Analysis Overview
SHA256
decfaa83bf2eb9afe57a09da2d3142512a543708214608fdd19bdb7e17051a7c
Threat Level: Shows suspicious behavior
The file 11bc744801b516d0b84fba5850ec8789_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Unexpected DNS network traffic destination
VMProtect packed file
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 10:48
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 10:48
Reported
2024-06-26 10:50
Platform
win7-20240419-en
Max time kernel
134s
Max time network
121s
Command Line
Signatures
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 199.249.18.1 | N/A | N/A |
| Destination IP | 208.247.100.30 | N/A | N/A |
| Destination IP | 129.253.170.2 | N/A | N/A |
| Destination IP | 192.146.1.42 | N/A | N/A |
| Destination IP | 199.230.128.23 | N/A | N/A |
| Destination IP | 198.89.159.240 | N/A | N/A |
| Destination IP | 216.52.161.1 | N/A | N/A |
| Destination IP | 131.151.1.7 | N/A | N/A |
| Destination IP | 198.180.132.26 | N/A | N/A |
| Destination IP | 64.102.255.44 | N/A | N/A |
| Destination IP | 216.107.140.4 | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 207.97.249.212:443 | tcp | |
| US | 65.160.234.93:443 | tcp | |
| US | 209.34.241.68:443 | tcp | |
| US | 160.129.50.189:443 | tcp | |
| US | 209.34.241.68:443 | tcp | |
| CN | 219.143.245.186:443 | tcp | |
| US | 63.245.209.72:443 | tcp | |
| SI | 212.103.159.13:443 | tcp | |
| US | 74.125.19.48:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| US | 207.105.75.196:443 | tcp | |
| US | 167.102.245.61:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| US | 74.125.19.48:443 | tcp | |
| US | 205.188.99.125:443 | tcp | |
| UA | 91.192.128.34:443 | tcp | |
| US | 192.88.209.56:443 | tcp | |
| US | 208.43.120.235:443 | tcp | |
| JP | 210.171.0.140:443 | tcp | |
| US | 205.130.212.1:443 | tcp | |
| US | 157.150.195.69:443 | tcp | |
| US | 64.236.108.247:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| US | 63.245.209.31:443 | tcp | |
| CN | 219.142.79.192:443 | tcp | |
| RU | 81.177.31.150:443 | tcp | |
| CN | 159.226.244.14:443 | tcp | |
| US | 128.123.18.17:443 | tcp | |
| US | 131.107.115.156:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| TW | 210.59.144.3:443 | tcp | |
| US | 128.101.65.204:443 | tcp | |
| US | 131.107.115.156:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| US | 198.180.132.26:53 | bunq.fyrezbav.armstrongteasdale.info | udp |
| US | 199.249.18.1:53 | bunq.fyrezbav.thoumann.info | udp |
| US | 198.89.159.240:53 | sendspace.com | udp |
| US | 208.247.100.30:53 | nmjv.bduaxqtb.medicare.info | udp |
| US | 192.146.1.42:53 | nmjv.bduaxqtb.rcraou44.info | udp |
| US | 131.151.1.7:53 | blogger.com | udp |
| US | 216.107.140.4:53 | lbbu.bwbvavcc.chevron.info | udp |
| US | 64.102.255.44:53 | lbbu.bwbvavcc.urnccsh.info | udp |
| US | 216.52.161.1:53 | demonoid.com | udp |
| US | 199.230.128.23:53 | habo.tuqxxzfa.fmc.info | udp |
| US | 129.253.170.2:53 | habo.tuqxxzfa.xmhs.info | udp |
| CA | 216.13.113.51:443 | tcp | |
| US | 140.247.35.75:443 | tcp | |
| US | 209.85.171.115:443 | tcp | |
| CN | 202.99.22.24:443 | tcp | |
| US | 209.51.169.94:443 | tcp | |
| TW | 210.71.212.9:443 | tcp | |
| US | 170.135.216.32:443 | tcp | |
| LU | 158.64.90.9:443 | tcp | |
| CA | 216.13.113.51:443 | tcp | |
| US | 128.6.76.208:443 | tcp | |
| US | 207.105.75.196:443 | tcp | |
| US | 167.102.245.62:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 66.218.82.68:443 | tcp | |
| DE | 88.198.124.202:443 | tcp | |
| CN | 61.233.14.206:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| GB | 213.123.26.22:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IN | 203.27.235.60:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| DE | 88.198.124.202:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.85.171.115:443 | tcp | |
| US | 66.45.71.91:443 | tcp | |
| US | 170.135.216.62:443 | tcp | |
| US | 206.200.251.109:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| CA | 192.228.29.9:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| US | 165.189.61.247:443 | tcp | |
| US | 207.97.249.212:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| RU | 81.177.31.150:443 | tcp | |
| US | 167.102.245.61:443 | tcp | |
| GB | 213.123.26.22:443 | tcp | |
