Malware Analysis Report

2024-10-16 05:31

Sample ID 240629-vrhm7s1hla
Target Burpy-main.zip
SHA256 52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a
Tags
execution persistence antivm discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a

Threat Level: Likely malicious

The file Burpy-main.zip was found to be: Likely malicious.

Malicious Activity Summary

execution persistence antivm discovery

Downloads MZ/PE file

Blocklisted process makes network request

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Writes file to system bin folder

Creates/modifies environment variables

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Reads CPU attributes

Checks CPU configuration

Drops file in Program Files directory

Command and Scripting Interpreter: PowerShell

Writes file to tmp directory

Reads runtime system information

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-29 17:13

Signatures

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win10v2004-20240508-en

Max time kernel

126s

Max time network

131s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A
N/A N/A C:\Program Files\Java\jdk-19\bin\java.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\System32\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-19\conf\management\management.properties C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\jdk.internal.vm.compiler.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.internal.opt\jopt-simple.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\jdk.security.auth.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\javajpeg.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.desktop\lcms.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.unsupported\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\api-ms-win-crt-private-l1-1-0.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\splashscreen.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\jdk.jlink.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.internal.le\jline.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.xml.dom\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.logging\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\lib\psfont.properties.ja C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jdeps\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Common Files\Oracle\Java\javapath_target_240662296\javaw.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Common Files\Oracle\Java\javapath_target_240662296\javac.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\jconsole.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\nio.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\api-ms-win-core-file-l1-2-0.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\conf\security\policy\unlimited\default_local.policy C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.sctp\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.desktop\colorimaging.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\dt_shmem.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\javadoc.exe C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.internal.ed\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.nio.mapmode\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.attach\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jartool\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\attach.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\awt.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\conf\security\policy\README.txt C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jdeps\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jshell\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\java.security.sasl.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\jdk.incubator.vector.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.charsets\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.internal.opt\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\lib\security\blocked.certs C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Program Files\Java\jdk-19\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\management_ext.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\include\win32\jawt_md.h C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\instrument.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.editpad\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jconsole\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\jmods\jdk.management.jmod C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.prefs\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.se\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.crypto.cryptoki\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\api-ms-win-core-util-l1-1-0.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.net.http\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.hotspot.agent\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\release C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\net.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.xml\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.compiler\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.crypto.ec\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\saproc.dll C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.base\unicode.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\java.scripting\LICENSE C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.dynalink\dynalink.md C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\legal\jdk.jdwp.agent\COPYRIGHT C:\Windows\System32\MsiExec.exe N/A
File created C:\Program Files\Java\jdk-19\bin\management_agent.dll C:\Windows\System32\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI228B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI23B7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2406.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2571.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3577.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3606.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID49.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2C87.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI35C6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3626.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI37AF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5E32314F-F4C9-59D1-A229-BC58CEA0D74A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI337E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI24C3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2522.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI338F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI222C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI332F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33AF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5807fa.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5807fc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2358.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2465.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI34F9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3636.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3637.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2111.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI21CD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5807fa.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33BF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI22EA.tmp C:\Windows\system32\msiexec.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003f3ccc8c3b3921e10000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003f3ccc8c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003f3ccc8c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3f3ccc8c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003f3ccc8c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Console C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Environment C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\EUDC C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Keyboard Layout C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Printers C:\Windows\System32\MsiExec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D021009\F41323E59C4F1D952A92CB85EC0A7DA4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.jar C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\ProductIcon = "C:\\Program Files\\Java\\jdk-19\\\\bin\\java.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Applications\java.exe C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\shell\open\command\ = "\"C:\\Program Files\\Java\\jdk-19\\bin\\javaw.exe\" -jar \"%1\" %*" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\ProductName = "Java(TM) SE Development Kit 19.0.2 (64-bit)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Version = "318767106" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\2 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Applications\javaw.exe C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F41323E59C4F1D952A92CB85EC0A7DA4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D021009 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\PackageName = "jdk19.0.264.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jdk19.0.2_x64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\ = "Executable Jar File" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F41323E59C4F1D952A92CB85EC0A7DA4\ToolsFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\PackageCode = "B281DDAB94D4DFF4D9529228B6C19A6F" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\jarfile\shell\open\command C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jdk19.0.2_x64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "jarfile" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\java.exe\IsHostApp C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\jarfile C:\Windows\System32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\javaw.exe\IsHostApp C:\Windows\System32\MsiExec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3136 wrote to memory of 1932 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe
PID 3136 wrote to memory of 1932 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe
PID 1932 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe
PID 1932 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe
PID 5000 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe C:\Windows\System32\msiexec.exe
PID 5000 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe C:\Windows\System32\msiexec.exe
PID 4520 wrote to memory of 1408 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4520 wrote to memory of 1408 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4520 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4520 wrote to memory of 2444 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4520 wrote to memory of 2944 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4520 wrote to memory of 2944 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4520 wrote to memory of 4112 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 4520 wrote to memory of 4112 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3136 wrote to memory of 3008 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
PID 3136 wrote to memory of 3008 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
PID 3136 wrote to memory of 4460 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
PID 3136 wrote to memory of 4460 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
PID 4460 wrote to memory of 4896 N/A C:\Program Files\Common Files\Oracle\Java\javapath\java.exe C:\Program Files\Java\jdk-19\bin\java.exe
PID 4460 wrote to memory of 4896 N/A C:\Program Files\Common Files\Oracle\Java\javapath\java.exe C:\Program Files\Java\jdk-19\bin\java.exe
PID 3008 wrote to memory of 3872 N/A C:\Program Files\Common Files\Oracle\Java\javapath\java.exe C:\Program Files\Java\jdk-19\bin\java.exe
PID 3008 wrote to memory of 3872 N/A C:\Program Files\Common Files\Oracle\Java\javapath\java.exe C:\Program Files\Java\jdk-19\bin\java.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe

"C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe"

C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe

"C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk19.0.2_x64\jdk19.0.264.msi" WRAPPER=1

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 31C8DF051237712B10A1E08D38249F80 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 480E49546A7808D2BD7191B708E50506

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 2691E32491690FA22791D931520810B5 E Global\MSI0000

C:\Program Files\Common Files\Oracle\Java\javapath\java.exe

"C:\Program Files\Common Files\Oracle\Java\javapath\java.exe" -jar New-loader.jar

C:\Program Files\Common Files\Oracle\Java\javapath\java.exe

"C:\Program Files\Common Files\Oracle\Java\javapath\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar

C:\Program Files\Java\jdk-19\bin\java.exe

"C:\Program Files\Java\jdk-19\bin\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar

C:\Program Files\Java\jdk-19\bin\java.exe

"C:\Program Files\Java\jdk-19\bin\java.exe" -jar New-loader.jar

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 download.oracle.com udp
GB 2.21.188.103:443 download.oracle.com tcp
US 8.8.8.8:53 103.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 portswigger-cdn.net udp
GB 18.165.242.96:443 portswigger-cdn.net tcp
US 8.8.8.8:53 96.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3136-0-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_soc2mfzr.gvy.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3136-3-0x000001C37D6F0000-0x000001C37D712000-memory.dmp

memory/3136-11-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

memory/3136-12-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 5179c3d3e17d3d3975f24b06dd0d8ea3
SHA1 78aa176a93556d30a55d4471fdb518c26543a832
SHA256 3c05bc2cac7afc497531dc1cb068d947e6af1a496a5a931b787d7a8a76d46b36
SHA512 92a8a969a39db7559cd6ba46e80f6e3d39328ed6c05f16dbbb7097713822d45eec42d21ba09233996573f2a8c617c38f13ceba65656e59a4e0dcf57466826ef5

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 8daec50c08a0be5d3fa75b54e6e5cfe8
SHA1 a9a2b7568f1c4ffe6ba1448333bd18e3514a0ca5
SHA256 c6ddffc17613426f7d783af8b241a7f6df5b66d4fd6a613867d6ade68b719515
SHA512 8ec4d50b97f2522fbe0e0986125e4adee623196ebee44d9ac04a9890278acb7cd58ec9a6ab9656c9884d3d76b559ee5739f5ddaa49829571ddf6a0b32d3ee157

memory/3136-99-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSIB6DC.tmp

MD5 d849eed8fef39365cb0987f2c3d1c26f
SHA1 25ad42230ba2d0f163649f560ec09250d60f263c
SHA256 9ffced196504a78813600ad96108f45ed4667c13dc0ea545b0444d923b871650
SHA512 8b418c1f71c6d9b8c922d1634258132a0cc280ff90272b042cbfcea67c8576bb8db38a595fe27d65e90275d9e5d52c8dd5bbdff52e71c5d5f7e576685352184b

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 30913a952586800916d6a591c05069f1
SHA1 2b76940dc107bf7a093c60fa45fa5514f5c02bea
SHA256 d227f2f58a898f27ed47818fc83d4851659146491cc30228e368ebc762b58e8c
SHA512 71f0cd94bc59d7d6ed61711ecc7527d03d527e3073e9861445d118caf4443aa0f76849006661634926a3e7cba32508b0e6d0b4516cddb43791f77b99951320d3

memory/3136-126-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp

memory/3136-127-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

\??\Volume{8ccc3c3f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{11936229-61f0-4fb3-b5d1-323cc8dbb547}_OnDiskSnapshotProp

MD5 937dddee0e58d38d5ecef9b71e97a78d
SHA1 cec08947553e57e3673d1327309b1d8746998bf4
SHA256 2c752915bed704e8e87f4898e15fe86638b30b5e5584c05dbbf82df87f4509a8
SHA512 71a537f3087aa5712e91ca458d559454d96600a16a527e60054c3432c868da8d746e195e2bc538af6f9ace07d01dd5c4752f2b2e55bafa989cb25dd1347bc720

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 632d49aeee73014f9b3750c48335dab7
SHA1 1d6d680f2ded524095b8cfdbfe8c54aa4cc37639
SHA256 4b4f6b573be265ef4752c101429fe3366e45c9ea9c01c36a456db8a1b377670d
SHA512 847926ea2260e8db554699a898109fc27a9d1cfbcb8261c578e125ad98d07447cf343d1c5a5e0dd546c5d437433cb09a19c69b738ee4903a649cb6549d431c7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

MD5 8c4490bfed0c55aad8293c94b0798275
SHA1 02520f22bba6701cba5b08c8010cb3d6437b9c5e
SHA256 93b6267ebf74cfb0aa57ef3380931f530f6a36c5f2f7df673fbe259cb8a2f01a
SHA512 5674de30201161d51b50ff697a2443b8f2363f60d34cb2e488100087c8b548cc4b8b2412516512d30ae3814cc18e71a876c9b07b0e0ad59d02871af55ac964c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

MD5 f1cf94bebc863875ddfae91cc46ac7ab
SHA1 018ebaa0d665edb5b3ac6901b96786b3ecef8192
SHA256 a23d76d7aec5f9832bbcd9eb8e9bfbf89c6cad00bd566176f29604787d18afc8
SHA512 3f66f7d242879e4ca1a6770388d8f220e7928581de372ed30b9aae41e1c682b49525947c1c265904f0450d4b4b8e2fd1e914b36b022794d654c88f201e045766

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 d85baccf3add1c404f8d30ba284c5fe4
SHA1 a3183d1f96742058503a3ada2953f36c97272834
SHA256 75e72823c8e8bd2e6af57a3e7a3dcc481412ff3bbc2a67ab2a368233aeb32825
SHA512 34a8b7a9311ba03142cf87ac97df7ff32ca77b3bb6f3557a384785dcfda1bb865cbe1d16e04988275648c91c0021595c65f752ae2a5baeb0fa025dd720da4b57

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ae46cafe672175bd3afbe8b7429de45e
SHA1 88b9af10c737e698cbcdfadc29c38c2fc1a94a84
SHA256 97ed9a8db17275b9d2104d02a9da3d6f3bc63226d1011f2c547039676f813e4f
SHA512 4c4e196cf16dd46a8688f2877ec88b1d3b25d925dbf8c2b0b83e8e4a2e092ce49558c8db1502e7fe60e367a960dc48d007dc7e5749d6f80fa5450b47ca9db4c3

C:\Program Files\Java\jdk-19\LICENSE

MD5 7369866495acb2d7e57397f06a3ab0ba
SHA1 e75e828ba2898c74b4a682ce5291a69acf9cc55a
SHA256 4d156eecbf6ca462d8cf772552fff874b167f87def9566837fb8e4fb347f29a5
SHA512 6c1ae5229953259a258bf140241afa9dc50b642dbb5a11c183c8920678292266aecc26dd1254c3ce9184fe08c3068e2183a694a9a06f5972cc535015461ff825

C:\Program Files\Java\jdk-19\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Program Files\Java\jdk-19\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\Java\jdk-19\bin\windowsaccessbridge-64.dll

MD5 d0f2ded56013e0f7beff01e7955d980c
SHA1 2c27d8f6bffa6ee538a43daba9cb0fac07abb146
SHA256 0a6b0bca5086994476cac894dc945eee43ede4e2f266435b5c812db54fec06f9
SHA512 19803c8222f3923d2813187198e79a4d8f35622694a3a36a5c5f43f9cde397f8fdfdd54293dd909897dd56712befe51263cbeb21afb8a390c01410fe0446ff74

C:\Config.Msi\e5807fb.rbs

MD5 2c46315d44449fc432d55619bbdcb6cc
SHA1 6104b71ff3c95e97186528c155b5a597bd543406
SHA256 2c948c6ee6689e4c1ce712cb2e81ffc390168fdcd5489ab59c9a9631bbaa919d
SHA512 6da4af621779ba932c13f396a3b249d30ce3271c9b66b8d238d49d727b7c2f6baa0d494b725ccd6cfc5b5ff062c09145fbaa6f4fe251133bb9198635896cfb73

C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log

MD5 fe68e8d1bd0089533d36b5c34c4557c0
SHA1 0f3336d65d90224b5a6b73acc78e4ccffcb495ad
SHA256 b34819e94ccceab4006afde60438a1059c09914db563b3c486348ad8b03772e3
SHA512 db3f049768ab92a5df7fb761a6215a16b815986fcbf78a2882644c5eb8ffcb2f3fe98c42ec10c3bf11a113705d60f22cd3ae77ac1b254de6e157d0d13e4a2207

C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log

MD5 0074575066943ea1bcc85321e49e4049
SHA1 90791984351480950320f31b035ab17fbce02e5f
SHA256 369c152268d4075a533407860505c9d029805ac2629b84aa84d0aefbe04e2c1e
SHA512 6de3400ba0a38d5d6869add3217d9ace983f0acb3d5ace5fc9519b28598f58399d6eb1e900f39451a2d754720a717e2f6e632d48d8824f8afe792d21dca14dc3

C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log

MD5 4cecfd7fef407cf2482bff15beed8e4b
SHA1 d99b44dc282f9458eab50d9c2b2b6d10c70c9026
SHA256 13c8534c523aa4f912ca22b329f18b1df248c743505074d000ec59e2e650e547
SHA512 e66d880727011e2cf7683738e2a88c2fc1abe966ac0d13db00f88e8c0c59a724db802a689ca19f9cfc644c49e97571eeea0ebe725edb02dd44e6e8135fb33e58

memory/3136-955-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Max time network

2s

Command Line

[/tmp/Burpy-main/burpsuite_pro.sh]

Signatures

N/A

Processes

/tmp/Burpy-main/burpsuite_pro.sh

[/tmp/Burpy-main/burpsuite_pro.sh]

/bin/ping

[ping -q -c 1 -W 1 google.com]

Network

Country Destination Domain Proto
US 1.1.1.1:53 google.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

debian9-mipsbe-20240418-en

Max time kernel

41s

Max time network

39s

Command Line

[/tmp/Burpy-main/Linux_setup.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /usr/share/burpsuite/burpsuite /usr/share/burpsuite/burpsuite N/A

