Analysis Overview
SHA256
a23f28cc3a6e1718908506e8106d74649fee66776ba9c9a1d111e1fbc700fe2a
Threat Level: Likely malicious
The file 54d303b283679409adb0d34f34573b60_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (950) files with added filename extension
Renames multiple (443) files with added filename extension
Deletes itself
Checks computer location settings
Reads user/profile data of web browsers
Indicator Removal: File Deletion
UPX packed file
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-18 01:51
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 01:51
Reported
2024-10-18 01:53
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Renames multiple (950) files with added filename extension
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Reads user/profile data of web browsers
Indicator Removal: File Deletion
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" C:\Users\Admin\Desktop\README_ASAP.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\54D303~1.EXE" >> NUL
Network
Files
memory/2364-0-0x0000000000400000-0x0000000000479000-memory.dmp
memory/2364-1526-0x0000000000400000-0x0000000000479000-memory.dmp
memory/2364-1525-0x0000000000400000-0x0000000000479000-memory.dmp
memory/2364-2296-0x0000000000400000-0x0000000000479000-memory.dmp
C:\Users\Admin\Desktop\README_ASAP.txt
| MD5 | a0bca63c8ba75cf1b7a30d0b171f474f |
| SHA1 | af8a8153d52ee5d471e7f69b2245683b441b7b7d |
| SHA256 | fdac2db3a1b1d199162e8768be32cc0c9e7161556b840c24c7e1928ac3f3f531 |
| SHA512 | 0d68622772132d80fda645fa7cbd45eed8cd5f876da359f4aa735c56adfca949f7b77843301d8f6da26e89ade67daa3341f2edf0d0bcde08599a362b1abdc002 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 01:51
Reported
2024-10-18 01:53
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Renames multiple (443) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Indicator Removal: File Deletion
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre-1.8\LICENSE | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Analytics.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64 | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\COPYRIGHT.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Content | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\README.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64 | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\server\Xusage.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Analytics | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64 | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sl.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\yo.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\release | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ka.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ps.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\uk.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\zh-tw.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\Content | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\mk.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\README.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\CompatExceptions.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\NOTICE.TXT | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ku-ckb.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sr-spc.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\el.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ja.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ro.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125 | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\ba.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\nb.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\br.txx | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3848 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\notepad.exe |
| PID 3848 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\notepad.exe |
| PID 3848 wrote to memory of 1584 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\notepad.exe |
| PID 3848 wrote to memory of 2572 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 3848 wrote to memory of 2572 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 3848 wrote to memory of 2572 | N/A | C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe | C:\Windows\SysWOW64\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\54d303b283679409adb0d34f34573b60_JaffaCakes118.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" C:\Users\Admin\Desktop\README_ASAP.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\54D303~1.EXE" >> NUL
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3848-0-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3848-667-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3848-668-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3848-1395-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3848-1433-0x0000000000400000-0x0000000000479000-memory.dmp
C:\Users\Admin\Desktop\README_ASAP.txt
| MD5 | a0bca63c8ba75cf1b7a30d0b171f474f |
| SHA1 | af8a8153d52ee5d471e7f69b2245683b441b7b7d |
| SHA256 | fdac2db3a1b1d199162e8768be32cc0c9e7161556b840c24c7e1928ac3f3f531 |
| SHA512 | 0d68622772132d80fda645fa7cbd45eed8cd5f876da359f4aa735c56adfca949f7b77843301d8f6da26e89ade67daa3341f2edf0d0bcde08599a362b1abdc002 |