| US | 66.218.82.68:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| CN | 61.233.14.206:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| US | 8.8.8.8:53 | docs.google.com | udp |
| DE | 88.198.124.202:443 | tcp | |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| US | 12.153.224.80:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| DE | 88.198.124.202:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| IN | 203.27.235.60:443 | tcp | |
| US | 66.218.82.68:443 | tcp | |
| GB | 213.123.26.22:443 | tcp | |
| CN | 61.233.14.206:443 | tcp | |
| US | 130.191.143.18:443 | tcp | |
| US | 208.236.105.4:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| DK | 193.88.6.14:443 | tcp | |
| CN | 58.251.63.182:443 | tcp | |
| US | 216.226.191.109:443 | tcp | |
| US | 207.188.24.140:443 | tcp | |
| US | 216.236.237.6:443 | tcp | |
| US | 63.245.209.10:443 | tcp | |
| US | 64.209.235.176:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| GR | 195.134.100.120:443 | tcp | |
| US | 24.6.170.102:443 | tcp | |
| US | 165.112.6.76:443 | tcp | |
| US | 24.118.80.73:443 | tcp | |
| US | 167.21.84.13:443 | tcp | |
| US | 68.197.191.197:443 | tcp | |
| US | 167.181.31.85:443 | tcp | |
| KR | 61.76.129.198:443 | tcp | |
| US | 158.96.54.7:443 | tcp | |
| KR | 59.21.199.50:443 | tcp | |
| CN | 159.226.244.14:443 | tcp | |
| KR | 58.225.23.143:443 | tcp | |
| US | 208.43.120.235:443 | tcp | |
| US | 24.6.170.102:443 | tcp | |
| KR | 58.225.23.143:443 | tcp | |
| KR | 58.225.23.143:443 | tcp | |
| US | 66.218.82.68:443 | tcp | |
| GB | 213.123.26.22:443 | tcp | |
| CN | 61.233.14.206:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 66.0.115.164:443 | tcp | |
| BE | 193.41.233.200:443 | tcp | |
| US | 170.135.216.62:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| US | 128.6.76.208:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 65.182.181.181:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 165.189.61.247:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| SG | 202.161.41.239:443 | tcp | |
| CA | 216.13.113.51:443 | tcp | |
| US | 64.209.235.176:443 | tcp | |
| US | 209.34.241.68:443 | tcp | |
| US | 161.226.4.114:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| US | 209.234.66.215:443 | tcp | |
| US | 209.85.171.115:443 | tcp | |
| US | 158.229.251.10:443 | tcp | |
| US | 159.53.64.54:443 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| US | 165.112.6.76:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp |
Files
memory/1996-0-0x0000000000400000-0x00000000004E2000-memory.dmp
memory/1996-1-0x0000000000400000-0x00000000004E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab7023.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar7110.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
memory/1996-33-0x0000000000400000-0x00000000004E2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 372d611631a12050a15bf4908675c879 |
| SHA1 | e3a8ae5a22de22ff6cfc8489fab2fa144735ddec |
| SHA256 | 36cbaea4f31825f30daecd90a178b56d76d5c12256ce3a3e00730fa8932b2a96 |
| SHA512 | ab7d33ced93f80a0bb2dd679fdae03f2f2eea5a3286745a0f1a519a80734cdb8118c92847a03a3aef9ca98ef5f31fbb5e9f53df8b8ebe59a957d7bd714381b63 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-26 10:48
Reported
2024-06-26 10:50
Platform
win10v2004-20240611-en
Max time kernel
135s
Max time network
140s
Command Line
Signatures
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 199.249.18.1 | N/A | N/A |
| Destination IP | 161.150.197.252 | N/A | N/A |
| Destination IP | 192.128.167.77 | N/A | N/A |
| Destination IP | 128.253.180.2 | N/A | N/A |
| Destination IP | 216.52.97.33 | N/A | N/A |
| Destination IP | 161.150.129.252 | N/A | N/A |
| Destination IP | 192.35.82.50 | N/A | N/A |
| Destination IP | 130.160.4.114 | N/A | N/A |
| Destination IP | 208.255.120.35 | N/A | N/A |
| Destination IP | 165.254.12.151 | N/A | N/A |
| Destination IP | 209.154.198.86 | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 209.85.171.115:443 | tcp | |
| US | 149.168.111.6:443 | tcp | |
| JP | 59.106.108.86:443 | tcp | |
| US | 167.21.84.13:443 | tcp | |
| US | 205.130.212.1:443 | tcp | |
| CN | 202.152.186.68:443 | tcp | |
| NL | 85.17.138.4:443 | tcp | |
| US | 192.189.112.158:443 | tcp | |
| US | 164.154.226.26:443 | tcp | |
| US | 167.21.84.22:443 | tcp | |