Creates/modifies environment variables

persistence
Description Indicator Process Target
File opened for modification /etc/environment /usr/bin/tee N/A
File opened for modification /etc/environment /usr/bin/tee N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/burpsuite /bin/cp N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Burpy-main/jdk19.tar.gz /usr/bin/curl N/A

Processes

/tmp/Burpy-main/Linux_setup.sh

[/tmp/Burpy-main/Linux_setup.sh]

/bin/mkdir

[mkdir -p /usr/local/java]

/bin/mkdir

[mkdir -p /usr/local/java/jdk19]

/usr/bin/curl

[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]

/bin/tar

[tar -xf jdk19.tar.gz -C /usr/local/java/jdk19 --strip-components=1]

/usr/local/sbin/gzip

[gzip -d]

/usr/local/bin/gzip

[gzip -d]

/usr/sbin/gzip

[gzip -d]

/usr/bin/gzip

[gzip -d]

/sbin/gzip

[gzip -d]

/bin/gzip

[gzip -d]

/bin/rm

[rm jdk19.tar.gz]

/usr/bin/sudo

[sudo tee -a /etc/environment]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/tee

[tee -a /etc/environment]

/usr/bin/sudo

[sudo tee -a /etc/environment]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZle-0000C4-Vn]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZle-0000C7-Vb]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/tee

[tee -a /etc/environment]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlg-0000CI-LV]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZll-0000CD-BU]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlr-0000Dd-PF]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]

/usr/bin/id

[id -u]

/usr/bin/sudo

[sudo mkdir -p /usr/local/java/jre8]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlt-0000Dp-CU]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlt-0000Ds-L3]

/usr/bin/sudo

[sudo curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/curl

[curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlv-0000E3-Hk]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlv-0000E7-Kv]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlx-0000Dh-2q]

/usr/bin/sudo

[sudo tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/bin/tar

[tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlz-0000EK-GG]

/usr/bin/sudo

[sudo rm /usr/local/java/jre8/jre8.tar.gz]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlz-0000EN-Mt]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm1-0000EW-Kr]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm1-0000EZ-PS]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/bin/sudo

[sudo update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm3-0000Ek-3n]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm3-0000Eo-FO]

/usr/bin/sudo

[sudo update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/bin/mkdir

[mkdir -p /usr/share/burpsuite]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm5-0000Ey-82]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm5-0000F2-Bn]

/bin/cp

[cp loader.jar /usr/share/burpsuite/]

/bin/cp

[cp burp_suite.ico /usr/share/burpsuite/]

/bin/rm

[rm Windows_setup.ps1]

/bin/rm

[rm -rf .git]

/bin/rm

[rm burpsuite.jar]

/usr/bin/curl

[curl -s https://portswigger.net/burp/releases]

/bin/grep

[grep -Po (?<=/burp/releases/professional-community-)[0-9]+\-[0-9]+\-[0-9]+]

/usr/bin/head

[head -n 1]

/usr/bin/wget

[wget https://portswigger-cdn.net/burp/releases/download?product=pro&version=&type=jar -O burpsuite_pro_v2024-5-4.jar --quiet --show-progress]

/bin/sleep

[sleep 2]

/bin/chmod

[chmod +x burpsuite]

/bin/cp

[cp burpsuite /bin/burpsuite]

/bin/sleep

[sleep 3s]

/usr/share/burpsuite/burpsuite

[./burpsuite]

Network

Country Destination Domain Proto
US 1.1.1.1:53 download.oracle.com udp
GB 95.100.244.78:443 download.oracle.com tcp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 javadl.oracle.com udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
GB 23.204.232.117:443 javadl.oracle.com tcp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp
US 1.1.1.1:53 portswigger.net udp
IE 34.249.63.188:443 portswigger.net tcp
US 1.1.1.1:53 portswigger-cdn.net udp
GB 18.165.242.50:443 portswigger-cdn.net tcp
US 1.1.1.1:53 debian9-mipsbe-20240418-en-1 udp

Files

/tmp/Burpy-main/jdk19.tar.gz

MD5 477d9862374177c810b0b7d73b4f1e53
SHA1 22e24467abee736e965fc3f7228ebf3a607febf3
SHA256 d97f0f402bd65a9c26aa266246b0894c8d6762e82373377641ca779c46406299
SHA512 40503981aa19ea531892e25972422ee49405569b4d2300d10d0457341679ceba0f187552005cb4e457ba1a2e872bc003fad29dbc8f7acb2cdfc5cf92bd484478

/var/spool/exim4/input/1sNZle-0000C4-Vn-D

MD5 5c85b3087fb2e397fc7b6ef1516a83b7
SHA1 1ce85f2fc10fe7830b97c424ed3a3d458680659e
SHA256 b99753722eed9b2f8f29fb1b39ddfe6122306c1d0addc30cf23790ed7d176fbf
SHA512 9893dbb7b28160a87bb305261476677c4349a54e773d7360ca3db233d5e2f17ee3b3f6892ddbca63693a52e28b2fa5e61e4f4a215a36c7f4affc149853fb2429

/var/spool/exim4/input/1sNZle-0000C7-Vb-D

MD5 3b6dda57687e97a326aacbbd198b1357
SHA1 4af4bfb7577dbc84055d38d033e6afc9c4f2011e
SHA256 eaeb9671d86042fb6cee45f3c49dee8c43c1ec8f9d335aac909d0f63bf5feeb6
SHA512 e491cef7a998fd5cf22206cf7f225a6b0e1d95ef58fd6dd35bd48f2d13200fefc9ae743b2583289410d64d35a1f76a0b390f48cd32b194f1ef6cedb81ac40fc1

/var/spool/exim4/input/hdr.748

MD5 4113433a41d6b97e215dd3249fc8a9ab
SHA1 37f13c3b98e1162abeb4d47add582c3cb3333533
SHA256 45030b3e2f1a9a32fbc096c87a2576bd754c7e5150b8db01baf31bfdb1304b10
SHA512 b5d24efb885ed2b254fddd4545b65b75fe01d5c6de43ed2ea703fd1adf2e53f8103aeb662248fcd81054c183c1f8888be283506f84cea2d2fb790b7e17e7a508

/var/spool/exim4/msglog/1sNZle-0000C4-Vn

MD5 d779d8d56deaefc73d641ec293830b89
SHA1 ac3c00748ad2fce4dbaaa5a88ecdf33c2e6bf494
SHA256 371f9637c7bde204b749f06a590dc869fe395197e4d2e9ec41e789375b0309ab
SHA512 388eaa37d466a3f30c1e762c581119881f430bd405b7dc2ced8cba814a21b9f6edd69332b60d41d2324060ba88acb2f196885b817c994b1c0ba887b5e661e990

/var/spool/exim4/msglog/1sNZle-0000C7-Vb

MD5 c21b673bc6e964c783d4ad09a65f16de
SHA1 aae6ef49cf93ac43581f9b22c389d89ad393c04e
SHA256 15b2668ad71bdc835e53b3eaf6f8aa57ab7caac67a1d02c549a7f380d9dec8b7
SHA512 b9ac4962d7fa11fa4e7d363034f09bde021f1fdb9ca0381b5ab388db8dc461fc28d8f89d87d39419854852fe903cbae3d71fb0091f4cfea8a42c3a67ed732ec9

/var/spool/exim4/input/1sNZlg-0000CI-LV-D

MD5 2876183a34dda9aa6c7bb16e26f0d491
SHA1 3fb6837198d54cc3655deeaef4aea17cb3c06cc6
SHA256 2cf63c1c45300e9618f33c2122b043e13b454eceedeb1ca0359050ed60f360fa
SHA512 56ae1ec5bcc10fcbfef63919632a23ecc5219a90746da0820ea165679c9d2fb79d0776e2de17160f4d60d96edba53036d6bbd6b7ce67e1830ac7bfa88a0fb832

/var/spool/exim4/input/hdr.762

MD5 68050683df6b818f1fa055bfaec2583e
SHA1 06653902cddb3a63f0e86f1da0a8162a70c4a00f
SHA256 8775ee4d498d22e2ce2eea3cbf84556b0450e9b24e7707ecc216f6927eec47eb
SHA512 f06628d16780630fc5136761d2e73b6b3c241d4f25e311cbf711ef93609d7712628fa20d3c6a67e481437deb2680dadec92b25d7a0166daddb9a6d1e5ef40e49

/var/spool/exim4/msglog/1sNZlg-0000CI-LV

MD5 313a564fcee641efb2f3898cfb368967
SHA1 6d76a32f6138ed96053eaa733c8b5b85261954fe
SHA256 98af4f37a4fc1393f3824731b4f51459bcac4f0b6e0adfcddddc425d38d7c146
SHA512 c39acd3c6f2569ad3d27040d69621a3ba45f6be93e143c362920d5529d9318b539c6498a6ef8fe581132559169b4124f4978d8ea8548edefecdd39aad208ad0f

/var/spool/exim4/input/1sNZll-0000CD-BU-D

MD5 9191d8df8b0933deaa83d00b07b453c1
SHA1 aeffcd4b2b9fa3b70f5f688ad9c941f76dd36eab
SHA256 0be1414efdc26bd933ea418799f1c064c8aa8ab4d04ed95cdcf55b54f6a6dffd
SHA512 e16169e48a3b51d0128a69f9f0a5ef2c3d6a435dc9e31cc429f495664e1f7e44995281f61ec325e46277aa5b1e04f3bd0cc848cb6b56d9b731fb58dc74cd62d9

/var/spool/exim4/input/hdr.757

MD5 1b7e5d38ec885606481233779cceca46
SHA1 2a0bf4aa322ea888eeeb85f61a16cc54a8e69baa
SHA256 a58cf230f9794d290442161797451e1fd8452239d2d6b56521d6c4af9ef6ad05
SHA512 bcd60f98bb20892ab356caef65955ea8497ce2a3b1a5b81c53125f2a25e5425fac29602bfdefda7fb06e0bab3ba3a801d12ebd46ab58d5a794c2e5cea36b34fa

/var/spool/exim4/msglog/1sNZll-0000CD-BU

MD5 8a1a649b15102e38bc39cee5c1c48e3b
SHA1 670f960e89fc6d3cd47a04aebca6d0a635e015e0
SHA256 ca80e0ed604ab915346558a174368360b3253be082f8a18a699e08bf38e4d159
SHA512 6dc0e05e7a6e8651b70121aaed9a15cf5b8a9e26e3ef88fb71ba258e14bd04789547410e6ed503e3e02ea5bcbc1e188976ea01610e782fc9b7e4adf35ade596d

/var/mail/user

MD5 2a98625d1ea329f05cc2ff63c6dd3f6a
SHA1 8168ec3862f4c6819aa61766ff26941d90dcee1f
SHA256 67e48b618719c98f3464960327b4c16b6d75b5fe52275bee7d91529a154ede12
SHA512 8b64f508cd265fa33b0ef595f21527f875447d89bf8495e67de5571a19829772ba6456502b45bb6261134b8a7628d8531038c52b17fd148ab05d2872d84b3eec

/var/spool/exim4/input/1sNZle-0000C7-Vb-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1sNZle-0000C7-Vb

MD5 579499fe7c022d530f589d798a1f43de
SHA1 813dc4bb1825d1e00b636e2de8bfd901e9cd7c59
SHA256 db27dacb0286e067f2886c3d998a2adce5f6a32f81335fd2e779c863bc87f6e7
SHA512 3d3cb8831113c8e2932e04dcda15363e03f9ae8c160af8cfef6a055c9f0eef163fcc3b85302f9b38bd168d9ed465e2e163bad56faab92bf94357a690025cfb06

/var/mail/user

MD5 b0db0b638574948787435357e1087405
SHA1 db330d04ef86c01a4ad8b28a61d71b46d9403500
SHA256 f189f6d2190eb2bb5bec62e42320f10e59c359c46438e21f2d90f61161b0a976
SHA512 85408a83a49e0d0957f03ef64205edee6c54fcc70b63400dc845417ade31c8204369cc839116c77ae500f7143e1f48834b7b95c9783c06341b526ad2f9068fd0

/var/spool/exim4/msglog/1sNZlg-0000CI-LV

MD5 c25995b64db091d7e36f28d5a2d09293
SHA1 ab92f55b529e7d93efea6e1aa2b631ba139c9b93
SHA256 b4ec7d53de1c538e72c8ea7a6c504a2aaffeb432f23a24c6c31cf3f9c0d8ee49
SHA512 b25ec5ed7245f0cca63f3d2c805f517c376e15706a244706d0384d54fe8812321b3e7173607ea267cc92211af7af598f95bd455bc29d5201a172734c14e67008

/var/mail/user

MD5 2a0eed5aa13c569d1d8eb8811c2fdc89
SHA1 3bea1c5407d1296c3e9a879b7525bd16a35477f7
SHA256 4b262145667f00d3583f7506fe609172d9c5f2cb874a0e81d105456218764ea5
SHA512 12c475eb96bd097a31f03b047cdc1fd8e761d18f316d424b3eb1625df950a793a76dc55f26d8f993c4cb8ce0d05dff259b3587390661b065f46ab9983d17f266

/var/spool/exim4/msglog/1sNZle-0000C4-Vn

MD5 d2e1d762bd7bbabde3ef607d1b7aab11
SHA1 de72242ed3002cc2d46621b7a2010c01a87a859a
SHA256 d273163a94ec1318dbc12e4869cde8b3aa2fcca48e34be91eb792cae503f90e9
SHA512 ab6fe397e1cb379605490ca2fe7ee14d6bb243a9243d5957f3468fca1c5682d60dbc672ad4a48c221e6f82690e85c6c585ac97656797aae3bcbd868354d06f38

/var/spool/exim4/input/1sNZlr-0000Dd-PF-D

MD5 1562e68eec76db0a7cbb9019892a7489
SHA1 5315dc50a053d9e805676f6813e2cb0ac77fd338
SHA256 3b1730f3503edfccb8066c8cb2f7e97d10a512ebc98043fafb4a8488d1b6e6cf
SHA512 2d03bb8cb7a5ee7f9f0f6551ca63d867a129f56fa45bf9caa1b432d762b76b0a89d7748eed072d0f2a04f8c7d289fc3783028de27049ed586d1af6ba5bfaf66a

/var/spool/exim4/input/hdr.845

MD5 089b74179488f167ce0d38443c9a43a3
SHA1 60c951dd03206c53a4e251d69712c07270b74059
SHA256 670c9021959e33a8a2fbf1d94244ea11f9f0787ba61f71ba3947f36f3e8839d0
SHA512 f24c5ba6f46cb21337ff2105972642f8474f126a3b26e5b3e0969a9336b8c92ae816007b34f0b123e3b32967550f275bd5a79bc2ae973c9ed114ddc4cd376e9d

/var/spool/exim4/msglog/1sNZlr-0000Dd-PF

MD5 f8def02573ebf5bdc0b498ff09d21f6a
SHA1 73861410b404fe005b66f249ff5005a49e4fea61
SHA256 44d2718dd24940c3e893f09e2c90bec9a2d727eab398e0eb73ae7c8b99889cd2
SHA512 25bea464f00f1e206bb6dee644b3a2ec196c964d1201d3252e23ff25b1fee761464dde8031465a3631703788f4e68632bba4bb959fb7ad320a13f0f6d5cda963

/var/mail/user

MD5 680cecffbd413ace409b90d8505bcb2d
SHA1 64c22de842b7445256f99a2cf8c15608cb74ded0
SHA256 cf5fe8473766aace10e8f091e9acdab38ad70addc227116df340ed967fff3f0a
SHA512 2045548f6abc7c2a2c6a2fff64d190c4de801eb0587a07d0842ebc9f7d0dffc1fbd8ca4523ce1e47f10cceffc63446c08910c78e8c52fbdc84740a861198faf9

