Analysis Overview
SHA256
01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931
Threat Level: Shows suspicious behavior
The file 01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Modifies file permissions
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:13
Reported
2024-05-27 18:15
Platform
win7-20231129-en
Max time kernel
141s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bbc9162257cc9479a8fef903d1075f00000000002000000000010660000000100002000000049d2c5a0438ff56cea564d70b5bed1599b508152d70b6e0bffed9dcb05ddcee7000000000e8000000002000020000000ae434962d501d08e8b4890d8585eb1087f52ddf6690345968454eebb0faae85220000000a7cb3c8978c9d24b0958c6c62f6d43b1e2a52f6c26b9d569561a1f7d5b2551d440000000d672166d346e804db6159b42ab40e2b243d6c584e1d55053837cf232f2e1dd679842eb0f87f22ebdc4abdbc6efcc9cab406d091e5b00d76868cbc5a1eaec0aff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "122" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6819391-1C54-11EF-8857-46361BFF2467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1064609c61b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422995458" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bbc9162257cc9479a8fef903d1075f000000000020000000000106600000001000020000000ba959a19eb847098b7deca3abab9422b6f46365ffae15e8b6a9a5aeecbd93054000000000e800000000200002000000015d7eacc99c901ac068e84efb35f5de892d0363736e4527d610afe8bb2ab2e1d400100008f8ec81fc9d64b5cac7dffbcb2a34104435e821fdeaf9c3bad961d2746e056ad55a68db6fac4afaaf4a21ddcb22d8840ad9c212110ddd754c14b9dd25d15597da78d74300b437b71a024d2ff72ccc4ea65442e524ee37f8a32cdaa2fe4a6494e120da1383e334fd7f0fa53cdaa12b55a7e8e638968e3f9808a9dd5e9f5d2ca454c74a5ef6f604fa1658d9de989357403fdd6b9833d7f2895ffa60256817b3abd19f449d187db1bca52a0fee520706fe00814a1f293a3d86d5a1e14b9389808cc423f8cc856b001b90da207b97db964cff34fd997e6c51e4c5c697b84194fbcd68fb363eb706491b222dde3eebb91cec5e2e05ff22f770157c4c6613b336e1a4ee4073d12d64b291740f79dbeca820ade95fe3b1e135473ad036bca0d4ee93cc8119e654fd53073c6052ed184f5bf469b2307f045386bf636bebf6662cfc74dbf40000000ba2fb5d1893fd7de2543ab4180b0431c0d8693bab099fabb5f7dd28323b81a47edbff15bc8d4864fd22443c9e7bb7a865d2e1e3400aa78344c3f860c682de5cd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "22" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "209" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "229" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe
"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | java.com | udp |
| US | 8.8.8.8:53 | java.com | udp |
| NL | 23.62.61.163:80 | java.com | tcp |
| NL | 23.62.61.163:80 | java.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.137:80 | www.java.com | tcp |
| NL | 23.62.61.137:80 | www.java.com | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| GB | 104.103.246.175:443 | static.ocecdn.oraclecloud.com | tcp |
| GB | 104.103.246.175:443 | static.ocecdn.oraclecloud.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | c.oracleinfinity.io | udp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| NL | 23.62.61.162:443 | c.oracleinfinity.io | tcp |
| NL | 23.62.61.162:443 | c.oracleinfinity.io | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| US | 8.8.8.8:53 | dc.oracleinfinity.io | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2888-0-0x0000000000400000-0x0000000000422000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWU92FQD\favicon[1].ico
| MD5 | 8e39f067cc4f41898ef342843171d58a |
| SHA1 | ab19e81ce8ccb35b81bf2600d85c659e78e5c880 |
| SHA256 | 872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd |
| SHA512 | 47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | d05180c245e0a96c9333852dddc854b2 |
