\Windows\system\cWcFMyD.exe

MD5 5cee9a5d8d62625c093e1fe5ef3a2e7d
SHA1 35ca6baee2d3881735400a6e2124bb2ecc09f14e
SHA256 b9c9c5a5725ba2e3bd413f88520ff68b6f2a4ac3cbe0053190d002ee07137a68
SHA512 d2f98edb68931a2c770d6151fef14f74eb0665c342a2c34284777513297fe4d36cb8a407beba286f73dd741256f42c997666520672db8588ad7f76463fb33d5c

memory/2100-91-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2356-96-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2068-95-0x000000013FC30000-0x000000013FF84000-memory.dmp

\Windows\system\dxjxMih.exe

MD5 eae824b2cf9d79370e37ef6ec72b0784
SHA1 85dc9e26f9f4599b4b85300ae73633a81cd7d37c
SHA256 4eeb3d635f90832dac6fd3ac814578940f7006111ca4c2087f17ac9937a6cb7d
SHA512 63db86491afaef13923d4efb7cec2029690b717206a96c25acf9401c193689dd3822408e1a67bb595a7e7453120bb2ae8374c329c7cd79d5d07ceb26a75033df

\Windows\system\wTClCli.exe

MD5 47acac8987ca0b089eb166932bf37fe4
SHA1 9e19982c1ccb3f22f2d8653e1fc9476711655c26
SHA256 77766a70b5eebf3d0d058dd7bb035242b278acdeeeda1d847148bb291b4e28d7
SHA512 71aec92ac094b447fce6983a118fec4371176d0782209e81aa363773b87512859bea0a188fd97bc7e717578d5358710d79746fa71157f84948fc771b9b9c0f28

C:\Windows\system\qAjgfTM.exe

MD5 737728d0a48194a391a5831500fe388d
SHA1 be05311186a1db52e76141b0aaa08855ff6f8e59
SHA256 ef3398d574511d198fd2616578e4ef43c87ceece5fa4bdf4f6481fda96c72a49
SHA512 e5cc36a8c8acf2a72f52d08d106604b577078687b7fb22837b3e009967b4a3f2a0c5396747d1eefa4307390383da2b91d849fc20a78c0234fdfadcc5b081f27f

C:\Windows\system\lkoJhrX.exe

MD5 3839d5dd2a8fbbc331d762a66742bdd2
SHA1 042ac23035a8d7d77e1b3733a8cc356c9d013297
SHA256 18898a3021bd727f69764e93a5b530eeabb9658569bd29e7645c4442e7df41ad
SHA512 a6ff4843ee139819494ca87eec04e03951a3ac161896ff5f33ecd9b37163b008c6dd62d3665f2e109016480fcebce5eddba30ec2deb56034540f70b175437baf

C:\Windows\system\snnhFIK.exe

MD5 ec401b7a597bd03471bf86acb6b5077d
SHA1 d61a9b43adaac2445d0fc48744953c9adf980ba6
SHA256 8cad021f416ef91b0d20eb79afe57055b2428625e87079b2731221e54b64844d
SHA512 8b52ed3f30973e5d8e2430bd51ebe3e3060e4a1fc0bd345c6c937c4dcb901fe0ea12d782c647556ef069ed53e2fa1036b7b0eeb0349517bdde70968415a14016

C:\Windows\system\JsHerrv.exe

MD5 54c130946ce8ebd69e6abca5f1502836
SHA1 abdc655fa63cca10041a84b80c0ac6c9120af8a1
SHA256 341b3621a67c6c5a678d9081fe0b51a6faad4383b980d010bb38b4290e06471b
SHA512 8ca6347b3343135e41f72081a28a372f500366da19448a111a7b1a6167f0a6d15bc86fb368e91ab6bbac5e97b2ce270728923ad8fecf1091f988a2bb35286bbe

C:\Windows\system\pyqOCit.exe

MD5 1975c5116e5e82de246e458f2ed3014b
SHA1 0347c64e559eda19561e51871b2951beff085f06
SHA256 48da5fc6b8f78678ff6a90a93f2b395f83b8610471904b7ed6ff5da845a8c8c4
SHA512 4ba49054b8315a14fd1b143b35e3ba3f5f087960f764e8497187029cfb6c848ea1ffb07fdb027f2161a9824c8bc6c64ee2a168a3fbb0d635ffd081c27aec1d97

memory/2516-103-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2068-83-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2068-76-0x000000013FA70000-0x000000013FDC4000-memory.dmp

C:\Windows\system\dRgoUBW.exe

MD5 cac043039641c8ddebfc64cd4a4ceb27
SHA1 793694bd0f377879765ef35b2569a3eb3bed1db4
SHA256 ac930dace662e27bce39de25badd96eeecc0c43a2b10476998f10b10325c7e23
SHA512 ee4a74f51ad5a11d0eec2e32aa61106dea4e956a1d0d3a2af431fc23dc59135ade9ce2e171c0632ce25008310ece8ec8e2d1b2e45887fc6456f3eee15bb1f6e1

memory/2068-70-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2552-64-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2384-136-0x000000013FF00000-0x0000000140254000-memory.dmp

C:\Windows\system\xHSYjcu.exe

MD5 b288cd3d051cfefabb3cc65752ce4cb2
SHA1 5957ab6fffd39c388a7caa3b7c0cbf08e33536a1
SHA256 e5c48daa13b2d346402dd600af8493cb604ae95ffd50b53d8adc05ecdbbeb4f7
SHA512 97b6cc48d67eb84129a5a0e37e7d1cc3952af53885a7032eb3eb01f4f6093e155dbabeceb6efd6054719144a529bdc0d041a61ef4b83d6c4bc8f8ecbfd457147

memory/2068-54-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1116-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2592-45-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2644-137-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2552-139-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2068-138-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2068-140-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2608-141-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2068-142-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2396-143-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2068-144-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2816-145-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2068-146-0x00000000023F0000-0x0000000002744000-memory.dmp

memory/2100-147-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2068-148-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2356-149-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2068-150-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/1116-151-0x000000013F7D0000-0x000000013FB24000-memory.dmp

memory/2060-152-0x000000013F470000-0x000000013F7C4000-memory.dmp

memory/1068-153-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/2656-154-0x000000013FEC0000-0x0000000140214000-memory.dmp

memory/2592-155-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2516-156-0x000000013F550000-0x000000013F8A4000-memory.dmp

memory/2384-157-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2552-158-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2608-159-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2396-160-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2816-161-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2356-162-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2100-163-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2644-164-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 03:13

Reported

2024-05-30 03:16

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\82dce0006c45aa6b2c4da413eaea2596_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp

Files

memory/3328-0-0x00007FF62B9F0000-0x00007FF62BD44000-memory.dmp