/var/spool/exim4/msglog/1sNZll-0000CD-BU

MD5 c4c652c8623bf59c4a3e97ecabaa0b92
SHA1 bbdd5e1c2e7472f55c84e101931d42dd396923fb
SHA256 b1caf28d77ee587271e744d97204ebb844521f7fa19f92af72ad6c8314e04a41
SHA512 860838fbebec68169f95ed2b9d54cfe882618e6d994651b4c52be361d11b70f25fd950e014d3a69147d0fabf79fec7d219663f3ca1cf4e54a1c2886ec1a7f5ab

/var/mail/user

MD5 e09afc94235ae89b52fc8ebf8d7c55c6
SHA1 b22cd3cbc54bbb7397d367b8f3b272099e4b35ca
SHA256 403b2382fd81913fc6ad4d0119ac8dea19ebd3babe129e11076c398b90256a14
SHA512 b51ef27386cb3ac94389f491c85730157111f5f08b089171c60aec982d366f5ceb7cacd26a879870a489083aae3d7c7cd630aa43ad25c30db20185e2bcd5eabf

/var/spool/exim4/msglog/1sNZlr-0000Dd-PF

MD5 2ef1e273bbac96c6777a21387b371369
SHA1 8b9d3e985ffbb7d99c215c35ecfa43e3d6e79942
SHA256 614b31e384ed445536c55e493e3c7a9804fa3eba5a0499ff54d27c4b4a4045bc
SHA512 037f461373c53b841c66abc88f2fcafc81605e3fec3f82d57ac87d3675879292863a44b994b7b1011bdb62a20cfae1da603ae50756dede1de8f8ae8a5b66195e

/var/spool/exim4/input/1sNZlt-0000Dp-CU-D

MD5 f3be6b5e9c992c875cbeefd807ea400e
SHA1 61e7cb2dd3db78708dbdbd2ce75387c149dc9cdb
SHA256 062a074ae331c63b86e106c7a3f6e6dfbb563e0a9defe1522dd42aff998606b1
SHA512 dfa7c4401285111cc3d64aa81484632b8016a7918ce2b1202530c96ced9d390a78779e48a712943b329d46adf5530a0bea0f44d3d5a54a9425c872ce0a97eb77

/var/spool/exim4/input/hdr.857

MD5 5073cb9e36d9d947b1124717938f24fc
SHA1 6dd798f669f963ea57e95c52a1cae100bacca9c0
SHA256 41161c5e4fd800d940faa80dd7611af5f3df85ed8cad9a750f784eab3ba59d00
SHA512 cd1807e46df9bf4c4a9f616f5144755393b6697a624ca44ecf45d8374fc757b2d9bb303c445651b5c45e0fa3c07f03abeaa4aab10d20a718640a3cd9ab7d6fd7

/var/spool/exim4/msglog/1sNZlt-0000Dp-CU

MD5 fbf6377ac2dd5e241ec982d10bbd0026
SHA1 8a12b7efcae5fad09412f826fb51357f916d9170
SHA256 6d5f81d8d50991bb4fe9c89776565583003e34cd2d0bcf558951705592aefa70
SHA512 a3dbdcf9d433184838798486190f7ae12d291bba07adbc3039b86116611696c34f1c277a88164e54775fadac5a62afef7073866d3621166c2ff700e2b41c6dc2

/var/spool/exim4/input/1sNZlt-0000Ds-L3-D

MD5 996ca695133822e37bbef206078a34fc
SHA1 2d57984b8c9f7c12d761c916bdb6d53036709339
SHA256 2cb2d90e4b57157fb55555334bd40baa3b4874046d807dc4f0dc1ec299f6a1d9
SHA512 fe0859389a14f8ee5bfad5afb8236fb3771df22227b6291dcea9c6a04296a47485529b22283ca3deb34b2371454d9562f8ccacbf6f045b886d1fb985ce55052e

/var/spool/exim4/input/hdr.860

MD5 2d21105fff1e3557e63b6389482691aa
SHA1 f097f52073248b31210938d82a4921f8f1dac7a5
SHA256 5d547c692d91069db768d618e1eaebf9c0fa2de3dd9a95417b28f1611256a980
SHA512 0fec66cd85cb1a811c2437913467b961094bbc78de4e4a9b71b5d7b5a0ece94a308c7e2e45fde8633b7c1f127c304e05778ea26abdb2feb087635e59bf9e911a

/var/spool/exim4/msglog/1sNZlt-0000Ds-L3

MD5 51e29587c6276c229858e1fa08ddd577
SHA1 e9dd685f8916a907f22ca67534f28e1db778222e
SHA256 1fa3209dfff324732c47782ed45bec77745e5b03904d273eaa65fd0bc94f0b98
SHA512 622f87f7803ad0d102832786767e127d586d4326c860443155b785743405fba4619be94504c6ac19064f92af3f05a81c92a2ad9ee4a9f7ad5da371c4309b5616

/var/mail/user

MD5 88d1d6085dcd8753aee7640703a86b40
SHA1 ec2333b9101d3ca36092f879851889d4acfab098
SHA256 5ad7519d7d78758ad55450ff85549b10d632ab459002478cd9d2f07b6d12e2b9
SHA512 3796f36924b160f6e661faf24b61bec0768d86d292136da3a312df449a74b12fac07d89df659e968de1275899999147e1ae1082b06211e1ca71a64c28048728f

/var/spool/exim4/msglog/1sNZlt-0000Dp-CU

MD5 43f1efeca0fc002eec9f06f02f3c0470
SHA1 cfc1005cea231cb41620e7f30bcc1e37b4d1ac9a
SHA256 e16c2130a06e26e825ebdcab3a21a9d456cf82b053c49320b1ea685750d4d324
SHA512 4689e9e6ecc9406a03122460d41857610128563a2a35e4e70e94efdba817983805b2ba9e6019dbd9624044d807654cd16dfc159a02ecf7e1fdc892eb9d4a3524

/var/spool/exim4/msglog/1sNZlt-0000Ds-L3

MD5 a4bda47843b5699e11ae8e4886be31c9
SHA1 861fe50d02cde15f294e3b87dbc76f92b3807c58
SHA256 59084ca61b22d8f12326002f0f61a8db5015886d34aa9082f167a1804490e219
SHA512 e8316033a7d9f57bdbe365338d67e8d9f4d578f1d0645d1ad75c592b2abea1c0b10482897a07c9d07276f7d4a408c80c41d029a0c661a58cc1ae704ddef26e34

/var/spool/exim4/input/1sNZlv-0000E3-Hk-D

MD5 a9b7a3c5dd7128fa2a79459373034059
SHA1 0985a2b9b9d2c8600ddaf479d4d13cda3937868a
SHA256 37a8586c95d61a63dacda1eeb08541830576adc9c3695248c8a60d274f3eb627
SHA512 d621670cfa18f79ba1d243d815d0821d68682fccc61c625aa7af6e2fcdae5a001f37578b7b00cfc8da64e6df6f56f7117260e3863ff364337450de47348587dc

/var/spool/exim4/input/hdr.871

MD5 335ccdf13714a93505627dc174292509
SHA1 92712ada191a8350d24559e6e997da30592e1670
SHA256 92ffe3ff7fd20b8502182af3494ca87c41c62f1a54bd425d127fce2ab0612f40
SHA512 746dacd2ba8638ba69aae4469687f7849dd6bede46e995081d8f8d0bddc4b86a08bfb3d977ea331c93f59318cbb735a66b4be9b75e38b083b494f5d35096e3e4

/var/spool/exim4/msglog/1sNZlv-0000E3-Hk

MD5 696fa5993d95520d8b326968a26c4260
SHA1 43274f4f21e86f425f45d7a156b6cbce8366dcd3
SHA256 95062cedbdd9f223bedfadc71f2e3eaf2c22da09ce56851070b0254d22ac7dec
SHA512 355990c1371848ec90b268622d134bd5895f9e73408e71cd736f8ba886910b0703611a4d86cb74e8fc406f025661417e43c61c90b47ce62de5f233e4c7abd68f

/var/spool/exim4/input/1sNZlv-0000E7-Kv-D

MD5 e1d4935c297bee5d5999c8b05a4083e1
SHA1 6bd11f1839aca716a4404b3d694dc47c575ba579
SHA256 702d1d1901f2b5d001aa81eca6865c08fa090e71e6902025d7916dbdff271e00
SHA512 a298960da7c2c6398d21ee6c5037de2979a60d8e10d9f744a2edea40a1d28eb7a2e86d219f3e8e872a59792a593114ebebe78c7e60a3a87a079a726503ed1af6

/var/spool/exim4/input/hdr.875

MD5 b04e19906dcc516c51f186d97416b0f0
SHA1 724aadca0192890fbc489e5c279df26c822c8583
SHA256 7704fbe0dcc28a3b3483ef5f45bc35f2119436c8637969bdcd7870496e7a137f
SHA512 420e96721b24634ebce6a3a577a9828cd1f630938f0e7c0401533d42d8201876073da46313b379b3ab6fdfa3f4447dab9a5b9c8a9e93b552df324de5bddca6a5

/var/spool/exim4/msglog/1sNZlv-0000E7-Kv

MD5 ea241541938a9b429e2ddb7768953668
SHA1 fb6f7a7ef4b1b262ef6ec0653a919fdb4c679045
SHA256 6af7a3ebb7fff0ed637a8a77349abad5ced70702eecbb4d199ea0b6d0fd79ec2
SHA512 879d526738f7ae3861f03079ca8c72c7c97ae233a7600d08187b8e0b8669c3e928ed2a68926a4fc29a73a1aa9a125e817d325759dd52c5a2988d1c1795fa4526

/var/spool/exim4/msglog/1sNZlv-0000E7-Kv

MD5 30e50eebfddef0c191de6b8227161af6
SHA1 63ba6f9cf1d3a3560e0ae11084b5e6b7c39bf0ae
SHA256 90b003340f48dc3d1de81a3a3f546cb75a136916d28fcb877b85c87cb59a2598
SHA512 8d37853e6e411eb70fc3014fd11ff21c1171ca2b518a84f2d04e83d3186a3deefb6b7f7bec9199c20f2f3ea38bca7b2dd3dcbff76429ee6a245bfac800545464

/var/spool/exim4/input/1sNZlx-0000Dh-2q-D

MD5 a38bca829b3792bbd6cb7ede0934bcd2
SHA1 304f92c75e5812e4608351191dec4891797b72f3
SHA256 bf79a585e16c4f5660a3da1c6fe397f3075af18e4d24714992d9c40da09d8172
SHA512 28f647f5cdbe5f8f11aa5838ae92c5530365e9dc564bfdec6c2b003ced3b0b9585cec34733e5918cc1c2055ba35b8d777ca0403d137eb902f4b7425175c6b23c

/var/spool/exim4/input/hdr.849

MD5 4f2dcd9ba2034e7581a4e2107321353d
SHA1 7c38dd0b24f8045c1d2d8a7ec212fbe21221d5c3
SHA256 4d9754141eb9ed1dfb48831a60045512901795c09dbf5d7efe69094dfa40919e
SHA512 8e96430ea9f3ad3ab4b52d6be3eb10cdd53c511314b8192e3492caf565f5c642f4cb55eb460e3b1bf48d27c29b88368d3096f2bff51007b84a32637d7b6ec99f

/var/spool/exim4/msglog/1sNZlx-0000Dh-2q

MD5 1ad5830a814f05f7b271a207ce132ccc
SHA1 d7a2956f21e18945e11ec13924d4f9cd4d828f69
SHA256 8cb522cfbe1e423ef59335f8fd32d4c2f408fe34bb3d7c8b72f7744aed8677b1
SHA512 dc7f85b12f2a25cc8bcdb737928d3afe35c7be8f8d0e408a16acdf21c283695084a12db1f68cb0397f25a83b8c4ed5392f43e2d50849e2771c2ee8458a234562

/var/spool/exim4/msglog/1sNZlx-0000Dh-2q

MD5 7b2534da79c9b25dd5f74b87d61f0065
SHA1 7ef4570babaef07287285fda921816ac8a773e2a
SHA256 97b91c55cf3fbe2e5c8e3b7351d7d14650704170f099da598b6ef8bb1c6b131a
SHA512 b77f6ba5226c939fd417e9d0ed1b2c077a446e2a75a6f43216fe28220e05464c7da9652a58c1b5eb226b192b35ee5abdc234b6946c545c8dfac691fb641eb6b5

/var/spool/exim4/input/1sNZlz-0000EK-GG-D

MD5 87dafb461b910094574a4fb58934b05b
SHA1 2c42947cbb8ef969e86c00e6707d5e0e4e2202f3
SHA256 87348d793ae71076bd4d7851749e3f21977cfd3b7c15dc421021e258d4cedad7
SHA512 2de19032c75858b9b5d0716c5f864061fc130baf6d8272a2d1923ec59813cbe5c38a978fa9d3cb24cce000c83109be28cfca71f60eb8f903fa2c5211ca348570

/var/spool/exim4/input/hdr.888

MD5 fa9db2e1a39fadecbe40b4fa924847c5
SHA1 3b276a9dd3489201b73a6e6f7344f7371bbb38fe
SHA256 8944fd5ce3c928f3c98b1293edada129d180bf9ccf6353c169e4cfc306fa81e0
SHA512 706e0836ee7e054982bc24189545935f1c35863b5a512a1c9119db9d6c87ddc6701bda508724a6c27d9f3196bdd6a5ac34e6518b313432f6bd4f756fb31dc651

/var/spool/exim4/msglog/1sNZlz-0000EK-GG

MD5 186435471c70c050c06216e73d68bfa8
SHA1 23cf742d5a53248bf43315a38f87e8a41caf5413
SHA256 6f8d2fe7b1dd03aaa4bcc14b213525938cf38be734a554653ea3eb69608dbb25
SHA512 e4295c4a8047337d77acb7b1b80e07aece6c36c3c8cab39c17b7551eb02d46315d559001411d29a5a0f24c31c477f9da44befd995388b4887f29f98dc6af06c9

/var/spool/exim4/input/1sNZlz-0000EN-Mt-D

MD5 bcac2a49bee7706a12f4bc371fb28c8e
SHA1 28752a9da254a3e66813d6dac7058e14e1b311a1
SHA256 d03958a6035366804d2c5382417874c755d63a0d41216019f0a6448bcb197760
SHA512 874693ae8ad62395625ddf16a56d9c3b4b237c479f56a48a1f20386ba49f7916eafb0ffce69432dcb0070bbfb7e20498f9792ad28e24dec8d7d17aa3ef938f59

/var/spool/exim4/input/hdr.891

MD5 d11ad865096b4a3b9f9cb0ab6dad4d65
SHA1 11a5f376707b461eb97c1a4700619f9e9548e718
SHA256 c1bac90b850a3a9ea8e8a1165aafbff0bb280909f822b1e5826afc0af1a15265
SHA512 8da85eb84bb193230542b9be943e280eae745a29185032c643e3b99ff8175a4b23c5ed86a7739ec17c32984b576f60feb54dadc7caaf83dd765538f3265c32c7

/var/spool/exim4/msglog/1sNZlz-0000EN-Mt

MD5 c8b60e648d550c60cd3e98ef633906c4
SHA1 1c67193cd7013918bc3bfd423cf87c7c991bb34e
SHA256 c3000642528a0bd24b283b0046d5ab191aff1d8fee5ccdc7ef95763e81e5c61f
SHA512 c061ec0915c20a07efbca46e1357fac7b7591f776a23298caba6941e8255497abe91d175e3f5363938d75a1d4b9cfb1bc35be8397083e8b428ea1738ff29ec83