| US | 74.125.19.112:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| US | 170.135.216.62:443 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 216.52.97.33:53 | ebcm.axczvrwx.dlapiper.info | udp |
| US | 130.160.4.114:53 | ebcm.axczvrwx.secrch.info | udp |
| US | 208.255.120.35:53 | 6rbtop.com | udp |
| US | 161.150.197.252:53 | xrrz.ywyvabfs.lawyers.info | udp |
| US | 209.154.198.86:53 | xrrz.ywyvabfs.zczo.info | udp |
| US | 192.35.82.50:53 | deviantart.com | udp |
| US | 161.150.129.252:53 | wjyh.zyrxcwsw.disney.info | udp |
| US | 165.254.12.151:53 | wjyh.zyrxcwsw.ssch4f.info | udp |
| US | 128.253.180.2:53 | badongo.com | udp |
| US | 199.249.18.1:53 | zctb.xwadsvts.dupont.info | udp |
| US | 192.128.167.77:53 | zctb.xwadsvts.regnun.info | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 6.111.168.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.84.21.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.112.189.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.97.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.4.160.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.197.150.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.120.255.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.82.35.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.198.154.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.12.254.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.129.150.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.253.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.18.249.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.167.128.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 205.130.212.1:443 | tcp | |
| SI | 212.103.159.13:443 | tcp | |
| US | 208.43.120.235:443 | tcp | |
| CN | 221.231.141.46:443 | tcp | |
| US | 64.34.180.105:443 | tcp | |
| US | 64.236.108.247:443 | tcp | |
| MY | 202.162.28.23:443 | tcp | |
| US | 137.187.67.134:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| US | 168.166.73.14:443 | tcp | |
| US | 209.85.171.115:443 | tcp | |
| JP | 59.106.108.86:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 192.86.252.227:443 | tcp | |
| US | 74.125.19.44:443 | tcp | |
| UA | 91.192.128.34:443 | tcp | |
| US | 130.191.143.18:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| US | 207.188.24.140:443 | tcp | |
| US | 216.226.191.109:443 | tcp | |
| US | 207.188.24.140:443 | tcp | |
| US | 216.231.208.62:443 | tcp | |
| US | 216.134.197.184:443 | tcp | |
| US | 206.200.251.109:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| US | 198.239.146.19:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| US | 165.189.61.247:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| US | 167.21.84.13:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| US | 38.144.194.3:443 | tcp | |
| CA | 207.35.11.17:443 | tcp | |
| TW | 210.71.212.9:443 | tcp | |
| US | 74.125.19.44:443 | tcp | |
| US | 204.200.195.130:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| CN | 219.142.89.142:443 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| TW | 61.219.223.187:443 | tcp | |
| US | 140.247.35.75:443 | tcp | |
| US | 208.236.105.4:443 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.146.239.198.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| SG | 203.127.2.21:443 | tcp | |
| US | 170.135.216.32:443 | tcp | |
| CN | 219.143.245.186:443 | tcp | |
| US | 192.88.209.56:443 | tcp | |
| CN | 58.251.63.182:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| US | 38.144.194.3:443 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| CN | 221.231.141.46:443 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| NZ | 138.235.42.3:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| GB | 212.140.245.12:443 | tcp | |
| US | 207.105.75.196:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 155.247.80.132:443 | tcp | |
| US | 209.51.169.94:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| US | 164.106.10.145:443 | tcp | |
| RU | 81.177.31.150:443 | tcp | |
| US | 65.160.234.93:443 | tcp | |
| US | 137.187.66.224:443 | tcp | |
| TW | 210.71.212.9:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| US | 72.172.235.12:443 | tcp | |
| NL | 85.17.138.4:443 | tcp | |
| US | 192.175.191.35:443 | tcp | |
| CN | 58.251.63.182:443 | tcp | |
