Malware Analysis Report

2024-10-23 20:38

Sample ID 240627-vejpqs1ake
Target 16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118
SHA256 fb6ab05f0ce679d352c6d0b63a14bf9b54d5c132074b139912c923e0aa00b61a
Tags
darkcomet rat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb6ab05f0ce679d352c6d0b63a14bf9b54d5c132074b139912c923e0aa00b61a

Threat Level: Known bad

The file 16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

darkcomet rat trojan upx

Darkcomet

UPX packed file

Suspicious use of SetThreadContext

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 16:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 16:54

Reported

2024-06-27 16:56

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 3068 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2100 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2100-2-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-3-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-4-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-5-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-6-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/2100-7-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/3056-8-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2100-11-0x0000000000400000-0x00000000004D7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 16:54

Reported

2024-06-27 16:56

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 5024 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe
PID 1764 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Windows\explorer.exe
PID 1764 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe C:\Windows\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\16c33d3731bb6fd44145e2a3f73c22d7_JaffaCakes118.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp
US 8.8.8.8:53 th5tuananh.no-ip.org udp

Files

memory/1764-2-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-3-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-6-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-5-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-7-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-8-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-10-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-11-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-9-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-12-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-13-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-14-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-15-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-16-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-17-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-18-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-19-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-20-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-21-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-22-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-23-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-24-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-25-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-26-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-27-0x0000000000400000-0x00000000004D7000-memory.dmp

memory/1764-28-0x0000000000400000-0x00000000004D7000-memory.dmp