/var/spool/exim4/msglog/1sNZlv-0000E3-Hk

MD5 72e54e9bbd3ce6981bbc4f093d6e4f21
SHA1 9c85b5def4aa8b3ac4402cae8cb34d9f2e200240
SHA256 82d97d6f6df42fe306fa63face7681c1725dedcb3619236a2d4e26f7305ab68d
SHA512 64624e8e428bcb21d977ee44ca9d9b5cc2ff8f7e2e4c6d53d240e15d9386f2db606f3cabc02d9c2a45f9d00cddf381d8395fa82a9672ecf6c3332b1217b62630

/var/spool/exim4/msglog/1sNZlz-0000EK-GG

MD5 d75562eb928b150b687d2dfae20dd8f1
SHA1 14c4e7435bb2f27f784d27066245d2b2e60dd11b
SHA256 faaaa3d5aafae258c1964f72c9deef8afe0a0408efdf9d03eb5a08e2873cfec9
SHA512 bb3cc6e54331ee9725a70978f45dbec76a1850fd20ae05bee6ff7863972cd3fdd8964972b2368f9bffa3e41eb473b13652079bc358ea25ee7c8f8bc836f9738d

/var/spool/exim4/msglog/1sNZlz-0000EN-Mt

MD5 b5aa16e511c9927a19e24e7190458eb2
SHA1 112b9f991c97b30fe20d796fbb9d922c02c24a22
SHA256 486f72489b915a9fcbabd40f782ea6f363312e524c8472cd4cc8c7c264969665
SHA512 46d7d85079111836d77157c107224fff7ed6774a59db21c10e92274d63eb069c787e0dfb8107d238bf69f71e013b96ca0d2962813e31ba7895f3d41395f3fdc8

/var/spool/exim4/input/1sNZm1-0000EW-Kr-D

MD5 8ee98eb9c521051b8fcdc994a22e744b
SHA1 c7560acb97f458618127db948142c1bd69aebed2
SHA256 0de0ff65ec78dfa76ed10f552aa5d9c4d7fcd74c374ebea13afd9cd8b46c3d94
SHA512 9039be6439eacdcae9394675c692ed6c2152071e9bd386484601553d7ffe9ddfbb6c27450bd3f0765adf5211c276ddb3fc84323ae50ce7035f0937746dd650e1

/var/spool/exim4/input/hdr.900

MD5 878b58c190a8aaac10d4f1826616d44a
SHA1 4670a6f933fe9585b421e950d82adbbc802aa7a9
SHA256 567fcb3360b1b9ce4f5e3ac820020d4fec3d4e3c2464a723a8d3976cfad436e6
SHA512 dddf1630bebef2a8f5aa57bb481abfce2bdee5b0ba72aef382062c24c8de2c3fea4e18912cbfcc01176d5ed83b082315fd0c2b6bca0ebff742f73b4dee57b845

/var/spool/exim4/msglog/1sNZm1-0000EW-Kr

MD5 c8caa79912467ffad1af56e513272f18
SHA1 891fecacd4b3e0a303f8643051d2ef31de0c6785
SHA256 26b80065efc8939c51d59dc8d452595c5dcb393405cbe1ad98d975354a499556
SHA512 2e447cc225dabae638ccac035e47207cd4b942729e7a470a98f56b4350858e83aa6b086256f4da0ec95a030fed15e5fba4c3ceb2f752d9026480e626a04a8cda

/var/spool/exim4/input/1sNZm1-0000EZ-PS-D

MD5 441bdc9a456c222608af59f1c66a71a4
SHA1 15f5f8f87759f17d29aeff962c2a7d99a796c685
SHA256 cf4ed094792ba259cddb35bb146d630637dcdb458c533d0da79d6de60f81fed9
SHA512 e7d244c7abe478dc1043cdfdc3423ca644a332c6ae8bd7c27d2fd2f36216f7936c8663e282b1f04c3236c8211f2039f2caa640b2038ad2158755a7b41d66b5fc

/var/spool/exim4/input/hdr.903

MD5 96be00d6d2c67a8359f42f80e5d12dbc
SHA1 0a629c1b4171541ea9e4ae5802ffc37fbfc572b6
SHA256 44b569ec4072fc1e0fa6cfecbce338d465064f2e3bcd176354ec81f1147d2447
SHA512 9f19da082dd95d5f56a65824c10a5c229ead0124224fa8a48ad445693e9c6523358c6ab7be35e2c9651b75f05bb12978767a0a13791fc92efb407be5aa5c7b57

/var/spool/exim4/msglog/1sNZm1-0000EZ-PS

MD5 67a3e67b376da1d8eceb11d29215bd0c
SHA1 31ad79f26ad32e5545703d69d59c7f58e0f1e963
SHA256 be895883c3e610f1a6041e5515dd14a0a7002a7d905c88df2ad3dc03fe766922
SHA512 a801d0d95e99194885eb3965ce21701f790825357d5eaafbbcb2d19d2ec8b3d3d2316f5197de0ff061dcf18718d751de2b61d971ac60d048d17a2ad971810eeb

/var/spool/exim4/input/1sNZm3-0000Ek-3n-D

MD5 aa6bc4c87c240f75aa2b3df87c2651f0
SHA1 93f00f1fe23c0845a936a64e1927d938cde7540c
SHA256 ed59184ff617181e8caf49fdf344b6472b7b76c179fd992b5ee1c6564f05d4a2
SHA512 b037dfe1c6977882871d6569c47bda3ecf9a82c1eda86a26cfb97e4f9dc48113ad017478c27a164e77d88a0fcba3812a1a7e71b138dc0220dd561ed1eb160bca

/var/spool/exim4/input/hdr.914

MD5 4d536e4b93b84a02a6612925d18f4ea0
SHA1 d57eae95a050e795102a80a80c458b946702100f
SHA256 6eee2ab6147841cc4909f0ad9db4874a0cb3227218150f7a6db08fc9a109e2e4
SHA512 0d9989fc0d7453f8f4af6885641851cd21e3e3d85dd1ca9fc8e5bc8ecb34ffdd3393cfd01ec116d24fe8c5832c5e73a88d3fbd6dcd20773ae3adbfd010599826

/var/spool/exim4/msglog/1sNZm3-0000Ek-3n

MD5 fb88e0c9ba11a2a914ea874c1b5c268f
SHA1 8606680c81c6b97bee26fc1e5a277293731dc305
SHA256 7b657d92bb6389f91efc716575f07d1e8003e609dac856ed3a071f00b6df2b5b
SHA512 d98e25f92bc65faed1f06293ab40b3535a67db4375f277de036843408cf9f8f51a31ab79717777c3eb030851766366b4e5c71202b93793e083f7bf101a56ed26

/var/spool/exim4/msglog/1sNZm1-0000EW-Kr

MD5 e61f47bbd1b9f55236f52b82621266fa
SHA1 89cfb338efaa48f6a1d261d1803992203f8f341b
SHA256 929ea77a157126fb3a05db7da48abb0fb15df31bc34d989e9085aa68aa32c2d3
SHA512 1c154c08c3df4d22c1164620bc51af3d2256b1db79dcd70fc554e144fe71dc4cf16a3f489bb80722eb75e8e7c202876f2fdb41498bb96a5aa205f1d33de52377

/var/spool/exim4/input/1sNZm3-0000Eo-FO-D

MD5 9526a87ddb408f5cf7e290eba8cdd86c
SHA1 1785c03c3c16133bb31f97e273857246a2b5c535
SHA256 2d8931ee5283252ccb6510364d6d60b82d5ca9ca990a2625bd8642d41cbcec92
SHA512 74d2e160b6a49992665353717672257b43cbfffd5ee8a7b71ebdbffbc48e41f6e1f2bb45c63ba42171a24c6cb8e1bfbf9d3bcaacad9b469a7a0e77a3bca396cc

/var/spool/exim4/input/hdr.918

MD5 b6610ec9b82dda5695f4334e14c4107d
SHA1 095b9c6811e99e97d616d3e21131d894034aef0b
SHA256 73de235f84930d23a4ebda6c24e4775e16811a7c1574462416e6ee9ebe6bfc88
SHA512 3bae0c87a1ee7ccc87e4d3f50da0a099f2a9e4c8ad127f065f66ab6d0a7d4af6a953f745a9172fe7083e4d9fce1aa00a294b02b27a3be59dbb2635085d161116

/var/spool/exim4/msglog/1sNZm3-0000Eo-FO

MD5 d617cf951aa6648d2c2bd137c429444b
SHA1 f698f39d445b81df4afd1bb9f7555880467c3320
SHA256 adfb0e1b8dec9a62e8d8065a9340b560fae7bc101532ff4498f727304712f155
SHA512 453e0a80ac1704facba408346c30a862c24f7440d952469cac54bd3473e741d64b2340a5dde30cea03e3bd89a183bcba9bfc2b5ae2a8184c7ff91c5f30479bca

/var/spool/exim4/msglog/1sNZm1-0000EZ-PS

MD5 f29b3374c7e055aa24272653f7291a69
SHA1 299aa95074d2b81882080af0525ce1ad281a2933
SHA256 2cbefe3e0e9a4bda630df204040c44c478fffec0e31b853075594591d0968194
SHA512 639b79559c918a4386ae731eaee1a67563a201abc4d39c5dedcf62df4ccd3be773003210adb5a74236962200467b3e4f93b53ba07a77407ee351a2a2b2efa22b

/var/spool/exim4/msglog/1sNZm3-0000Ek-3n

MD5 d7d1cd0b8c8d169fc13976f0f4fb67ab
SHA1 30acad9ede0ae09599ea60ad0a1e4768cbc6092a
SHA256 28898626cf3b84e4ed2dcb37af4c1f19e7106f25ca026daaaa458c832e376b36
SHA512 319c18d69067de89e2fed371f58e0f8b97bac8ae397e66b0209a69b22356cb3947a3ef67d20a6e5b1522053b618b06284baa2dfab130254f0cebfe4a363b3c40

/var/spool/exim4/input/1sNZm5-0000Ey-82-D

MD5 1f085b14dbd3a371b801f6f00bbbc3d8
SHA1 f2ed72765a2c17f8166630e76ddfe51c99f2e36e
SHA256 1356b87abb5aa003288a611e05d6723de42fc7f7a1848f75821eee3b49757deb
SHA512 f88722b4e146950b43b0558adac321fa3fe6c26f586e52f68f49415ca1a547f129ab6fbe8724bd7e76e5c5f17ef0dccf6e2c115dabe105829cf1a8c34d363bc4

/var/spool/exim4/input/hdr.928

MD5 d33766c7af8d004e35cfb2dacaa37cd3
SHA1 923d416208715d2bf53d95e73044d13f68916d71
SHA256 52dd0b12ba940c2b5d1b0afa6540078ac834664dd091c81c17a3bd50565256c2
SHA512 5929e149f19c3704e0d4d355f811eaca7e53f11a6881858aa54b8c0ccb1c19044dd0b7ad71ca4fb3450224f524e6d0009efa5cc68d3ac72e2a2321809ba53232

/var/spool/exim4/msglog/1sNZm5-0000Ey-82

MD5 7be131866d7d3302e9f7593bb398a03c
SHA1 b507f8f42ec9cf7c7f341f9d92d35fa6aecef21a
SHA256 ee1769108c4998ac2bdb436b2d90f86c787390db49da62f8d6734dd29f87a6cb
SHA512 fad5b1f13b190c462b0fb60486394ada8058f0c6fc02b8b97966dc6fa6f95d93628fd6a89cc87427b2aaaedebec8b40b05676307d01b348feec89f9b02f49950

/var/spool/exim4/input/1sNZm5-0000F2-Bn-D

MD5 9947c55475d8c305bf82dfd8f4013efa
SHA1 4998f27275a6ba84ea6582dcab6e459862d7c1be
SHA256 fb21e19776b5fc1c2cd8e13019794f054b7c64d9039527868ffe1ea821f08e6c
SHA512 e8e2e735e7465e10ce82a8df6d1fc58b6ff5ca7aa6f5f244ebff181f9a47b65c61ac0c611da7b569e194ee0eb230a7d9f2d5e12f69d719ef917b9e5f168d250f

/var/spool/exim4/input/hdr.932

MD5 012977ff7a2e44f945f5529803f1c73e
SHA1 0ba3f2ae6e8b3d2f2b365bc8244634888d176a81
SHA256 f00c92f964006cd230c88be35473b619671463142f19ca97064d11c458361a37
SHA512 0479e26169cf4ebd456492c1197f0a1a7f862e6d901e92aa27cfacc58a2ac809bb206b15a2eb3f8820d187e65d95cdf530f74b35313af6b278c0c44963de38f6

/var/spool/exim4/msglog/1sNZm5-0000F2-Bn

MD5 3caee101c91dc661fa7d426d7ecbc386
SHA1 5aed483557657f61b377074ad50a4133f13eddb9
SHA256 77b9757155a36e2bb70b83d9f499f1639bea3ae3ba42f4ca5a46678b8265856a
SHA512 0e9073a157aaf44b46cca045d488c85df907867525a8f52ebdb684be7d55ca7b9ce073430807f7d10d5a74f58750bae9d688f0e8dee20add2d62077c65266455

memory/936-1-0x775c0000-0x775d1060-memory.dmp

/usr/share/burpsuite/loader.jar

MD5 56a0eef3a96bf373db1298bc6cb63158
SHA1 f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256 1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512 d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492

/usr/share/burpsuite/burp_suite.ico

MD5 6e90fd2a5093ef7181d9f01f1d1aed53
SHA1 88df4a91627ab8adcc4c46738acc180fa50ee245
SHA256 7ae3e5b9292a92c750eadcb7b272202b043c401eee2837aa7a775c41700c361c
SHA512 a134a3867698b1c59dae5878e8538187070f326f5fd7926cc7e6ae44bf768db2088ba9579cd0aeca8584d0bf48f3b53619c6d32dbddf39131c8858847d959390

/var/spool/exim4/msglog/1sNZm5-0000F2-Bn

MD5 44b559187c1d778f38defc989bf379f5
SHA1 4490da1b81388b98327282e7993601fc8b629244
SHA256 4d55b41ab3c527c011537473a8378d94ba16fc014c3bb994ea427668bef29478
SHA512 8e7e1a0c875b3d0fd0d55f890f7661482e2707daf610340103e0f948801964c3543ef4dab52427a5c562ac46b2fa815ca3325485e3b24de2d0e24a83fbb173ae

/var/spool/exim4/msglog/1sNZm5-0000Ey-82

MD5 781ad83fb23c7f043bb317512071ec7f
SHA1 c23ff32373df897dc234e4546ab7b5f3bd2ad485
SHA256 3d409257a10479fc8eec00ae47bd36457a2aa294b268dd1e705a7773fe1e44fe
SHA512 78f541a2f1c4f855f98556c33b3a6090300793e9c7f5c2e94ea1ccd3aa4523fff4026158569798a9f46f9e04f605db15a0dac38ba90168fccf849ff6c366cf80

/usr/share/burpsuite/burpsuite

MD5 91f22d9e29f84119d6845b3c959d0274
SHA1 205288d6c2949890de534155eae7185d6aa96681
SHA256 3416560471aac7e55419b164a1f2da5aff70dfa59b65318546fae7458d9f44c5
SHA512 c1205c97da639144ed6bda9a05defa0ddfe318d4eee42d4088de79207ed4d34b85bbe9896fb2d27bb51d0623ac7b95fddf2492a4dbb2a4c927e8b2de4fe63d36

/var/spool/exim4/msglog/1sNZm3-0000Eo-FO

MD5 1aee5c87cc7cc3aa2b9b275dbeecbc21
SHA1 08b7ec82ede8478dcfd2332b8ef35ebd5b2150f7
SHA256 145cbeb687645df6a06cf8d6b99718047b349734d51d42c5e4499b2fb5413b5d
SHA512 ac7cbf8179321648180a49ddc6d606c055bb1220f82230a1909b727a85f3d983ef182baf489ffd43b539078b599162e0c781a16e5fad97c21b01e68168763fa4

