Malware Analysis Report

2024-10-19 07:59

Sample ID 240627-erblws1gre
Target 14a134210ef95006548ae79b2105cd2b_JaffaCakes118
SHA256 ba035e9967f9b4caf497b256674aa0c99c600bd6dae65f01ab247702be741efd
Tags
darkcomet rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba035e9967f9b4caf497b256674aa0c99c600bd6dae65f01ab247702be741efd

Threat Level: Known bad

The file 14a134210ef95006548ae79b2105cd2b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

darkcomet rat trojan

Darkcomet

Suspicious use of SetThreadContext

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 04:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 04:09

Reported

2024-06-27 04:12

Platform

win7-20240419-en

Max time kernel

134s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 2440 wrote to memory of 1852 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 th5tuananh.no-ip.org udp

Files

memory/1852-0-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-2-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-7-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-18-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/2440-28-0x0000000000400000-0x0000000000506000-memory.dmp

memory/1852-25-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1852-21-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-14-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-24-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-4-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-11-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-30-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-31-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1852-29-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-33-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-34-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-32-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-35-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-36-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-37-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1852-38-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-39-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-40-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-41-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-42-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-43-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-44-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-45-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-46-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-47-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-48-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/1852-49-0x0000000000400000-0x00000000004CA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 04:09

Reported

2024-06-27 04:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe
PID 3684 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

Processes

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\14a134210ef95006548ae79b2105cd2b_JaffaCakes118.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp

Files

memory/4324-6-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-8-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-12-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/3684-11-0x0000000000400000-0x0000000000506000-memory.dmp

memory/4324-7-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-4-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-3-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-0-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-10-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-1-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-13-0x0000000002120000-0x0000000002121000-memory.dmp

memory/4324-14-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-15-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-16-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-17-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-18-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-19-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-20-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-21-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-22-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-23-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-24-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-25-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-26-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-27-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-28-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-29-0x0000000000400000-0x00000000004CA000-memory.dmp

memory/4324-30-0x0000000000400000-0x00000000004CA000-memory.dmp