Malware Analysis Report

2024-09-22 23:28

Sample ID 240616-jl755ayhrl
Target b267a08d8e8549d97a43a812795c6574_JaffaCakes118
SHA256 3f958042bb23e821df3e9a3a95c6fc27be6655d1bd89e2c4bb859aecd92c6ae5
Tags
emotet epoch2 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f958042bb23e821df3e9a3a95c6fc27be6655d1bd89e2c4bb859aecd92c6ae5

Threat Level: Known bad

The file b267a08d8e8549d97a43a812795c6574_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

emotet epoch2 banker trojan

Emotet

Emotet payload

Executes dropped EXE

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: RenamesItself

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-16 07:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 07:46

Reported

2024-06-17 04:53

Platform

win7-20240611-en

Max time kernel

1798s

Max time network

1800s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe"

Signatures

Emotet

trojan banker emotet

Emotet payload

trojan banker
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A
N/A N/A C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe"

C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe

"C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe"

Network

Country Destination Domain Proto
US 24.43.32.186:80 tcp
US 24.43.32.186:80 tcp
US 38.111.46.46:8080 tcp
US 38.111.46.46:8080 tcp
US 134.209.36.254:8080 tcp
US 134.209.36.254:8080 tcp
US 162.241.242.173:8080 tcp
US 162.241.242.173:8080 tcp
CA 74.120.55.163:80 tcp
CA 74.120.55.163:80 tcp
HK 61.92.17.12:80 tcp
HK 61.92.17.12:80 tcp
SG 219.74.18.66:443 tcp
SG 219.74.18.66:443 tcp
ZA 156.155.166.221:80 tcp
ZA 156.155.166.221:80 tcp
US 104.131.44.150:8080 tcp
US 104.131.44.150:8080 tcp
NL 37.139.21.175:8080 tcp
NL 37.139.21.175:8080 tcp
GB 94.1.108.190:443 tcp
GB 94.1.108.190:443 tcp
ZA 169.239.182.217:8080 tcp
ZA 169.239.182.217:8080 tcp
AU 220.245.198.194:80 tcp
AU 220.245.198.194:80 tcp
AU 139.99.158.11:443 tcp
AU 139.99.158.11:443 tcp
PL 91.211.88.52:7080 tcp
PL 91.211.88.52:7080 tcp
FR 62.75.141.82:80 tcp
FR 62.75.141.82:80 tcp
US 174.45.13.118:80 tcp
US 174.45.13.118:80 tcp
US 137.119.36.33:80 tcp
US 137.119.36.33:80 tcp
IT 188.219.31.12:80 tcp
IT 188.219.31.12:80 tcp
TH 103.86.49.11:8080 tcp
TH 103.86.49.11:8080 tcp
US 104.131.11.150:443 tcp
US 104.131.11.150:443 tcp
NP 124.41.215.226:80 tcp
NP 124.41.215.226:80 tcp
TR 78.187.156.31:80 tcp
TR 78.187.156.31:80 tcp
US 104.32.141.43:80 tcp
US 104.32.141.43:80 tcp
US 47.144.21.12:443 tcp
US 47.144.21.12:443 tcp
IT 93.147.212.206:80 tcp
IT 93.147.212.206:80 tcp
AR 200.123.150.89:443 tcp
AR 200.123.150.89:443 tcp
SG 121.7.127.163:80 tcp
SG 121.7.127.163:80 tcp
AR 200.114.213.233:8080 tcp
AR 200.114.213.233:8080 tcp
AE 94.200.114.161:80 tcp
AE 94.200.114.161:80 tcp
US 24.179.13.119:80 tcp
US 24.179.13.119:80 tcp
ES 84.39.182.7:80 tcp
ES 84.39.182.7:80 tcp
US 97.82.79.83:80 tcp
US 97.82.79.83:80 tcp
DE 87.106.136.232:8080 tcp
DE 87.106.136.232:8080 tcp
FR 5.196.74.210:8080 tcp
FR 5.196.74.210:8080 tcp
US 24.43.99.75:80 tcp
US 24.43.99.75:80 tcp
CH 213.196.135.145:80 tcp
CH 213.196.135.145:80 tcp
FR 94.23.237.171:443 tcp
FR 94.23.237.171:443 tcp
US 74.134.41.124:80 tcp
US 74.134.41.124:80 tcp
US 96.249.236.156:443 tcp
US 96.249.236.156:443 tcp
RU 95.213.236.64:8080 tcp
RU 95.213.236.64:8080 tcp
SG 137.59.187.107:8080 tcp
SG 137.59.187.107:8080 tcp
US 75.139.38.211:80 tcp
US 75.139.38.211:80 tcp

Files

memory/2872-0-0x0000000000240000-0x0000000000252000-memory.dmp

memory/2872-4-0x0000000000260000-0x0000000000270000-memory.dmp

memory/2872-7-0x0000000000230000-0x000000000023F000-memory.dmp

memory/2872-9-0x0000000000400000-0x0000000000451000-memory.dmp

C:\Windows\SysWOW64\dmdskmgr\winsockhc.exe

MD5 b267a08d8e8549d97a43a812795c6574
SHA1 2c08e0add27dfba945195f74d28918fd7b3d3818
SHA256 3f958042bb23e821df3e9a3a95c6fc27be6655d1bd89e2c4bb859aecd92c6ae5
SHA512 3fe6fb4d1a85e6c6518c07c2ff29ee7817ec7e96f8d269f6262485b3cf7a794aa4661e40231c65eb31b2ea18f8f6950260e81b22e3250bb5a955432b7607b9a8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 07:46