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

debian9-armhf-20240611-en

Max time kernel

148s

Max time network

3s

Command Line

[/tmp/Burpy-main/Linux_setup.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Processes

/tmp/Burpy-main/Linux_setup.sh

[/tmp/Burpy-main/Linux_setup.sh]

/bin/mkdir

[mkdir -p /usr/local/java]

/bin/mkdir

[mkdir -p /usr/local/java/jdk19]

/usr/bin/curl

[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]

Network

Country Destination Domain Proto
US 1.1.1.1:53 download.oracle.com udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/Burpy-main/burpsuite_pro.sh]

Signatures

N/A

Processes

/tmp/Burpy-main/burpsuite_pro.sh

[/tmp/Burpy-main/burpsuite_pro.sh]

/bin/ping

[ping -q -c 1 -W 1 google.com]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 google.com udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.21:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

debian9-mipsel-20240418-en

Max time kernel

7s

Max time network

0s

Command Line

[/tmp/Burpy-main/burpsuite_pro.sh]

Signatures

N/A

Processes

/tmp/Burpy-main/burpsuite_pro.sh

[/tmp/Burpy-main/burpsuite_pro.sh]

/bin/ping

[ping -q -c 1 -W 1 google.com]

Network

Country Destination Domain Proto
US 1.1.1.1:53 google.com udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

win7-20240611-en

Max time kernel

121s

Max time network

122s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar

Network

N/A

Files

memory/2464-2-0x00000000025F0000-0x0000000002860000-memory.dmp

memory/2464-11-0x0000000000340000-0x0000000000341000-memory.dmp

memory/2464-12-0x00000000025F0000-0x0000000002860000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win10v2004-20240611-en

Max time kernel

140s

Max time network

112s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2484 wrote to memory of 968 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe
PID 2484 wrote to memory of 968 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/2484-2-0x000001C600000000-0x000001C600270000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 8d1e51ba9332122f555e143e35d15699
SHA1 d701d60aa9b9d4e4cd705bff13aba2c6d44e8911
SHA256 36ec4dafb8ffed078f2d9f9a93fb2b9ac9c7c5a30007fb0175625edcd5ed7d46
SHA512 7435dbb1febb3884bd1fa5650af616b0fff310748f4f7e182e59894974cde97338b14a698b12af7e5f99f87d6df596a6fd4cb230e8691b4767c262429aebdcaa

memory/2484-17-0x000001C600270000-0x000001C600280000-memory.dmp

memory/2484-18-0x000001C675890000-0x000001C675891000-memory.dmp

memory/2484-25-0x000001C6002A0000-0x000001C6002B0000-memory.dmp

memory/2484-24-0x000001C600290000-0x000001C6002A0000-memory.dmp

memory/2484-22-0x000001C600280000-0x000001C600290000-memory.dmp

memory/2484-28-0x000001C6002C0000-0x000001C6002D0000-memory.dmp

memory/2484-27-0x000001C6002B0000-0x000001C6002C0000-memory.dmp

memory/2484-33-0x000001C6002E0000-0x000001C6002F0000-memory.dmp

memory/2484-32-0x000001C6002D0000-0x000001C6002E0000-memory.dmp

memory/2484-35-0x000001C6002F0000-0x000001C600300000-memory.dmp

memory/2484-37-0x000001C600300000-0x000001C600310000-memory.dmp

memory/2484-38-0x000001C600310000-0x000001C600320000-memory.dmp

memory/2484-41-0x000001C600000000-0x000001C600270000-memory.dmp

memory/2484-42-0x000001C600320000-0x000001C600330000-memory.dmp

memory/2484-45-0x000001C600270000-0x000001C600280000-memory.dmp

memory/2484-46-0x000001C600290000-0x000001C6002A0000-memory.dmp

memory/2484-47-0x000001C600330000-0x000001C600340000-memory.dmp

memory/2484-48-0x000001C675890000-0x000001C675891000-memory.dmp

memory/2484-50-0x000001C600280000-0x000001C600290000-memory.dmp

memory/2484-51-0x000001C600340000-0x000001C600350000-memory.dmp

memory/2484-53-0x000001C6002A0000-0x000001C6002B0000-memory.dmp

memory/2484-55-0x000001C6002B0000-0x000001C6002C0000-memory.dmp

memory/2484-57-0x000001C6002D0000-0x000001C6002E0000-memory.dmp

memory/2484-56-0x000001C6002C0000-0x000001C6002D0000-memory.dmp

memory/2484-58-0x000001C6002E0000-0x000001C6002F0000-memory.dmp

memory/2484-59-0x000001C6002F0000-0x000001C600300000-memory.dmp

memory/2484-60-0x000001C600300000-0x000001C600310000-memory.dmp

memory/2484-61-0x000001C600310000-0x000001C600320000-memory.dmp

memory/2484-62-0x000001C600320000-0x000001C600330000-memory.dmp

memory/2484-63-0x000001C600330000-0x000001C600340000-memory.dmp

memory/2484-64-0x000001C600340000-0x000001C600350000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win7-20240611-en

Max time kernel

117s

Max time network

122s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar

Network

N/A

Files

memory/2436-2-0x0000000002420000-0x0000000002690000-memory.dmp

memory/2436-11-0x0000000000120000-0x0000000000121000-memory.dmp

memory/2436-12-0x0000000002420000-0x0000000002690000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

148s

Max time network

128s

Command Line

[/tmp/Burpy-main/Linux_setup.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/Burpy-main/Linux_setup.sh

[/tmp/Burpy-main/Linux_setup.sh]

/bin/mkdir

[mkdir -p /usr/local/java]

/bin/mkdir

[mkdir -p /usr/local/java/jdk19]

/usr/bin/curl

[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]

Network

Country Destination Domain Proto
US 1.1.1.1:53 download.oracle.com udp
US 1.1.1.1:53 download.oracle.com udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 e2875.d.akamaiedge.net udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.19:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

debian9-mipsel-20240418-en

Max time kernel

43s

Max time network

40s

Command Line

[/tmp/Burpy-main/Linux_setup.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /usr/share/burpsuite/burpsuite /usr/share/burpsuite/burpsuite N/A

Creates/modifies environment variables

persistence
Description Indicator Process Target
File opened for modification /etc/environment /usr/bin/tee N/A
File opened for modification /etc/environment /usr/bin/tee N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/burpsuite /bin/cp N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A
File opened for reading /sys/devices/system/cpu/online /usr/sbin/exim4 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/cp N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/tar N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/self/fd /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/sbin/sendmail N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Burpy-main/jdk19.tar.gz /usr/bin/curl N/A

Processes

/tmp/Burpy-main/Linux_setup.sh

[/tmp/Burpy-main/Linux_setup.sh]

/bin/mkdir

[mkdir -p /usr/local/java]

/bin/mkdir

[mkdir -p /usr/local/java/jdk19]

/usr/bin/curl

[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]

/bin/tar

[tar -xf jdk19.tar.gz -C /usr/local/java/jdk19 --strip-components=1]

/usr/local/sbin/gzip

[gzip -d]

/usr/local/bin/gzip

[gzip -d]

/usr/sbin/gzip

[gzip -d]

/usr/bin/gzip

[gzip -d]

/sbin/gzip

[gzip -d]

/bin/gzip

[gzip -d]

/bin/rm

[rm jdk19.tar.gz]

/usr/bin/sudo

[sudo tee -a /etc/environment]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/tee

[tee -a /etc/environment]

/usr/bin/sudo

[sudo tee -a /etc/environment]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZle-0000CY-Rg]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlj-0000Cb-U3]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/tee

[tee -a /etc/environment]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlq-0000E0-40]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlu-0000Dw-Si]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlw-0000E9-2B]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlw-0000EC-DH]

/usr/bin/id

[id -u]

/usr/bin/sudo

[sudo mkdir -p /usr/local/java/jre8]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/bin/mkdir

[mkdir -p /usr/local/java/jre8]

/usr/bin/sudo

[sudo curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZly-0000EP-4b]

/usr/bin/curl

[curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZly-0000ES-Di]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlz-0000EX-Eh]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZlz-0000Ea-JX]

/usr/bin/sudo

[sudo tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/bin/tar

[tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]

/usr/local/sbin/gzip

[gzip -d]

/usr/local/bin/gzip

[gzip -d]

/usr/sbin/gzip

[gzip -d]

/usr/bin/gzip

[gzip -d]

/sbin/gzip

[gzip -d]

/bin/gzip

[gzip -d]

/usr/bin/sudo

[sudo rm /usr/local/java/jre8/jre8.tar.gz]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm3-0000Er-99]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm3-0000Eu-G9]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/bin/sudo

[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/bin/sudo

[sudo update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm5-0000F6-AX]

/usr/sbin/sendmail

[sendmail -t]

/usr/sbin/sendmail

[sendmail -t]

/usr/bin/update-alternatives

[update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm5-0000F9-Pf]

/usr/bin/sudo

[sudo update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm6-0000FF-V0]

/usr/sbin/exim4

[/usr/sbin/exim4 -Mc 1sNZm7-0000FI-3P]

/bin/mkdir

[mkdir -p /usr/share/burpsuite]

/bin/cp

[cp loader.jar /usr/share/burpsuite/]

/bin/cp

[cp burp_suite.ico /usr/share/burpsuite/]

/bin/rm

[rm Windows_setup.ps1]

/bin/rm

[rm -rf .git]

/bin/rm

[rm burpsuite.jar]

/usr/bin/curl

[curl -s https://portswigger.net/burp/releases]

/bin/grep

[grep -Po (?<=/burp/releases/professional-community-)[0-9]+\-[0-9]+\-[0-9]+]

/usr/bin/head

[head -n 1]

/usr/bin/wget

[wget https://portswigger-cdn.net/burp/releases/download?product=pro&version=&type=jar -O burpsuite_pro_v2024-5-4.jar --quiet --show-progress]

/bin/sleep

[sleep 2]

/bin/chmod

[chmod +x burpsuite]

/bin/cp

[cp burpsuite /bin/burpsuite]

/bin/sleep

[sleep 3s]

/usr/share/burpsuite/burpsuite

[./burpsuite]

Network

Country Destination Domain Proto
US 1.1.1.1:53 download.oracle.com udp
GB 95.100.244.78:443 download.oracle.com tcp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 javadl.oracle.com udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
GB 23.204.232.117:443 javadl.oracle.com tcp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 portswigger.net udp
IE 34.249.63.188:443 portswigger.net tcp
US 1.1.1.1:53 portswigger-cdn.net udp
GB 18.165.242.81:443 portswigger-cdn.net tcp

Files

/tmp/Burpy-main/jdk19.tar.gz

MD5 477d9862374177c810b0b7d73b4f1e53
SHA1 22e24467abee736e965fc3f7228ebf3a607febf3
SHA256 d97f0f402bd65a9c26aa266246b0894c8d6762e82373377641ca779c46406299
SHA512 40503981aa19ea531892e25972422ee49405569b4d2300d10d0457341679ceba0f187552005cb4e457ba1a2e872bc003fad29dbc8f7acb2cdfc5cf92bd484478

/var/spool/exim4/input/1sNZle-0000CY-Rg-D

MD5 2c00f3c17457dc1a3b58b59c8feafdb8
SHA1 96a3c358fc629424e30b1623b5df494aa5b0ddbf
SHA256 b0b4f9a6884d5175f70e9438a0a28ea10809057140123ce9d5e5295e7a837839
SHA512 9c80340b88cf72f75b7ce0b4ce631a8c7af27da3fb18a21ea9cb38673d15a60a0c51539add273d8390bae1d150d3b537b19d1fb9d3c825f2c0e83de042ecb1ff

/var/spool/exim4/input/hdr.778

MD5 61dc620ef5b6d0efb5ba4a362e7e01f9
SHA1 64bcff59369adec2404915bb396496de0646c409
SHA256 c8068dfc0dad5d6d5fe9e81f5e400907f9e651f653f13c7eaa1d0522020d1e8e
SHA512 040763d4f5eff92a3e6ff7c6cbade9a33c5b48c5d0594c22b115a681f2a99d627ebe0ed928205b69b17840fc53837d3888a28a624775b54788fc18602823df3e

/var/spool/exim4/msglog/1sNZle-0000CY-Rg

MD5 f819b91eb100307ba875603280a4e05b
SHA1 aa50b151a2a904b0aa0736b9fa4fe8402629bfe5
SHA256 7dedbc41dc000db15f11c8e74bd0886f119cdd53a0d5e1303791df93f7de7e9c
SHA512 1b855016c9ec08b69e93642b62bf1cdfde0c518642473eb49bb68248c2111aeb903341eee8950a8e59caed2f0290fc0181bb13c2c77a623096435bcff6576917

/var/spool/exim4/input/1sNZlj-0000Cb-U3-D

MD5 9f28094456305a459d7038920743b71e
SHA1 7c62ebdcca8b31de684ddc9d71dbf646015715a3
SHA256 5d30088fcf1fb333f50314ea310d5f9f6af04b2dcf0f6b02e40d1a3c78f502cc
SHA512 6a957ee0dbef4be0fe7aa8c214c863aa3d76895f12d2316d76632a2786f1dc32b011f86470cfed2a31d33cbcce096ca8adbe713bf4b3d1288a20a35b87f161c9

/var/spool/exim4/input/hdr.781

MD5 93ba6b2a0e3037116ccbe450a8088060
SHA1 e9ead3cf508893991bfb6fc7609b1d59d4000b78
SHA256 58707565c41ee2eccd406b586d1262dcc9ce166da9e5c76b0e3c1fea4ab768e1
SHA512 b2793f0cce6f420aa2d14101455b25689d9b3affab9352607b960403a589c84f88c760b600438ae766abd311c3260200f3561fe0e6d4f54b6ce84fa4a487588c

/var/spool/exim4/msglog/1sNZlj-0000Cb-U3

MD5 7685f6d1ac4c10635711dc882a776f39
SHA1 860cb51bb4d3f54539a8b5d86bb3030404f82dc1
SHA256 8a639cc697c31e54e7338121111f5e624ced93b3157d783721732ecf049f83a6
SHA512 6c1e60aeef3d34794cb992af6aaa5cf0b21e20a851c3770266302aff0d1521f6c5b27bd73d1a49930bb12f03efdb73a636f689a6c02d1470b076bcf33c110338

/var/mail/user

MD5 a30e46f8640ef305975d8548bdee6eba
SHA1 c0cc506d546dbb42c1ffae44d76edc580925fef1
SHA256 205b199a6bea2182e8d9f667ce9d93ff3861d0e0ce93297db4609dac0b755d87
SHA512 e1d05f25ef96ed825022a97ca5b981198bfea180e0cd5078aaee44635d7036701e69692e662951dcbae8f144ab7e2e5170276a656fd376da129e1698ac879e64

/var/spool/exim4/input/1sNZle-0000CY-Rg-J

MD5 d7d96d63d643a4ce3e408eba7dfcedc5
SHA1 c53607f95c5c57beafc1d8266646797a035f76ea
SHA256 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

/var/spool/exim4/msglog/1sNZle-0000CY-Rg

MD5 aea3d766ad0b66d86ad6d331123fe606
SHA1 3ae656fc3cf9a284cc8d1bbcc2e2ffcc46dfe8b1
SHA256 874fc4199b2cb66e93aa624d4d92203b8a682a87841dada88a0b298f8a62e6ba
SHA512 f8a76c9b3983d320bbc045f2927358a30513c2613d40773cdbb3394fa6800d8d62eadbfe890f98533bc34c8b1be992314435bf2cad5557561f055b7abc2c08c0

