Analysis Overview
SHA256
79325b550d8d499c64eb0ebefb98fd3f22201b4784a739d79ecd73ebaae8c45a
Threat Level: Known bad
The file d46ced619302d537e07481dfe8a1e7e1.bin was found to be: Known bad.
Malicious Activity Summary
STRRAT
Drops startup file
Loads dropped DLL
Adds Run key to start application
Looks up external IP address via web service
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-29 01:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-29 01:57
Reported
2023-06-29 02:00
Platform
win7-20230621-en
Max time kernel
155s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | repo1.maven.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
Files
memory/1092-63-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-70-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-78-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-87-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-93-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-98-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-101-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-103-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-107-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-109-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-113-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-121-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-128-0x0000000000420000-0x0000000000421000-memory.dmp
memory/1092-135-0x0000000000420000-0x0000000000421000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-06-29 01:57
Reported
2023-06-29 02:00
Platform
win10v2004-20230621-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
STRRAT
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar | C:\Program Files\Java\jre1.8.0_66\bin\java.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\java.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2177513644-1903222820-241662473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec = "\"C:\\Program Files\\Java\\jre1.8.0_66\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar\"" | C:\Program Files\Java\jre1.8.0_66\bin\java.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec = "\"C:\\Program Files\\Java\\jre1.8.0_66\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar\"" | C:\Program Files\Java\jre1.8.0_66\bin\java.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar
C:\Program Files\Java\jre1.8.0_66\bin\java.exe
"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar "C:\Users\Admin\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar"
C:\Windows\SYSTEM32\cmd.exe
cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar"
C:\Program Files\Java\jre1.8.0_66\bin\java.exe
"C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar"
C:\Windows\system32\schtasks.exe
schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list"
C:\Windows\System32\Wbem\WMIC.exe
wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repo1.maven.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 199.232.192.209:443 | repo1.maven.org | tcp |
| US | 140.82.114.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 209.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 52.168.117.170:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| GB | 96.16.110.41:443 | tcp | |
| US | 8.8.8.8:53 | microsoftmicrosoftmicrosoft.ydns.eu | udp |
| BG | 84.54.50.148:4545 | microsoftmicrosoftmicrosoft.ydns.eu | tcp |
| US | 8.8.8.8:53 | 148.50.54.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.74.101.95.in-addr.arpa | udp |
Files
memory/2972-143-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-152-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-178-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-183-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-185-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-198-0x0000000000C70000-0x0000000000C71000-memory.dmp
memory/2972-201-0x0000000000C70000-0x0000000000C71000-memory.dmp
C:\Users\Admin\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar
| MD5 | d46ced619302d537e07481dfe8a1e7e1 |
| SHA1 | 135311ed819821a8a5043a0141c192e7b121a459 |
| SHA256 | 4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec |
| SHA512 | e4a35e5868ab5d267165375093a929ed02fc00b1fa6d9ef6e922c2992347363727b4c3ec935cf0562a600bbb5d571033e1e849ed5c12fc87915e2c2f0e605911 |
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
| MD5 | 8bfc83b0e6e251307aacb5a6378d1a78 |