Reported

2024-06-17 04:54

Platform

win10v2004-20240226-en

Max time kernel

1794s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe"

Signatures

Emotet

trojan banker emotet

Emotet payload

trojan banker
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b267a08d8e8549d97a43a812795c6574_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3588 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 24.43.32.186:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 38.111.46.46:8080 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 134.209.36.254:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 162.241.242.173:8080 tcp
CA 74.120.55.163:80 tcp
HK 61.92.17.12:80 tcp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
SG 219.74.18.66:443 tcp
ZA 156.155.166.221:80 tcp
US 104.131.44.150:8080 tcp
NL 37.139.21.175:8080 tcp
GB 94.1.108.190:443 tcp
ZA 169.239.182.217:8080 tcp
AU 220.245.198.194:80 tcp
AU 139.99.158.11:443 tcp
PL 91.211.88.52:7080 tcp
FR 62.75.141.82:80 tcp
US 174.45.13.118:80 tcp
US 137.119.36.33:80 tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 163.233.34.23.in-addr.arpa udp
IT 188.219.31.12:80 tcp
US 8.8.8.8:53 153.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
TH 103.86.49.11:8080 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 142.250.185.74:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 74.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.15.31.184.in-addr.arpa udp
US 104.131.11.150:443 tcp
NP 124.41.215.226:80 tcp
TR 78.187.156.31:80 tcp
US 104.32.141.43:80 tcp
US 47.144.21.12:443 tcp
IT 93.147.212.206:80 tcp
AR 200.123.150.89:443 tcp
SG 121.7.127.163:80 tcp
AR 200.114.213.233:8080 tcp
AE 94.200.114.161:80 tcp
US 24.179.13.119:80 tcp
ES 84.39.182.7:80 tcp
US 97.82.79.83:80 tcp
DE 87.106.136.232:8080 tcp
FR 5.196.74.210:8080 tcp
US 24.43.99.75:80 tcp
CH 213.196.135.145:80 tcp
FR 94.23.237.171:443 tcp
US 74.134.41.124:80 tcp
US 96.249.236.156:443 tcp
RU 95.213.236.64:8080 tcp
SG 137.59.187.107:8080 tcp
US 75.139.38.211:80 tcp
FR 82.225.49.121:80 tcp
MV 123.176.25.234:80 tcp
BG 194.187.133.160:443 tcp
GB 62.30.7.67:443 tcp
SE 109.74.5.95:8080 tcp
UA 176.111.60.55:8080 tcp
CA 24.137.76.62:80 tcp
FR 37.187.72.193:8080 tcp
AU 110.145.77.103:80 tcp
JP 153.137.36.142:80 tcp
KR 1.221.254.82:80 tcp
ES 195.7.12.8:80 tcp
JP 110.5.16.198:80 tcp
DE 185.94.252.104:443 tcp
US 104.236.246.93:8080 tcp
RU 78.24.219.147:8080 tcp
ES 85.152.162.105:80 tcp
TR 85.105.205.77:8080 tcp
IN 139.59.60.244:8080 tcp
FR 79.137.83.50:443 tcp
US 50.91.114.38:80 tcp
US 172.91.208.86:80 tcp
US 74.219.172.26:80 tcp
DE 83.169.36.251:8080 tcp
JP 153.232.188.106:80 tcp
US 209.141.54.221:8080 tcp
US 168.235.67.138:7080 tcp
AU 139.130.242.43:80 tcp
KR 121.124.124.40:7080 tcp
RS 89.216.122.92:80 tcp
ID 203.153.216.189:7080 tcp
MX 187.161.206.24:80 tcp
IN 157.245.99.39:8080 tcp
GR 195.251.213.56:80 195.251.213.56 tcp
US 8.8.8.8:53 56.213.251.195.in-addr.arpa udp
US 71.72.196.159:80 tcp

Files

memory/3220-0-0x00000000021C0000-0x00000000021D2000-memory.dmp

memory/3220-4-0x00000000021E0000-0x00000000021F0000-memory.dmp

memory/3220-7-0x0000000000640000-0x000000000064F000-memory.dmp

memory/2024-9-0x0000014FCD780000-0x0000014FCD790000-memory.dmp

memory/2024-25-0x0000014FCD880000-0x0000014FCD890000-memory.dmp

memory/2024-41-0x0000014FD5BF0000-0x0000014FD5BF1000-memory.dmp

memory/2024-43-0x0000014FD5C20000-0x0000014FD5C21000-memory.dmp

memory/2024-45-0x0000014FD5D30000-0x0000014FD5D31000-memory.dmp

memory/2024-44-0x0000014FD5C20000-0x0000014FD5C21000-memory.dmp