/var/mail/user

MD5 74436d6f17f9ccd0e35b3160003db57e
SHA1 3b7e70c4375c296ee2b3915a2f9250b9ff6ff922
SHA256 2646546d44c758107a09135850d1cba08cd729ed536ddec65cb2d2d51aebd154
SHA512 916a003bc82d3c6f28eb7996e2fedd0e4796ad083941b64ed3941a954c06828b32729d0a6ce9d05444c3d37b1aff61e4c5a097b74ebdbbff22699a54882163eb

/var/spool/exim4/msglog/1sNZlj-0000Cb-U3

MD5 7b9343fae03dfa28d787db01fd149a94
SHA1 5662313bceb58f86eb8e8333fd7862c1e8e09616
SHA256 3d498ae7506095429145c5d4bb220b129fa81e7fc79a3bd5df1d996e677e3446
SHA512 fc4ea1fa1babe42e283f114642662c4459351e46f7f678f833ca457b2db0d4e81749e0c1a29092906886bac3fe63770246ae73dd2fe84ac20336ed480ddca8ab

/var/spool/exim4/input/1sNZlq-0000E0-40-D

MD5 e76b784686c1305c88915e8a15792fd1
SHA1 e71678bd8cb3a524527cd75f9856d434ff6b18d8
SHA256 f3e2addf037ba2aabce5becc4dae73ff3b668673d9bcaae9a71e50b77c9dcfa6
SHA512 3f4cb7e0bcb44a67f4df0a25114810b1711a49bb27ed8751f2d45d17a82c52064e89c1c82b8644b13236627999a24058414a1bcde77e9bbca61ee8d32ace923a

/var/spool/exim4/input/hdr.868

MD5 cce0b9bda284372c156f2db9af9acc88
SHA1 dc44b16230978fbc1052bbcb1a346b5e9ddb2657
SHA256 69875778e4cbf19c7c22276364903755a70eee476bf2e1343aefb38023262d14
SHA512 5c3c2ed6c910936bb3d75128ba3b327429bc2e258e0bd26555a8f931f00a5697c9e4b0ecc5e409f92942696de839d25287007c59db083d34a4a9fa5f07320d3b

/var/spool/exim4/msglog/1sNZlq-0000E0-40

MD5 b74c7ca093ff27ba698a148303099d5d
SHA1 b3fe64e46466ed5e5c73c1c2dccf08619a438407
SHA256 68da7ef66ca9acd3e74a30fbd0b249f3addd74b9307b859e27e1577ddb0d9ba2
SHA512 2974b06d7b7dfa9759afdf6cd42ec268bf8bb90e267af4a6013a187837dbaafe0d655d1d0b97491e8fa78f0ac6141b4f6094002e62ffc88db60a601654efa7b4

/var/mail/user

MD5 f4e596f46d31404dfec3a48bbc334a91
SHA1 6a1317208947df5305b8ebd4fe711ec0d71701bb
SHA256 58e91472ebca6bd572311c9cfe3f04b4494dd8828348eb43a9b8e5c05a837933
SHA512 01533646cb07458c78734f724be59938b1772ac55dd53c2ae1622fbc146de6680e248b74b73c9dbe9fa6bcced1ec940a1523a6e666a342ec770ca2a73fc204e4

/var/spool/exim4/msglog/1sNZlq-0000E0-40

MD5 e87497d8e9dd74892a6397321003214a
SHA1 d228c82e7caa32647f3b9a7bd1f59e7f6b6919d4
SHA256 a1cf0eb1a8fa08eff311a06b9562bce908fbe427cb202ef90ec9771ff1316d76
SHA512 92f28bdcba684ba0d778158cc0db3cae78717ae9d9d854046bfe6d8dbb5e8c088f04d47226456ff401f63063391242e5c6b2d7d3f938a55644d1b5984c26edd0

/var/spool/exim4/input/1sNZlu-0000Dw-Si-D

MD5 99a6d97832758e9f1ef1524306d399e8
SHA1 3d3b2680e59d9a02c6777e1207f629f3a64fdbcd
SHA256 23394856f3f7606f05470456a5bde728d621be0cac4ad792e380e3c6226fcd8e
SHA512 a1f7e08e33e76985953219b0dd7bbf4c1d92fa3cf18fe32cbdac2fa26b499b022c95a03dedc2fa750139ac58a08921153ed7c4d8c17cb71d5b2eb3a4770a1eed

/var/spool/exim4/input/hdr.864

MD5 707177204548ec5f5c5e59a6e4e24fd1
SHA1 26ad06a102c6947998cd80065fc846c7287d5298
SHA256 9601004aa7e53fb142a9e4216ec60225bf121a012eac064a37d54ec8d1b9a678
SHA512 70dee89fb6044f8e8ecdb6436e6acc5c87b24c030acd4661b620d6c595927cdf507a344f79b40814f263df7f86cd19eaca9da0ee77aa8ec1341b105c7977eae6

/var/spool/exim4/msglog/1sNZlu-0000Dw-Si

MD5 a65baceeba88eef4559b626c2bbd6f71
SHA1 cc4108dd6b6928a8d96bda2887d9922b1f952791
SHA256 363f219a223152b352013c288d5bbec6e999b5656e1a87ca4ea9cedba7d440ac
SHA512 96121d14cfb838ddf4c423c9804ed9b7a0de11432c8309c58264b2b2063b1648d410f0680ecbd2678507b784203ea9e0cf97dc11ef1b0ce6ea14626cb872b538

/var/mail/user

MD5 7451a032b5e9d8a2e8e605108d652f3d
SHA1 d31f0071ecf7c58d85e0c5fa5185966b6163ce85
SHA256 d343ad56847a0b3837642f79d36dd281a3e589ac5621ed1e08242a3c224910b6
SHA512 236f2a36523bba7def9aaca9fb0f517d944b42eb29adcd11c90ed5f67fef763111a4be64fd897937c300d3380b76f2a99c226a2eec982e3108cf46d77cc029e4

/var/spool/exim4/msglog/1sNZlu-0000Dw-Si

MD5 5fc88861bd28d1d7cc3838f0d6fb6f98
SHA1 ad633254aa0c5af1ce3d158f2a519c7cb841742b
SHA256 dafaeee0d66917cbcffbe5c4ef2627ee2b34b5e4de2ac5847b55a560ba0b572c
SHA512 8349e0153e0019c0acb3a7b0dce840c204ac314ed6c1c12db049aabf519a492ffce0f3b1fd0025bd18d54ed6e4bdc7f53d63490f70244bd89e9e57d6d993d621

/var/spool/exim4/input/1sNZlw-0000E9-2B-D

MD5 54a98ff0812a55e1196d12598b7e051b
SHA1 f170031e0cf3ed513ab4a7fd6b42aa7064db2e59
SHA256 a2d521237116b748431209db8f89a313f9654a68b372cb7e079705a14215b27f
SHA512 3224cf8966a80e25e4f0a417e8cca06057bd0fbdbc99c6a7fa8a7222d179285e79d104673f922f2dd3867a0ec2024ad9b4c8250c312ef0cd4b4c388b1be178e2

/var/spool/exim4/input/hdr.877

MD5 913a339b55365fa147d7fa1673214a19
SHA1 eba9e1e06ae97f9a87edd0b8df8a47591998f157
SHA256 dee13faf75fa752f685ce9bc9d2c130e9348015264b1dbeafdb4e075a1cca6ef
SHA512 2e3bea13bbdb87d2db7fb0d27e0289a0b80bf8a5520a3b09fd2b733b0f8093584c2b78b5aa733b22180fba8c0c09b6034dcb1372d0dc4f0e0e4df326b81380f5

/var/spool/exim4/msglog/1sNZlw-0000E9-2B

MD5 583fe70b70fb472a1baa771281f94b06
SHA1 72978afbb1296b65b2c3465409e6dd9e0efc2c5e
SHA256 34878637628b890b7fcd0cd15802966d9233c9ea6bda3706b65d3a391b70abef
SHA512 8653d393dc58f66aab45339e0e8682ca0cf194fc904ede233a412431c72ca9143c456e9eb1c4c1ae7ea0358c721870fa67b6cafd4533b9857e4c48ba6a7c5331

/var/spool/exim4/input/1sNZlw-0000EC-DH-D

MD5 2cb5b9b7e5205e4ac0486ae03529d1ec
SHA1 ebbef5e4acbfd60be8404018336c4aa4cd1dcc3b
SHA256 c7b364caffa98a36610931d4cb4396034e053233a501fc3b78b3c8f0d1349a56
SHA512 9fdecc70395c25538c797cd4af8985270cd5a166a9f995093d44351eb58d73e174bef7a6cbd776a43df6413bd993308462e8cfa463aa278d5c5db182daa75056

/var/spool/exim4/input/hdr.880

MD5 a754f4e11443f08ef86c8f720186ddfd
SHA1 0034344e8175f51e11479b8f4e9baac442f188ec
SHA256 a46bf536e3a9329f6e4dcc1be183724284347d4e0e081756624c68b8f25c0933
SHA512 4df4898aa7f817187f411f70610ddcb51307d5b9b65368d79598fea86130bf2e99fdf9111baf5d608b51e3c4f8fd004342fe1d28829e83bbe72497929f672def

/var/spool/exim4/msglog/1sNZlw-0000EC-DH

MD5 5546b89b2026bfeb6bddee140e4f2ef3
SHA1 988ca2bf91638cac82b0947a58a9e5bfb55bf20e
SHA256 27a589c12f1734661855282da1bda57e5831d79081909c4a829daadccd5c606e
SHA512 1b3fffbe613868a5b1411885d3f0213376aba66c27383cd7d486ed82a4fd1a836b1b3fb9ced6f1eb3184fc6d082acb5b31bf30af2ba4592eda820ee4e6436813

/var/mail/user

MD5 31e24f1f690295bedab9d89b453c8d04
SHA1 2eedf08838cd8d032e458535e9042e76de60a1e3
SHA256 c29d67ec141828541494b67a7b9735605cdd4dba4faacd0fb2c363b4e4a0f7fc
SHA512 6dacc8b6911205a12f95643531ae9bc9045ce801b6373355293922d110d5f62f2fe70950f5ac056f23496deb2e321814c3859de440fdd91b776169969278fa46

/var/spool/exim4/msglog/1sNZlw-0000E9-2B

MD5 e0ffa29c0f7c0300cbd9cd4ca650e667
SHA1 bdc32b972dd4f1052e1e30d04b83912a24ce3066
SHA256 f9dd1c7cbc6f73dd89d8c79f07b3f0f4c8ca4d9aa85431c5b5ea7c9e9e358e44
SHA512 9cf738eb3fef98c396232e95d25fd48a55539f7c0f6598594f62ba7f4d33c61d54a5bc40257e08fad73856ca4fdc3f5d18e61d8ac4f631076b7a27a957c888f2

/var/mail/user

MD5 446027e287dbc76a341b6afd987d463b
SHA1 e91aaf744a29f07b61139d4f204013fe4d0ebec8
SHA256 d163883149a61eebbdf7c6860faa9d1c571b5aacb089837342c6deef6a0ffa17
SHA512 0967266906cfb59dd739715a67e52336145d69b8f309b9f487e92cd830e63332ff53f01334d042a9a80700dcd1b2c46f79ec1005d9b78447d603076f7b620990

/var/spool/exim4/msglog/1sNZlw-0000EC-DH

MD5 098077792cada87e667a0e1986b14410
SHA1 19d65e847bee45bb4056612d3fbe55b7a3b01e2f
SHA256 39b0772bb58b38be53ccf30c318e607879bbcbe656f2e369f7181a37d3cbf8a7
SHA512 f6dbab96cf28185ecf335b0c39c498c565359e422c618558358674fa94c9be2ac734a2bb3b3774ddb39533fc83717774a4720d6a0b63ab45d5b55201447ee8cf

/var/spool/exim4/input/1sNZly-0000EP-4b-D

MD5 7a7dc5fab6cc24565f3f1de5ea6f63ae
SHA1 29b01a906acf7ce167134725f121d247bad3ac83
SHA256 470998e409cb2ab3e70beca0f3a8b4661a6f4558b18a7bb70e6fc969c09a4af5
SHA512 4edd12ba6dc5dab188e1e7ea41fe43162c9ad6ef338b87e24134849b9ad4c80464e77dc517957f87e5d71e0785d447b26104c4bbb92d06612a78d7474dd50d31

/var/spool/exim4/input/hdr.893

MD5 fbae815c76160eee6aa1d1cdae2e609d
SHA1 bc143bd5f8368dd216465b6a7fc480917d5ab09d
SHA256 34f0e71a9fb679a7a454f873af8065ee8f9c75bce2c89f0b8ba3e319cc535616
SHA512 a37e3da78f24137de85bf7cf47aee3c561e51059906569f9d409b154945d1f03d94ea9d01f0462110399b74ce060fa3f16ab5f78f126c7492479491f325955dc

/var/spool/exim4/msglog/1sNZly-0000EP-4b

MD5 a28cbb12292f643bd62fece10438a4fa
SHA1 b4909c6db087818aeb682aa6beb2c90f70510cf5
SHA256 85e01c69a12486fabadfe8bea0554fb59cd0af75eba882c57194a98acd62062b
SHA512 0908e26b995471382420ddd83108e19d7011d64508a0f5f0ff0471bc8305622075d2604fe181359f8a7546a4e0f8c342a8c33e69f3563476d14e0d484b1e8de5

/var/spool/exim4/input/1sNZly-0000ES-Di-D

MD5 462bc76a995a31cc7df803c197d7b9b5
SHA1 0cb0d63fc6cdd5ef897361d3ebc093f9054d2ae8
SHA256 b5f64d34945297ae6b8a9acb8c87edeb9799b445caf0b86137f583dafe9e7332
SHA512 23727f3417bac37b65e6990141a12b54500376204a492f3407b7574ed5d40ad9884138ce25b756a35790eb1d3c411341190310ef4c7a6676d56ab5330901a2cb

/var/spool/exim4/input/hdr.896

MD5 bd7d66f45bdd5662be7a2a6ec1f63a9a
SHA1 4abac2f33a1498bb09be5c7ef09f0056f03375e9
SHA256 e66b0c07cde15788ac80c7eca48d823d2175cdf88051ccb681a101ec7b43bc5b
SHA512 848ada62e5a32aa730eb0121cfb840974495fb49a2e3995f6dac2caf2c286a17457b6287153834b918f1747f9edfc0b5e50f19cc4d432fcb428fda4023d4c867

/var/spool/exim4/msglog/1sNZly-0000ES-Di

MD5 53edb9a450d4f896ee932d0ca80a5f3c
SHA1 417ad244f0ae4b362d156f9fb64daf702e501469
SHA256 7a9f5839d19ddc525ae3dcc2542b3ade72d0d79f4686611fba30f6ac50d5fb63
SHA512 1475b225ca23eb99f9d1ab08214509a58baeb0e40dc7cb7a988a3fcd73dc31913ddaaf1ca301dc2ad257967397882d98d6ff637cf9cef64b80fc2b19584f245c

/var/spool/exim4/input/1sNZlz-0000EX-Eh-D

MD5 71b03a25c4802882b97dc889d90f0472
SHA1 fac4dab7a0b006f1cb8e69fd70094acea1fd0494
SHA256 e812097d8dd0583209c4cdb33c2419def0e21bb252cc66d9756f70a9254cf1b3
SHA512 bcfb24094d548177c8eb4b6c07788b684ee0334b8316dd276217ae5e20f3be2b7e32f6dc7d73a971237ecc5ef35e3ceb0df10aea439844d4e96b6f0dd869d1bb