| SHA1 | 466ff99b6c9adeee22555b871eb5dfb38b524d19 |
| SHA256 | ca7d609e05a69b9dfc6ad28f6faf24a027c848dc50b70aa3a286d0f1016a48cf |
| SHA512 | 1ffa2e0856e0794cf08c7d57aba0ec4f8176c0510bb4fc19c9ecde2be8b52c91a5344dd09c5df139d63112bbafb47ac663ba042024b5c612bbf11288024b2dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml
| MD5 | 43ca916c3b2b40bef0bcaf2b422e72b6 |
| SHA1 | 524f84d38e162ed61b7b24d0f88789293fdbc505 |
| SHA256 | 98adeb0acb223ac4930658447ff17536dc143cc3e272f713b1253e67e34def64 |
| SHA512 | 57591f590964a8e195653c3ce8a8068359e2dbb8093ef75672974d1070f84734ebd45a18b38f82b77acfbde89fe4783188e890109ddd50c220d9bcb31fb227e9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml
| MD5 | f0db8f5a00b0b6023afdbd6e9984dbcf |
| SHA1 | 2ff325a7d56074b9b5394dc07f20b2707ade8791 |
| SHA256 | ab408a158a30f6f3ea032e7f13b89d06a78abf60f7a561a234ee3913ccabbaa6 |
| SHA512 | c39a3d80f63e9a031d19ca46a183d664f30ce0c6ffe61c154b0d6af479e7dbcd9fbaeb66f72e66b4373f030a851cec5316c1f1aa4e85d6ea79781518539a7049 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml
| MD5 | e55c5a903e1d10c11126241f08e89781 |
| SHA1 | 7d9053aba66e88fe172599ba3f34bc7ab168807f |
| SHA256 | daf5ee943fc94bf41639d7e69629b0725b894d57352f43eac7db46c1f831276e |
| SHA512 | ff3b87d8af334ada5ad01f0a0467d6ee5a5821f651f00cf48c2510517f2b7084f05f3f6dbb18b1565c6d8d5b9546a1ccd5181e33d1d725ff3980e662ce6e4e93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d09239f4a00f5147feaf8104689a1e |
| SHA1 | 18f6ff08c689102bfe918185c7125686b5235cd7 |
| SHA256 | 453899b53a3ff75eef7f9da94483d852fee112ad8b117c71eeff969e48aff603 |
| SHA512 | af0c7f80d7a6cb1f2b8e2323495d31db5daf29fd4c97e15e7939fafe28fe2000e3bdbc81628b72fb85d21e8677107cf6b2ca382635a9f93a7a668c6be0d06d3f |
C:\Users\Admin\AppData\Local\Temp\Tar4655.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fb1494b6094dc1319befa6ef9ac26d5f |
| SHA1 | 4db7bf83143670c04962bc943b05bed0f1bfc985 |
| SHA256 | 3f7b823f8c34ab6bc8f047be8a1e26bcf7c9dbd8bebce972214a01037db8efa3 |
| SHA512 | e6c4c759934447d0253e0cd106860308e0d2fad3b19d8836c22c30c6097baf6c916ed34932b69c5697b982af85b6cb47edce78cc1a6cf721ea9231a47ae0fc91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1205ffb2de411b62ce13c2ae0431219f |
| SHA1 | 608adceb1e019de54b7052b88e0911d9435503bb |
| SHA256 | a7a4b9d536c35d160d421d787f455d91563b08133dbc90d4b8e6cdffc156a449 |
| SHA512 | bb3a679fed7a9d813f3b9cb7b61b19fa85a2919698841241becec5e1fa030211998c233d30b45b5651209b4d378b3b46ee43d99f79414765e5bcbbbd16159b16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70a95b99993a69d25a8753d77fab313a |
| SHA1 | 3906065097322e788d50646eab07cdc354e90d68 |
| SHA256 | 5280dd0cd059e6a897b71f508c0f1013bb3cccc54a96e9b4f191c5ef87268edc |
| SHA512 | a7f3c6200026d66b5dc5938577832afa317c591b0915f5faa38e907904f82383bf892b456473019ce1090e7dc35c1247e7e630ad3c310826e4890a0e506327fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c84111909caa124e353fd555deea25a6 |
| SHA1 | 9678786850bb3f9e983abbad28c289e2e770f942 |
| SHA256 | d900087721ea4a63aba838e836d5254847ee39b9d594948e0ff874389840e45c |
| SHA512 | abd0530c1dd823695d66799ca3c14b4aa40393bca8c70c27018a542dea7b25a92cd5411b24a9c119f551b29464f77608d23ad769c6e9ff72e8f3389b83901343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c73275c1f202154385606bfb898c6c1 |
| SHA1 | 520c2c7ca2663bacc9ad8600f148562ebdb96459 |
| SHA256 | 3af39b994e1ea51a299d2a23db9d8019cfa8286ff06ba4aa15319377ad004972 |
| SHA512 | 1fcf560c324bcad2cfc92026c32e285d8fb21043c2460d997c148d551c84836a2a92c2dc7eef050a3eea32a1df37bfd4be04de826e51a261ce990119cbadb066 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70c5ca480b881bd41a212699791991fe |
| SHA1 | a26feb7f18ba5748c068d5c0806d4fe0600d6aa6 |
