Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-nsymgsed6v
Target 980b5b921b49df6d4117a226a9e72c46_JaffaCakes118
SHA256 2fe3936e998babe468d375637d1400b6d23bdc5069165336c36673537fd2edf5
Tags
evasion agenttesla collection keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2fe3936e998babe468d375637d1400b6d23bdc5069165336c36673537fd2edf5

Threat Level: Known bad

The file 980b5b921b49df6d4117a226a9e72c46_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

evasion agenttesla collection keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Reads user/profile data of local email clients

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Checks computer location settings

Accesses Microsoft Outlook profiles

Maps connected drives based on registry

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

outlook_office_path

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

outlook_win_path

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 11:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 11:40

Reported

2024-06-05 11:42

Platform

win7-20240215-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1568 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1568 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1568 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1568 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1568 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1568 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QwWYJconqIwjAU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp906.tmp"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

Network

N/A

Files

memory/1568-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

memory/1568-1-0x00000000003A0000-0x00000000004BA000-memory.dmp

memory/1568-2-0x00000000744B0000-0x0000000074B9E000-memory.dmp

memory/1568-3-0x00000000004E0000-0x00000000004F8000-memory.dmp

memory/1568-4-0x00000000744BE000-0x00000000744BF000-memory.dmp

memory/1568-5-0x00000000744B0000-0x0000000074B9E000-memory.dmp

memory/1568-6-0x0000000004600000-0x000000000464E000-memory.dmp

memory/1568-7-0x0000000000870000-0x0000000000876000-memory.dmp

memory/1568-8-0x0000000002110000-0x000000000214A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp906.tmp

MD5 37ba679f207c8454c730d5887784c309
SHA1 af1c2056c8db23240751668c369401ffe6875161
SHA256 bdd8dc6d3749820541416adf70e2d3cd47a68dd4ef6e6ea578f0b092e7191a2b
SHA512 5387e1ce574160f22be14d87cb5ba0f60d25453473a66deeb26a91498e3f4b639743fbce7bd9968c06093624511ad324da649d2b637eb3fd7c87b90d45dced69

memory/1568-14-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 11:40

Reported

2024-06-05 11:42

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1660 set thread context of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1660 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Windows\SysWOW64\schtasks.exe
PID 1660 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe
PID 1660 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QwWYJconqIwjAU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp44C4.tmp"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe

"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
BE 2.17.107.123:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 123.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/1660-0-0x000000007440E000-0x000000007440F000-memory.dmp

memory/1660-1-0x0000000000C80000-0x0000000000D9A000-memory.dmp

memory/1660-2-0x0000000005710000-0x00000000057AC000-memory.dmp

memory/1660-3-0x0000000005DC0000-0x0000000006364000-memory.dmp

memory/1660-4-0x00000000058B0000-0x0000000005942000-memory.dmp

memory/1660-5-0x0000000005830000-0x000000000583A000-memory.dmp

memory/1660-6-0x0000000005950000-0x00000000059A6000-memory.dmp

memory/1660-7-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/1660-8-0x0000000005850000-0x0000000005868000-memory.dmp

memory/1660-9-0x000000007440E000-0x000000007440F000-memory.dmp

memory/1660-10-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/1660-11-0x00000000067F0000-0x000000000683E000-memory.dmp

memory/1660-12-0x0000000006850000-0x0000000006856000-memory.dmp

memory/1660-13-0x0000000006860000-0x000000000689A000-memory.dmp

memory/1660-14-0x00000000014A0000-0x0000000001506000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp44C4.tmp

MD5 98380ade3667b70a7bd9c7262a896bb5
SHA1 1fba8ac06d9feac17e247c2c45619c89ded37055
SHA256 24a72f5a7a49d1de8045a8b9f0da423d45586b251006c668e733268c016dfc76
SHA512 901362efb201cf4ddeb0c82ba85c5b1815e9ec2293bb1c0dc66c7ff7d2a1b7248af393ced16bee8e25e82cc3a0084f5a6cba1ce9bcca9efd89b25b9682dfbc1c

memory/2488-20-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MAJES-2020-185 SPEED MEASURING UNIT.exe.log

MD5 5200da2e50f24d5d543c3f10674acdcb
SHA1 b574a3336839882d799c0a7f635ea238efb934ee
SHA256 d2d81c1c9d35bc66149beaa77029bee68664d8512fc1efe373180bab77d61026
SHA512 24722a7de3250a6027a411c8b79d0720554c4efd59553f54b94ab77dc21efbf3191e0912901db475f08a6e9c1855d9e9594504d80d27300097418f4384a9d9cb

memory/2488-23-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/1660-24-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/2488-25-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/2488-26-0x00000000059F0000-0x0000000005A08000-memory.dmp

memory/2488-27-0x00000000069A0000-0x00000000069F0000-memory.dmp

memory/2488-28-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/2488-29-0x0000000074400000-0x0000000074BB0000-memory.dmp

memory/2488-30-0x0000000074400000-0x0000000074BB0000-memory.dmp