/var/spool/exim4/input/hdr.901

MD5 878927f37f426b1cbeedc5f10e376e1a
SHA1 4bf2971d123e19ac81c79949094c82baac5d2f99
SHA256 e39ece27481c26705eda0b98798c6165f0f8a6b68b97c657510db7de026201bb
SHA512 ee81da42ae84f4c53ea4a552b1831b86372831e2541e76a39f7a51a322e8949d6b00ff1974701223ef82e613ab28c9137c7763a3e1a39f95f2e103d2ca654938

/var/spool/exim4/msglog/1sNZlz-0000EX-Eh

MD5 08c6096d087003dbdfce897217c925a6
SHA1 ccfd843897ade8eb22539b91174a2e79552d7875
SHA256 14b88140444fbe1285d60bdfcfc5a0c55152956455de6f333d8c7095ab821e1d
SHA512 737e672a357dccdab7079273980b94189f44832b94b7cb1b87b2f65f80f8f5524b5c5e89841d46a826d8c18899b4f2c92feb69f82982d83d18b1d4288c643e33

/var/spool/exim4/input/1sNZlz-0000Ea-JX-D

MD5 01ec46df9bfc43b33ace78df025bfc4e
SHA1 5d12f8f570b2b5c23059420439f41b84cd522373
SHA256 22d96591461ba975c10ea535d027eed6ab240a9aaab237b8829ba36225bfeb6f
SHA512 c238d2f3f335dc695961f92c363a8280d7bce374280690cda9a71a6f7784d0e584e8d72e73be735ae8ebefec0f183cbd03433628c3ec257da9c9aa813b7aad04

/var/spool/exim4/input/hdr.904

MD5 7a6c4c71236b098583ec88d906887ec8
SHA1 49f66a342ca57cfbcdfcd41e1fa7dd6296223650
SHA256 3bd85721567161b4efbd43226c9643d55c09b5cf165c13c4600c290c26cddcb5
SHA512 8e3533ad337a7e1bc7ecce412224adc23c3e6224e788bf4e06136f7b9f9ff723f5b692c7bf70f7ea9873d1e911a2033c0589d0f144870a62a2006144cfa90f07

/var/spool/exim4/msglog/1sNZlz-0000Ea-JX

MD5 145c5048e071b0f3e2b46f524e2505f9
SHA1 27fdd07fd0f5a1624c41572e0e6646866ad85945
SHA256 ad19d3d68a2a6e82525b79f41d24a7ee7c393a04cd6c178bf1db9fa4df15f700
SHA512 d7771b73b21b5e966bf31b37eceb253c7a1146d976684a26082613cbf471b7e068ba8fbe77364745836aa38af448e344267704b7f4e176d84987a2ae8b9f0825

/var/spool/exim4/msglog/1sNZly-0000EP-4b

MD5 b6c1d8e71af8531e095dfa98c0ee64c0
SHA1 8315f6e0324dbb37768daee02679ce46dca6e2f0
SHA256 de4116fb915f6cdd9a2da367a05ce08aed3c29af11662dc74be776ad3d58d970
SHA512 7cb59a9ed65c59caf2303e051f48750ff9434a7ac7b25705e13eb38d048e571366986da9a756141c395e055c2c23d2b71630555ebe1712effe86328313de248b

/var/spool/exim4/msglog/1sNZly-0000ES-Di

MD5 4acac42a37434738f96276fb4fb60c7e
SHA1 718f1667d546727960e1fe7c5eb3db921b9e625f
SHA256 bf597006bbd20a8f75d32856ff4308331dd268336388d0d4e6ccea966227662c
SHA512 9807d8a4fe72bb027e603c5e98ea3cc7f552f2b9b5b48be04f87b6867c28595f02c6d041d8a76ee781dcf9eccc14e4905fb1d1029125601e1a264b7fc95890fa

/var/spool/exim4/msglog/1sNZlz-0000EX-Eh

MD5 780f04597cc6812c366cfb98bf7ac336
SHA1 9c7512cdc0fa75bb0c4ff7590639a99f56b00d7a
SHA256 6fcb0170fe035a6af569e39bf9abe833299f22a5114e895ec4248b5339f9e086
SHA512 84e03e75e9f92e1df0243428c7d3f812b54044ba62caa0c7805f9bb2db3dc2e68f8781370613a0d4177cd85e925e8b7a7d7a406b01088dacb4436eb545566be6

/var/spool/exim4/msglog/1sNZlz-0000Ea-JX

MD5 97367c8ece0e18f03d3c0f5780988e18
SHA1 c0ae8499b629fcea75ba3d46cacab333ed72bef3
SHA256 c91d57475e1762cd083e01963a5fcdc1c28bdd2dba6efc0de419a6657b2a109c
SHA512 945993930fd6ae1bdee71bcea0e82510431f17f7eb1c4d5dc6fd6423250b6d4c25c41606e0cc950dff184854d35fc03b32028992c65cac12432e77de962906ac

/usr/local/java/jre8/jre8.tar.gz

MD5 29fd49c59bc4df8670dcdd57e74ae2a4
SHA1 3fe71fa89a806c5e19e8ab19584a4ee206e1dc4c
SHA256 43f3533bac729d5c3c1f304b91f3551c86b1a6eef55a12a10864ece89bf9aab9
SHA512 1718e249629d081cc30242ab65b97f51e5d47bbb5d001529e4aefdd8b928d0c317aa9bb67557a863a20d85c270367933dbca9c7cea377aaa2d4b29f47ecb168a

/var/spool/exim4/input/1sNZm3-0000Er-99-D

MD5 38c3b116082bc6500b495aea92b94b0e
SHA1 48cd6b0904a7bf0c0f94dfc514b86caf97ce0113
SHA256 85378a3cea7fbce37fa383ee78d5a9b7e785f9c5674d82c4704bda7df2c3e8d0
SHA512 db6d803162c731dada9bbed3f26e61fe7fec00a732891bce57fdfc85e70dc902d59dfa8b35b5c6cd2c6b48cf1f18a2c3c62aaec3512468ab1d9a581734a06568

/var/spool/exim4/input/hdr.921

MD5 34708c4754837d209c5b7b9814f81623
SHA1 6c1fc17d2da91eaa1dcce16e2ed77b7b547444ad
SHA256 4c525580b0d515b75025be94c24f619783af4aa266c47e475a4bc3c0bee3233d
SHA512 0ece25f31252a6b471de26743d33ef8ddb431d3de94737ff6cb0d9a5b98f2313d0f3604600c4376660c3b9d4c1cfcac02b92ede8de90909223b9611d1339cc5b

/var/spool/exim4/msglog/1sNZm3-0000Er-99

MD5 c656eda51ba922aa2ecff6b42d9582f4
SHA1 5c1838ba2da6a89e837b7ee89f92a26212a0629b
SHA256 683f75d807a31616230aff6d1f69cb54491f9cd17914083c568d93912019dacb
SHA512 531ba41e9477ee2864f4b84b8da32b454f1fecd9742a8f4052dcab89ef506e0b4403adadd1f1797b08a27791d51d2c929e0bc7a20590fd0745fd5dba4b384947

/var/spool/exim4/input/1sNZm3-0000Eu-G9-D

MD5 1f05283324f6798584b58607362c5b58
SHA1 bcbd6b497e79850ead67d16323f924747bcf8cff
SHA256 6acd4c04e164e0e7d30dcecf77473a32035a754e2ec7eead62b954d2fe787383
SHA512 fedcb9c3739eced960ce6b520409b59618bdc7b8deab5885774dce969781ab075ba79a2c5370f6467485dac1a103f0cfcad16b4d461b4de4a90ab26ffa285e40

/var/spool/exim4/input/hdr.924

MD5 e47f378dbaf74a7a22bc5120894e0ba0
SHA1 b57aaf470edc48c0c0954987b0d20f104dbd2511
SHA256 76c787f236815daeb2c39dea2358ca3c15d657f9717e3f1dc67844cd4b18a980
SHA512 e5964d98b405c7897da5d30eff13b8fef8712ce2122d1656bdc1bc1c361e1e0ddd56907bef79716a01466da3046f8e9bfcd5b9dfccd1dc859e48aa0e54fbdd8d

/var/spool/exim4/msglog/1sNZm3-0000Eu-G9

MD5 8fc09465debde9f8492d64c73812f13e
SHA1 210c152dade885ed9a3c311a66307fe83e8b3f1b
SHA256 aed0957ac43268c08803927bb90b839ea5f31e645a420a887895d793e38325ab
SHA512 8d25dfaf9bf64c965f8c6783f51b71dbe66a285e7d3abea109519f36b427944dbbb683d092d592975265b90612e0ad18b59f8355a7e157db352981915d10b701

/var/spool/exim4/msglog/1sNZm3-0000Er-99

MD5 ed36bb3790d5278dce29e0bf949d5dc4
SHA1 ce74e6091135737dbbcc4c71929b8f3b6cbde46e
SHA256 d538d1a0c9a60601dd4e5a119b5d888cc4a930b6432ffda2121340466fa293e1
SHA512 963d6ae011b6c84f7a680973ef36934fcc12064c2443d3dbeec16ef3b5d88a5ebf8be49db20034f3cf8c5aed561014a251c1acc9b2d50d57728294f8da922fe4

/var/spool/exim4/msglog/1sNZm3-0000Eu-G9

MD5 ef9328730ee140357761ed0dcd62e918
SHA1 ca5225186f25b081422a752c7c44509ea3e03e72
SHA256 3390e31312d08019e96374bed99225d87200a59f6eb028f0008c9b3e08721d3f
SHA512 b09c6bc5b49cc9646232ba2331c2e0f30c9fd831f0f7d255d1d1fe33dcb65cb36606b98b237e1d27c908f490af5e7cccc54b9adefad42f8a3b25fc5f6f7af3d3

/var/spool/exim4/input/1sNZm5-0000F6-AX-D

MD5 def6160efc118ff56f69199a4aebbb49
SHA1 26e7085244aceca9327343f14c8aeab42c0dc2a4
SHA256 ca6134bd636c6ea67c404c622cfc271bb6c3cbec9086b7fcfc4528f317d4492c
SHA512 2ce106d4a591ac86c9cd15a5bb955798f46d6e27b4ebae6c68451a7aa1a784bdc67b97c73d110c405fe07e2f1ffe5e64b2f83df33c9cd72ef1b96cdeb6d8fab3

/var/spool/exim4/input/hdr.936

MD5 210d2b23119e03197764dc38803dcbd9
SHA1 4843a0ea2d470d7ef97758af8030d017fb5d40cc
SHA256 00a0337eb0d70d046e7e7e6e3cf181c66ac14b8b14f92bca024859c6f81e3991
SHA512 10a2043ddd5ebb45c40e06df212b3a17c6057d214fd59002fb4824229a5807709cf7e81c4e671ed1379cf5a6bca6c8dadd8d7aca52e7ef348fe2bd99d1faee5c

/var/spool/exim4/msglog/1sNZm5-0000F6-AX

MD5 e5b2ee12d34178a66fa0029afbbcbdb3
SHA1 0397506480232dad85fc91be3562322e7eb77470
SHA256 4699f5d0bc0af2515de1b3891a647a4f5d653b7c30f1d049a259930760c22010
SHA512 a60439247725e40f234bd775977758c64962318704cee3899cc23f549af8ba8d5b32af80f6aa877d8bc4a884310a3fdcf92d9ec10c059b2205c204eaa23f286c

/var/spool/exim4/input/1sNZm5-0000F9-Pf-D

MD5 1e1cc6e48634cc324922d0f768571b42
SHA1 ebb15541b29288aa66194edb5579ca557e3ba8ae
SHA256 08c8600382592a88c1859baaabc32db86c181970cdef44fdcaea534508870c2d
SHA512 c04e77126f483dce26332dcd7f22637a1ef242b8ae66c15ff4fee982bba38bb27fb37971991d19878b5cf95953dd746599f034ec30559524b05cf9489ebe4a8c

/var/spool/exim4/input/hdr.939

MD5 63007fcfd0db49be21dcc44b445f2b5b
SHA1 3ddaba35cfd842ea401c0133b57ed3f5e77615c1
SHA256 d138d9479587704735dd0a989177f85434d4d674a3de12455dd647822e760b39
SHA512 9fee192c5a77b1539a40cf93d3e7aebe5d626e62927e4a1aa8f96974b03d60e8a7b3f69685e1f85ebf068a0890a202e8dd3bf5c17e5afb91ca5b956668d891f4

/var/spool/exim4/msglog/1sNZm5-0000F9-Pf

MD5 a014570318b67acc69e42c23691fc28f
SHA1 04223f75ba3304a9e68ad858b6fc1faed5f5a451
SHA256 33d6b69f5c0a527aaa7c7837ea438306d762b52a679a0241b048c67ee8dd7e13
SHA512 9dd4df6c5517e005bbe97a0b607766481baf30ccd1b0ae47293eea83f1e438b897457204309484a679d092783026b3162bc18e6740ebf56ad7963722646ebff8

/var/spool/exim4/msglog/1sNZm5-0000F6-AX

MD5 ae7c7c2e74b2b4e55c4a88070d9c1a8f
SHA1 314800bb552b46e3afe010421a3bebbbdb07c777
SHA256 41dd291d27f11cdf573331a6c502b377986162b4af4774a56342096199012b0c
SHA512 2cfcfe68c0133b219fca7e739596936676541cea28a162603853b39b2e1695b1f0b09d593112cfb7ab9ab3678554d4e0050fa723086214b759f1073f7b7e79cf

/var/spool/exim4/input/1sNZm6-0000FF-V0-D

MD5 e5166166d11ace0aebda0059f288bc84
SHA1 ed9309f8b9cc58762b6cb442ed26a7bae2d2b3e7
SHA256 9ab15cdaf64ab90bfc80e894f30d50673f14d8323f06d8d8c37411496aa03ab0
SHA512 493291b1e500884d48c40a3e22627774a49987a7cb8abcd069dc3e771d3d1227e84aab9954256a006441313c5cb1fdf8e34b35c20dcb0c9919ab7c8dfb92cc58

/var/spool/exim4/input/hdr.945

MD5 470df69cf7fa4b4c5987a16f24e8f625
SHA1 53caa0a2548af1b3677b577fe5d98b2e107b4c72
SHA256 387dbdfd23785f5b403bd3130efac0632fde75f71cf2527320eb888e8e1d52f0
SHA512 d831fb61629b184e101ba1c22d0e28ef4f79fb3701e32f7ac30a624acbdb06ad6124b9d806f32ba8c4a78fc076d2b50cd9e73827a2b9a77d5367cd5459ccb3e8

/var/spool/exim4/msglog/1sNZm6-0000FF-V0

MD5 b4612b79b9cfae8c4f94123539f9cc77
SHA1 f0f454141fe32c6d71913524e2d1c6a82cd7bfb8
SHA256 28ecc6b0e46635e01ef83c420f447a03e399379443379261da6d3a56863c50a3
SHA512 f025eae1aa869e9161aa769a95eeb6d82443ae0fd39e5b7fc2fa9493e53aa54780a2296bcb1c7217e9282e278d683e3df776630bd7fb8d93ac88e50e7765dd98

/var/spool/exim4/input/1sNZm7-0000FI-3P-D

MD5 030207c5919adf5ef8150a2940d7fae8
SHA1 cb70316c86e41a5d7693198f6c69b05d8590b57b
SHA256 81ec0c90c98b0484ffa10a0bfbb80b1b3cc410ac709c64298baa9ec24b5302ec
SHA512 cdac6a1bda42afbef1f048c2e5f17aad8281d75325adc45d6d024ffc053ce91e2c39cae851319d0c7625e03b8a9b7fb108a347e6f5eb76c00421a9864776dd5d