| SHA1 | be6e187a045d3497c7928adb0913ff17f37f3955 |
| SHA256 | 260515b3cd77e6fdeb1b4c1bb1233b24130a23f4d01c6e254e97c946c43b297d |
| SHA512 | a2e0b56706b8c9df128c5f83f0da880ee22e04aa972cc155ccad0218bce15cfedd1f017f47e4cf17d18c5710f1f7682751400da4512daa44fa2ae2b732dd8e2e |
C:\Users\Admin\lib\system-hook-3.5.jar
| MD5 | e1aa38a1e78a76a6de73efae136cdb3a |
| SHA1 | c463da71871f780b2e2e5dba115d43953b537daf |
| SHA256 | 2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609 |
| SHA512 | fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d |
C:\Users\Admin\lib\jna-platform-5.5.0.jar
| MD5 | 2f4a99c2758e72ee2b59a73586a2322f |
| SHA1 | af38e7c4d0fc73c23ecd785443705bfdee5b90bf |
| SHA256 | 24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5 |
| SHA512 | b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494 |
C:\Users\Admin\lib\jna-5.5.0.jar
| MD5 | acfb5b5fd9ee10bf69497792fd469f85 |
| SHA1 | 0e0845217c4907822403912ad6828d8e0b256208 |
| SHA256 | b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e |
| SHA512 | e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa |
C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar
| MD5 | b33387e15ab150a7bf560abdc73c3bec |
| SHA1 | 66b8075784131f578ef893fd7674273f709b9a4c |
| SHA256 | 2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491 |
| SHA512 | 25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279 |
memory/2500-224-0x0000000002B30000-0x0000000002B31000-memory.dmp
C:\Users\Admin\AppData\Roaming\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar
| MD5 | d46ced619302d537e07481dfe8a1e7e1 |
| SHA1 | 135311ed819821a8a5043a0141c192e7b121a459 |
| SHA256 | 4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec |
| SHA512 | e4a35e5868ab5d267165375093a929ed02fc00b1fa6d9ef6e922c2992347363727b4c3ec935cf0562a600bbb5d571033e1e849ed5c12fc87915e2c2f0e605911 |
C:\Users\Admin\AppData\Roaming\4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec.jar
| MD5 | d46ced619302d537e07481dfe8a1e7e1 |
| SHA1 | 135311ed819821a8a5043a0141c192e7b121a459 |
| SHA256 | 4e0f0e48af90b53ca2f5bfe07730901ca963655051f5fd4fba455933bc9a72ec |
| SHA512 | e4a35e5868ab5d267165375093a929ed02fc00b1fa6d9ef6e922c2992347363727b4c3ec935cf0562a600bbb5d571033e1e849ed5c12fc87915e2c2f0e605911 |
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
| MD5 | d046beb2a9ad1cf7e4c81581653d5020 |
| SHA1 | 5fcb05b92dd08580b39016014ad47f7d38865c93 |
| SHA256 | ba344b499bdacdb44ded02b5b877dee1a891ec97c3a1654fb12e471d21c5da45 |
| SHA512 | ac0f9b2e3f4201cc30742f1b8cf1c11749c0657e950bbc75c4501ed0518da00bcfff608285b483084d59a0a558c9c2b390e656b32e73c888d1a84172ecad5350 |
C:\Users\Admin\AppData\Roaming\lib\sqlite-jdbc-3.14.2.1.jar
| MD5 | b33387e15ab150a7bf560abdc73c3bec |
| SHA1 | 66b8075784131f578ef893fd7674273f709b9a4c |
| SHA256 | 2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491 |
| SHA512 | 25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279 |
C:\Users\Admin\AppData\Roaming\lib\jna-platform-5.5.0.jar
| MD5 | 2f4a99c2758e72ee2b59a73586a2322f |
| SHA1 | af38e7c4d0fc73c23ecd785443705bfdee5b90bf |
| SHA256 | 24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5 |
| SHA512 | b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494 |
C:\Users\Admin\AppData\Roaming\lib\jna-5.5.0.jar
| MD5 | acfb5b5fd9ee10bf69497792fd469f85 |
| SHA1 | 0e0845217c4907822403912ad6828d8e0b256208 |
| SHA256 | b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e |
| SHA512 | e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa |
C:\Users\Admin\AppData\Roaming\lib\system-hook-3.5.jar
| MD5 | e1aa38a1e78a76a6de73efae136cdb3a |
| SHA1 | c463da71871f780b2e2e5dba115d43953b537daf |
| SHA256 | 2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609 |
| SHA512 | fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d |
memory/1608-250-0x00000000014A0000-0x00000000014A1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2177513644-1903222820-241662473-1000\83aa4cc77f591dfc2374580bbd95f6ba_18e45b86-45c8-4e56-b846-cf6e0f375be5
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna9022108103044145801.dll
| MD5 | e02979ecd43bcc9061eb2b494ab5af50 |
| SHA1 | 3122ac0e751660f646c73b10c4f79685aa65c545 |
| SHA256 | a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a |
| SHA512 | 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372 |
memory/1608-269-0x00000000014A0000-0x00000000014A1000-memory.dmp
memory/1608-272-0x00000000014A0000-0x00000000014A1000-memory.dmp