| US | 64.34.180.105:443 | tcp | |
| US | 64.209.235.176:443 | tcp | |
| US | 65.160.234.93:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| US | 208.43.120.235:443 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| CA | 207.35.11.17:443 | tcp | |
| SG | 202.161.41.239:443 | tcp | |
| US | 63.245.209.72:443 | tcp | |
| US | 38.144.194.3:443 | tcp | |
| CA | 207.35.11.17:443 | tcp | |
| CN | 219.142.79.192:443 | tcp | |
| US | 207.97.249.212:443 | tcp | |
| CN | 211.157.28.135:443 | tcp | |
| US | 64.34.180.105:443 | tcp | |
| SG | 202.161.41.239:443 | tcp | |
| US | 130.191.143.18:443 | tcp | |
| TW | 210.59.144.3:443 | tcp | |
| UA | 91.192.128.34:443 | tcp | |
| MY | 202.162.28.23:443 | tcp | |
| US | 192.88.209.56:443 | tcp | |
| TW | 210.71.212.9:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| US | 156.80.1.107:443 | tcp | |
| DE | 80.83.114.72:443 | tcp | |
| US | 170.135.216.62:443 | tcp | |
| US | 165.189.61.247:443 | tcp | |
| US | 137.187.67.134:443 | tcp | |
| US | 64.236.108.247:443 | tcp | |
| US | 155.247.80.132:443 | tcp | |
| US | 130.191.143.18:443 | tcp | |
| CN | 202.99.22.24:443 | tcp | |
| US | 170.135.216.32:443 | tcp | |
| US | 165.112.6.76:443 | tcp | |
| CA | 64.34.52.146:443 | tcp | |
| JP | 203.174.79.74:443 | tcp | |
| NL | 85.17.138.4:443 | tcp | |
| CN | 218.80.229.139:443 | tcp | |
| US | 192.86.252.227:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 208.43.120.235:443 | tcp | |
| US | 170.135.216.32:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 137.187.66.224:443 | tcp | |
| AU | 203.202.41.117:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| CN | 219.143.245.186:443 | tcp | |
| US | 128.123.18.17:443 | tcp | |
| US | 216.134.197.184:443 | tcp | |
| US | 12.164.227.33:443 | tcp | |
| US | 170.135.216.62:443 | tcp | |
| US | 209.51.169.94:443 | tcp | |
| US | 207.97.249.212:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| CN | 202.152.180.228:443 | tcp | |
| TW | 61.219.223.187:443 | tcp | |
| US | 208.236.105.4:443 | tcp | |
| US | 168.215.152.65:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| US | 140.247.35.75:443 | tcp | |
| CN | 219.142.89.142:443 | tcp | |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | 80.224.153.12.in-addr.arpa | udp |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| NL | 85.17.138.4:443 | tcp | |
| US | 140.211.11.140:443 | tcp | |
| US | 64.209.235.176:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| US | 207.105.75.196:443 | tcp | |
| CN | 116.228.10.116:443 | tcp | |
| US | 204.65.38.32:443 | tcp | |
| US | 128.231.86.79:443 | tcp | |
| US | 209.51.169.94:443 | tcp | |
| US | 74.125.19.44:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| CN | 202.152.186.68:443 | tcp | |
| NL | 85.17.138.4:443 | tcp | |
| CN | 61.233.14.206:443 | tcp | |
| GB | 91.189.90.244:443 | tcp | |
| US | 155.247.80.132:443 | tcp | |
| UA | 91.192.128.34:443 | tcp | |
| US | 204.16.104.198:443 | tcp | |
| US | 128.231.86.79:443 | tcp | |
| US | 137.187.67.134:443 | tcp | |
| US | 66.0.115.164:443 | tcp | |
| CN | 159.226.244.14:443 | tcp | |
| US | 137.187.66.224:443 | tcp | |
| CN | 219.143.224.189:443 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| N/A | 127.0.0.1:9666 | tcp | |
| US | 207.188.24.140:443 | tcp | |
| US | 72.172.235.12:443 | tcp | |
| GB | 212.140.245.12:443 | tcp | |
| CN | 58.251.63.182:443 | tcp | |
| RU | 81.177.31.150:443 | tcp | |
| US | 155.247.80.132:443 | tcp | |
| US | 207.97.249.212:443 | tcp | |
| US | 156.80.1.107:443 | tcp | |
| US | 63.245.209.31:443 | tcp | |
| US | 209.51.169.94:443 | tcp | |
| US | 64.236.108.247:443 | tcp | |
| US | 12.153.224.80:443 | tcp | |
| US | 98.245.118.24:443 | tcp | |
| KR | 211.36.163.226:443 | tcp | |
| US | 12.164.227.33:443 | tcp | |
| US | 155.247.80.132:443 | tcp | |
| US | 66.45.71.42:443 | tcp | |
| US | 24.5.13.160:443 | tcp | |
| US | 24.215.163.89:443 | tcp | |
| US | 199.67.185.130:443 | tcp | |
| KR | 203.223.106.190:443 | tcp | |
| US | 198.93.34.158:443 | tcp | |
| TW | 118.161.240.231:443 | tcp | |
| US | 209.221.141.69:443 | tcp |
Files
memory/1556-0-0x0000000000400000-0x00000000004E2000-memory.dmp
memory/1556-1-0x0000000000400000-0x00000000004E2000-memory.dmp
memory/1556-5-0x0000000000400000-0x00000000004E2000-memory.dmp