/var/spool/exim4/input/hdr.948

MD5 910ace0dad04d48c2589246c27908683
SHA1 af0d9332d304f13e0b42bef0fd1e19d532b47650
SHA256 9716d0e9f7112850ad2d2a32861d2a41df58f112428ac5a4cac51590eaabe20d
SHA512 8a03fd11e827a4190a13f349abcfff7bf76b06dab8f65d75ede347fcc530a0f26c69f62e0f7b141b02324b5435251a86bb3556fe8af62c7be9850e2c3ee9d63a

/var/spool/exim4/msglog/1sNZm7-0000FI-3P

MD5 ebecf7c999525c5c214594da3560acb2
SHA1 64af609fd4019e72c168284daf4d4ff3ea08c745
SHA256 8bf81c0e886a6cced8b23bf1c2b27671718f93eef0a037e3105c29cec356fa4d
SHA512 434a77dd051eea8b8f96b648ce8276cb4eee3163cac71f37fc981c17cd86756559e14ff7009e5541df6a9e4d885008c960c9ca0a07b7e1b49f2fcdfe56233fb6

/var/spool/exim4/msglog/1sNZm5-0000F9-Pf

MD5 03b1978f121268840e1797dd874c59fd
SHA1 f7ea9ae619b944aeb8c32f5e5fe117b4bd847a81
SHA256 3d48cdb51494fd2a05b1dc631fdf1541909a0b6ee075e25c06b6f633b2e20f14
SHA512 63b31a8368fe8db39d56bf211566f670163a5670e55ef0371402c73259d911ca3b81cdec501738afa1b8a514462e68d52f5d449568a5f5c188e02d092e8a21fa

/usr/share/burpsuite/loader.jar

MD5 56a0eef3a96bf373db1298bc6cb63158
SHA1 f9fb9175a901f4fede20b9d61eb4fadafdd1feea
SHA256 1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3
SHA512 d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492

/usr/share/burpsuite/burp_suite.ico

MD5 6e90fd2a5093ef7181d9f01f1d1aed53
SHA1 88df4a91627ab8adcc4c46738acc180fa50ee245
SHA256 7ae3e5b9292a92c750eadcb7b272202b043c401eee2837aa7a775c41700c361c
SHA512 a134a3867698b1c59dae5878e8538187070f326f5fd7926cc7e6ae44bf768db2088ba9579cd0aeca8584d0bf48f3b53619c6d32dbddf39131c8858847d959390

/var/spool/exim4/msglog/1sNZm6-0000FF-V0

MD5 7dd3ec74d866199da8c5a2f66eb79bc1
SHA1 f52e24383dc0ef6f892882fe99f0d3066b99cff8
SHA256 0c6afb8721f3617abfbacc2410f998a37a030d276c54188d8a534450e0bcecca
SHA512 0b5904551ea907cd57c378aa0d29537832ebf277540617321c43f7a8e246eb85b636a593a41e0703e74bbbf6575af8ae27395327785ae320696647709698cefe

/var/spool/exim4/msglog/1sNZm7-0000FI-3P

MD5 1fa7f2fed0501a004782d7e01231e7a8
SHA1 46126613886b1f2274d229071bb190752239e316
SHA256 87ace1408e2289ce14d8f607ca5e8f7f3c1ec15e11ec178178f4b8c342d3877b
SHA512 452181acf4ef8013d9b73f8cb06b9ea238b38983b33ba0efdf4c3022d5b870a1a8c1a6b3149f4680b3882f4871c8853fac62a81d8cbe1e0b05c57a448339f4ea

/usr/share/burpsuite/burpsuite

MD5 91f22d9e29f84119d6845b3c959d0274
SHA1 205288d6c2949890de534155eae7185d6aa96681
SHA256 3416560471aac7e55419b164a1f2da5aff70dfa59b65318546fae7458d9f44c5
SHA512 c1205c97da639144ed6bda9a05defa0ddfe318d4eee42d4088de79207ed4d34b85bbe9896fb2d27bb51d0623ac7b95fddf2492a4dbb2a4c927e8b2de4fe63d36

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1

C:\Windows\system32\java.exe

"C:\Windows\system32\java.exe" -jar New-loader.jar

C:\Windows\system32\java.exe

"C:\Windows\system32\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar

Network

N/A

Files

memory/2928-4-0x000007FEF5EDE000-0x000007FEF5EDF000-memory.dmp

memory/2928-6-0x0000000001D90000-0x0000000001D98000-memory.dmp

memory/2928-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

memory/2928-7-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

memory/2928-8-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

memory/2928-9-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

memory/2928-10-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

memory/2928-15-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

memory/2928-16-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

debian9-mipsbe-20240418-en

Max time kernel

1s

Max time network

3s

Command Line

[/tmp/Burpy-main/burpsuite_pro.sh]

Signatures

N/A

Processes

/tmp/Burpy-main/burpsuite_pro.sh

[/tmp/Burpy-main/burpsuite_pro.sh]

/bin/ping

[ping -q -c 1 -W 1 google.com]

/usr/bin/wget

[wget https://github.com/Divinemonk/burpsuite_pro/releases/latest/download/install_burppro.sh -q]

/bin/chmod

[chmod +x install_burppro.sh]

/tmp/Burpy-main/install_burppro.sh

[./install_burppro.sh]

/bin/rm

[rm install_burppro.sh]

Network

Country Destination Domain Proto
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 206.212.58.216.in-addr.arpa udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:15

Platform

win7-20240508-en

Max time kernel

119s

Max time network

119s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar

Network

N/A

Files

memory/2912-2-0x0000000002560000-0x00000000027D0000-memory.dmp

memory/2912-11-0x0000000000250000-0x0000000000251000-memory.dmp

memory/2912-12-0x0000000002560000-0x00000000027D0000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe" -version

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 portswigger.net udp

Files

memory/4132-2-0x000002363A960000-0x000002363ABD0000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 5ba0476865bd18d9e31dfcc464639b98
SHA1 639c4d2c23d69213005c7a6434db551f19f62c14
SHA256 9df8fc973c3858334e566994eefa288bb9728c2636dce0fa4e14aa35d052596b
SHA512 96fd637479bd391d555497d7317fb4fad177e5374acf2da32398f231db50d52b09ccfb5297793edc8a28628e256577e25afcf52f464677cc214020c26982e016

memory/4132-17-0x000002363ABD0000-0x000002363ABE0000-memory.dmp

memory/4132-20-0x000002363ABF0000-0x000002363AC00000-memory.dmp

memory/4132-19-0x000002363ABE0000-0x000002363ABF0000-memory.dmp

memory/4132-22-0x000002363AC00000-0x000002363AC10000-memory.dmp

memory/4132-25-0x000002363AC10000-0x000002363AC20000-memory.dmp

memory/4132-26-0x000002363AC20000-0x000002363AC30000-memory.dmp

memory/4132-31-0x000002363AC40000-0x000002363AC50000-memory.dmp

memory/4132-30-0x000002363AC30000-0x000002363AC40000-memory.dmp

memory/4132-34-0x000002363AC50000-0x000002363AC60000-memory.dmp

memory/2332-41-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp

memory/4132-43-0x00000236390F0000-0x00000236390F1000-memory.dmp

memory/2332-51-0x000001AA082F0000-0x000001AA082F1000-memory.dmp

memory/4132-52-0x000002363AC60000-0x000002363AC70000-memory.dmp

memory/2332-53-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp

memory/4132-58-0x000002363AC70000-0x000002363AC80000-memory.dmp

memory/4132-57-0x000002363A960000-0x000002363ABD0000-memory.dmp

memory/4132-61-0x000002363AC80000-0x000002363AC90000-memory.dmp

memory/4132-60-0x000002363ABD0000-0x000002363ABE0000-memory.dmp

memory/4132-65-0x000002363AC90000-0x000002363ACA0000-memory.dmp

memory/4132-64-0x000002363ABF0000-0x000002363AC00000-memory.dmp

memory/4132-63-0x000002363ABE0000-0x000002363ABF0000-memory.dmp

memory/4132-67-0x000002363AC00000-0x000002363AC10000-memory.dmp

memory/4132-68-0x000002363ACA0000-0x000002363ACB0000-memory.dmp

memory/4132-70-0x000002363AC10000-0x000002363AC20000-memory.dmp

memory/4132-71-0x000002363ACB0000-0x000002363ACC0000-memory.dmp

memory/4132-75-0x000002363ACC0000-0x000002363ACD0000-memory.dmp

memory/4132-74-0x000002363AC20000-0x000002363AC30000-memory.dmp

memory/4132-78-0x000002363AC30000-0x000002363AC40000-memory.dmp

memory/4132-83-0x000002363AC50000-0x000002363AC60000-memory.dmp

memory/4132-82-0x000002363ACE0000-0x000002363ACF0000-memory.dmp

memory/4132-81-0x000002363ACD0000-0x000002363ACE0000-memory.dmp

memory/4132-80-0x000002363AC40000-0x000002363AC50000-memory.dmp

memory/4132-84-0x00000236390F0000-0x00000236390F1000-memory.dmp

memory/4132-86-0x000002363ACF0000-0x000002363AD00000-memory.dmp

memory/4132-88-0x000002363AC60000-0x000002363AC70000-memory.dmp

memory/4132-90-0x000002363AC70000-0x000002363AC80000-memory.dmp

memory/4132-91-0x000002363AC80000-0x000002363AC90000-memory.dmp

memory/4132-92-0x000002363AC90000-0x000002363ACA0000-memory.dmp

memory/4132-94-0x000002363ACA0000-0x000002363ACB0000-memory.dmp

memory/4132-96-0x000002363ACB0000-0x000002363ACC0000-memory.dmp

memory/4132-97-0x000002363ACC0000-0x000002363ACD0000-memory.dmp

memory/4132-98-0x000002363ACD0000-0x000002363ACE0000-memory.dmp

memory/4132-99-0x000002363ACE0000-0x000002363ACF0000-memory.dmp

memory/4132-100-0x000002363ACF0000-0x000002363AD00000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-29 17:13

Reported

2024-06-29 17:16

Platform

win10v2004-20240611-en

Max time kernel

146s

Max time network

125s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe" -version

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 portswigger.net udp
IE 34.249.63.188:443 portswigger.net tcp
US 8.8.8.8:53 188.63.249.34.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4732-2-0x000001931B2E0000-0x000001931B550000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 b4f96f771615811283df249bda94ddaf
SHA1 1c5eb50c1b78631029ffb6970db829e5f42b0bff
SHA256 1e3b6bf069ac99ded6cc22abc5e0c3c32775be8d57dddc13e7889b83b34e8935
SHA512 a75955603c90cfcefdf8111e966da0c1c77ec4fb2694800a84ba6a80a512debc66ebf2365413a55bdc78b26ba95762eac9562457db2d389303e1c22361b24584

memory/4732-15-0x000001931B2C0000-0x000001931B2C1000-memory.dmp

memory/4732-17-0x000001931B550000-0x000001931B560000-memory.dmp

memory/4732-19-0x000001931B560000-0x000001931B570000-memory.dmp

memory/4732-23-0x000001931B580000-0x000001931B590000-memory.dmp

memory/4732-22-0x000001931B570000-0x000001931B580000-memory.dmp

memory/4732-26-0x000001931B590000-0x000001931B5A0000-memory.dmp

memory/4732-27-0x000001931B5A0000-0x000001931B5B0000-memory.dmp

memory/4732-29-0x000001931B5B0000-0x000001931B5C0000-memory.dmp

memory/4732-31-0x000001931B5C0000-0x000001931B5D0000-memory.dmp

memory/4732-34-0x000001931B5D0000-0x000001931B5E0000-memory.dmp

memory/4732-37-0x000001931B5E0000-0x000001931B5F0000-memory.dmp

memory/4940-42-0x000001CC01D70000-0x000001CC01FE0000-memory.dmp

memory/4940-52-0x000001CC00480000-0x000001CC00481000-memory.dmp

memory/4940-56-0x000001CC01D70000-0x000001CC01FE0000-memory.dmp

memory/4732-58-0x000001931B5F0000-0x000001931B600000-memory.dmp

memory/4732-57-0x000001931B2E0000-0x000001931B550000-memory.dmp

memory/4732-61-0x000001931B550000-0x000001931B560000-memory.dmp

memory/4732-62-0x000001931B600000-0x000001931B610000-memory.dmp

memory/4732-65-0x000001931B610000-0x000001931B620000-memory.dmp

memory/4732-64-0x000001931B560000-0x000001931B570000-memory.dmp

memory/4732-69-0x000001931B620000-0x000001931B630000-memory.dmp

memory/4732-67-0x000001931B570000-0x000001931B580000-memory.dmp

memory/4732-68-0x000001931B580000-0x000001931B590000-memory.dmp

memory/4732-71-0x000001931B590000-0x000001931B5A0000-memory.dmp

memory/4732-73-0x000001931B630000-0x000001931B640000-memory.dmp

memory/4732-72-0x000001931B5A0000-0x000001931B5B0000-memory.dmp

memory/4732-75-0x000001931B5B0000-0x000001931B5C0000-memory.dmp

memory/4732-76-0x000001931B640000-0x000001931B650000-memory.dmp

memory/4732-80-0x000001931B650000-0x000001931B660000-memory.dmp

memory/4732-79-0x000001931B5C0000-0x000001931B5D0000-memory.dmp

memory/4732-85-0x000001931B5D0000-0x000001931B5E0000-memory.dmp

memory/4732-87-0x000001931B670000-0x000001931B680000-memory.dmp

memory/4732-86-0x000001931B660000-0x000001931B670000-memory.dmp

memory/4732-84-0x000001931B2C0000-0x000001931B2C1000-memory.dmp

memory/4732-91-0x000001931B680000-0x000001931B690000-memory.dmp

memory/4732-90-0x000001931B5E0000-0x000001931B5F0000-memory.dmp

memory/4732-94-0x000001931B690000-0x000001931B6A0000-memory.dmp

memory/4732-98-0x000001931B5F0000-0x000001931B600000-memory.dmp

memory/4732-99-0x000001931B6A0000-0x000001931B6B0000-memory.dmp

memory/4732-102-0x000001931B600000-0x000001931B610000-memory.dmp

memory/4732-103-0x000001931B6B0000-0x000001931B6C0000-memory.dmp

memory/4732-104-0x000001931B610000-0x000001931B620000-memory.dmp

memory/4732-105-0x000001931B6C0000-0x000001931B6D0000-memory.dmp

memory/4732-108-0x000001931B6D0000-0x000001931B6E0000-memory.dmp

memory/4732-107-0x000001931B620000-0x000001931B630000-memory.dmp

memory/4732-113-0x000001931B2C0000-0x000001931B2C1000-memory.dmp

memory/4732-114-0x000001931B630000-0x000001931B640000-memory.dmp

memory/4732-115-0x000001931B6E0000-0x000001931B6F0000-memory.dmp

memory/4732-121-0x000001931B640000-0x000001931B650000-memory.dmp

memory/4732-122-0x000001931B650000-0x000001931B660000-memory.dmp

memory/4732-124-0x000001931B660000-0x000001931B670000-memory.dmp

memory/4732-125-0x000001931B670000-0x000001931B680000-memory.dmp

memory/4732-126-0x000001931B680000-0x000001931B690000-memory.dmp

memory/4732-127-0x000001931B6F0000-0x000001931B700000-memory.dmp

memory/4732-128-0x000001931B690000-0x000001931B6A0000-memory.dmp

memory/4732-131-0x000001931B6A0000-0x000001931B6B0000-memory.dmp

memory/4732-132-0x000001931B6B0000-0x000001931B6C0000-memory.dmp

memory/4732-133-0x000001931B6C0000-0x000001931B6D0000-memory.dmp

memory/4732-134-0x000001931B6D0000-0x000001931B6E0000-memory.dmp

memory/4732-135-0x000001931B6E0000-0x000001931B6F0000-memory.dmp

memory/4732-136-0x000001931B6F0000-0x000001931B700000-memory.dmp