| SHA256 | 78068144056c002f849e1df68f069b3049e0ee312e859ff067571e9cc5a987c0 |
| SHA512 | 5c230645ab3fdfe41d5437accccbda30c21cee74aa6ab8157b831d7e9c04224b6798b8264c2765f0fc6028e9880ff45977833f4f6a0471ecaa374ca288403f6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 033f3ec1180aa965afa99a688dc273f9 |
| SHA1 | 1134aa0341ea0ec0933418ce03d5730aacf36836 |
| SHA256 | 886f6457169a5878a07ca24fa75ac57d902c578c6ecb8aa76068b61ca259eefa |
| SHA512 | 716404d3482864e317aab78502c75565a89b083b2321bf2a03ab8825853d41760eeaee791a84213e0dca58591011813b4745fa8e3ca8de7bf8afb791bd249554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58d8abf0e72f405ea79d02348e21a32a |
| SHA1 | 35eb23e1e67b950b1d7b5cf9b9605f182c13c685 |
| SHA256 | 323fb8ed54cc7bd7f4715a0a17a2792b8c508d3cfe6ea824d4a4af914870f895 |
| SHA512 | d47ebcd3d61f3686261c92f4e078ce817848f1f2706da56d35f50c4edeaab3dc6fb0897e87ea077a4143026402adf26cfdaacdac3d9992dca41b9f0e6af6bf3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bae2ce35e7e11b3387eb925193b881c |
| SHA1 | d9e979746a542bf739b60c674d66571ea728b883 |
| SHA256 | 2485c969d78939aea89f18e28548578c6122b8271a6d57af48099cc746ec3ab0 |
| SHA512 | 6012133289ec24d6a3d058bdacd507deee6bffaacd252f6b63420012fde00d3c0bea4d3e1e579a942d04bbd33a09e5df796a0a526d683b3fa03a312425fc4372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fc2f0f7d5fae4683721942c4d91f77a |
| SHA1 | 816ac5256864f0ac21e778dd5a39f2930d0bb9e0 |
| SHA256 | 0bfcc37f71277b8b2151e33bcac864bbea5df6220d135984a6626473e0479bc7 |
| SHA512 | e1ed39a34d626f368d76e4adf57a721423c396886ebf9a95da1bfdffacb3bd4ecfe0eff29d677c97da9a98a75d962f9c450755f3c0efa80bd75a49e3572ba03a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e123843f80526c837364cd1a00341ad |
| SHA1 | 4d2a02142af6ed9bb40801b0ca08a47f4caabb20 |
| SHA256 | 8d306c9689866302009db68c06fd4b6505ac7e2926f2cbf8bb08f8faa97a7212 |
| SHA512 | c0e07e0ddf5e1355c5d6b14fce0664e07cc216c582a2d04a3268a619e7394a58e111eb204c2c468ab74f044d69e8f1a3235822cb2c85b8094f05ec96cbbaa219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0218f365ebc878c72f3d234345e9da7 |
| SHA1 | cebc5604350e1bbc646cca3c5254876c1af33dfb |
| SHA256 | 48c10148d14b6dad09014e48af61016f0ec11ca82c5203adea24cba4059d3b56 |
| SHA512 | 4e86c4beb5923203da45476bd6dc608c216f28e49b50657a3954fda70987e1a2236b2e216f5a6baa19b5229cba5736bc396ae638b6dfa85ba34ef01354cc5bfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34731f4a5efdd5dfa507220bb956a65b |
| SHA1 | 6bec204fe5777aeb3c6d688797318b559a76313d |
| SHA256 | 20932783deafe45f2b626c6c1fcd3299188a53edb20c30d209542d63bc72aeef |
| SHA512 | f8f6a4f3bd616f4f2a3dc7a2a71547c08bd4e808e677063ecfdac6c8c4f181ecc4d150dac588f3f77803444a056a7af86e96afabb59c236f9499163ff140ff2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da59ee287ffc4598c2a2e44db76f852c |
| SHA1 | 174278956f8c27f2ea4b5a55296b25fefdc897d3 |
| SHA256 | bc6f64e70a13df423cd7200c2c494ebe5718fb35d5191c63525b359533b35544 |
| SHA512 | 4a117c7bb92489b8ee6ba846f4832aa4d6e75b241a4d2df91fe5e26e9fee6e495cbccab9b28f7688ae9285af7b27ed0cf37ad8cf77e9827509716bda89aa1349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c51b328f1a0d427430a245f2f48ad48 |
| SHA1 | 0e27475e8c0cba3ab6e88ad9808878b0406a6e1d |
| SHA256 | 7aef7f40a12b34cba1fb0f353120257a060181fa9fc38b6f0c34cc2487a8a11e |
| SHA512 | 61cd9254649f67caf5302f7181d7885d9c048286032341ecb718293959261a78c7fd533616fcff6dcbc82978e4f321386b90cb02257a443e2668a899f1678fa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a043e93ae3bc0c4ab29e782287ec54 |
| SHA1 | 4c3d1d6b78d6c6c51fdda25aae80fbd3e4b0b3e3 |
| SHA256 | 1a93f9bd97176624a57619dafd7d3f25fde0440ab51bc045d2e07be87af52e51 |
| SHA512 | 7e2f8030f0f6780e764d7b53d3078397a2e2f40ced4d169d679dca7ff3e475b13c11df385e973a00397872db773d22b8477fa53f063007b164913fdef5f4a923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81dd22d0d641d96b4411d3e4f07102da |
| SHA1 | ab99bf37047be56b7253a518edd9bd47abdc4944 |
| SHA256 | 57b8210947d72d64cc67691f57bdf98509dacbb9decc22bc81aa08b68e778491 |
| SHA512 | e36035468875ec21ce945a79ff8fee68f274fd91b546caa2f6f7f2e954e6db91d744cb6739b90d375681a4b32c61b3b659a2c4fb8148a867594fc1134029ee3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0483178ae92bab67a998b732146d9ce |
| SHA1 | a63174dd0d7cec91992a18549251510d7f948a74 |
| SHA256 | 7229f140a6dfb09d12eb3ebbc441370f101bb02b56797ff4f1095208e5f79053 |
| SHA512 | 371b2561092b19df788e89059ee8611c705ca981176d9b581bd9af67d460058e5af52c1567b1df78e35d5dda6e04aa1689a1ff0a1073511ca992edee160537fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c46057f37d45e26a878955e4d61666c1 |
| SHA1 | 915bf525ada1f28a35b86516509ae7c8787c179b |
| SHA256 | 74cc91945803b68704f27eca8205e21f6884572475e2affd548d9b86e20bef50 |
| SHA512 | 1fd666c7c6525c5033f57446d413438ab471306aec7a622131498c3bd4b38d7beb0e8db66766de7b41f375658014d80f9d99dc4b341bfeab0538f9918501fc21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d0bc7af116ad289129f1c33be2ca86 |
| SHA1 | da6a4ed34c386277a02420f00a802731ee0102ee |
| SHA256 | 713a8530c785168d4e69174560160150fa22c192096b362832dcd3f5c4229ca1 |
| SHA512 | 2d2cd5b90cfc827ea61df2ec08e6e6e074660d26907f20c843461b0cd0142f4b1206311264f5ce352cf6f93139ec67902ce25e83a811f6a89107fa49e479503e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ef85d92919e9f50a0efda1557598fa |
| SHA1 | 3449c14ae4e470a3e26777c520217d72df6c49e7 |
| SHA256 | 2f0135d3f6f27540dbf2b73e992dab6e69ba3752bd99b82beefd90b64e2bdf8f |
| SHA512 | 1d6978817c7f72470c8d8739003271319735fc79eb95ff3824b605308fac69d6212d402f0721ddd917b285d774c54b8e6ee373a5c5a4b5c135d31a068432f414 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:13
Reported
2024-05-27 18:15
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4752 wrote to memory of 3800 | N/A | C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe | C:\Program Files\Java\jre-1.8\bin\javaw.exe |
| PID 4752 wrote to memory of 3800 | N/A | C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe | C:\Program Files\Java\jre-1.8\bin\javaw.exe |
| PID 3800 wrote to memory of 4236 | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\system32\icacls.exe |
| PID 3800 wrote to memory of 4236 | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\system32\icacls.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe
"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Djna.nosys=true -Djava.library.path="C:\Users\Admin\AppData\Local\Temp\lib" -classpath "lib\Aerollel.jar;lib\core.jar;lib\jogl-all.jar;lib\gluegen-rt.jar;lib\jogl-all-natives-windows-amd64.jar;lib\gluegen-rt-natives-windows-amd64.jar;lib\jl1.0.1.jar;lib\jsminim.jar;lib\minim.jar;lib\mp3spi1.9.5.jar;lib\tritonus_aos.jar;lib\tritonus_share.jar;lib\net.jar" Aerollel
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
memory/4752-0-0x0000000000400000-0x0000000000422000-memory.dmp
memory/3800-3-0x000001A69D850000-0x000001A69DAC0000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | f74d5a59e502fb56e0df22047093df0d |
| SHA1 | 6eeb66d42393317c77629cb11faae581ef1759f8 |
| SHA256 | 3bf7b9d829ebcceb334ba821c01be7cf7c77ec329bf64ee106a71900052644bc |
| SHA512 | e83f9ea4e2e72933a3485f1743f5081623a355ea2daad8b79c16b748192738602621b0c35bfb5b7d30b0eeb0b394c886d619459016889c88b36594617bdc3460 |
memory/3800-13-0x000001A69C000000-0x000001A69C001000-memory.dmp
memory/3800-15-0x000001A69D850000-0x000001A69DAC0000-memory.dmp