Analysis Overview
SHA256
52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a
Threat Level: Likely malicious
The file Burpy-main.zip was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Blocklisted process makes network request
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Writes file to system bin folder
Creates/modifies environment variables
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Reads CPU attributes
Checks CPU configuration
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
Writes file to tmp directory
Reads runtime system information
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-29 17:13
Signatures
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win10v2004-20240508-en
Max time kernel
126s
Max time network
131s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jdk-19\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jdk-19\bin\java.exe | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Windows\System32\MsiExec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk-19\conf\management\management.properties | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\jdk.internal.vm.compiler.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.internal.opt\jopt-simple.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\jdk.security.auth.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\javajpeg.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.desktop\lcms.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.unsupported\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\api-ms-win-crt-private-l1-1-0.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\splashscreen.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\jdk.jlink.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.internal.le\jline.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.xml.dom\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.logging\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\lib\psfont.properties.ja | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jdeps\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Common Files\Oracle\Java\javapath_target_240662296\javaw.exe | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Common Files\Oracle\Java\javapath_target_240662296\javac.exe | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\jconsole.exe | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\nio.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\api-ms-win-core-file-l1-2-0.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\conf\security\policy\unlimited\default_local.policy | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.sctp\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\api-ms-win-core-interlocked-l1-1-0.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.desktop\colorimaging.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\dt_shmem.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\javadoc.exe | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.internal.ed\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.nio.mapmode\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.attach\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jartool\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\attach.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\awt.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\conf\security\policy\README.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jdeps\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jshell\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\java.security.sasl.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\jdk.incubator.vector.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.charsets\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.internal.opt\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\lib\security\blocked.certs | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-19\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\management_ext.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\include\win32\jawt_md.h | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\instrument.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.editpad\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jconsole\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\jmods\jdk.management.jmod | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.prefs\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.se\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.crypto.cryptoki\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\api-ms-win-core-util-l1-1-0.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.net.http\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.hotspot.agent\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\release | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\net.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.xml\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.compiler\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.crypto.ec\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\saproc.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.base\unicode.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\java.scripting\LICENSE | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.dynalink\dynalink.md | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\legal\jdk.jdwp.agent\COPYRIGHT | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Program Files\Java\jdk-19\bin\management_agent.dll | C:\Windows\System32\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI228B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI23B7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2406.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2571.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3577.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3606.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID49.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2C87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI35C6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3626.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI37AF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5E32314F-F4C9-59D1-A229-BC58CEA0D74A} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI337E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI24C3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2522.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI338F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI222C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI332F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33AF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5807fa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5807fc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2358.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2465.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI34F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3636.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3637.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2111.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI21CD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5807fa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33BF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI22EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003f3ccc8c3b3921e10000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003f3ccc8c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003f3ccc8c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3f3ccc8c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003f3ccc8c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Console | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Environment | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\EUDC | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\System | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Keyboard Layout | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Printers | C:\Windows\System32\MsiExec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D021009\F41323E59C4F1D952A92CB85EC0A7DA4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.jar | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\ProductIcon = "C:\\Program Files\\Java\\jdk-19\\\\bin\\java.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Applications\java.exe | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\shell\open\command\ = "\"C:\\Program Files\\Java\\jdk-19\\bin\\javaw.exe\" -jar \"%1\" %*" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\ProductName = "Java(TM) SE Development Kit 19.0.2 (64-bit)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Version = "318767106" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\2 = "DISK1;1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Applications\javaw.exe | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F41323E59C4F1D952A92CB85EC0A7DA4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Media\1 = "DISK1;1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D021009 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\PackageName = "jdk19.0.264.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jdk19.0.2_x64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\ = "Executable Jar File" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F41323E59C4F1D952A92CB85EC0A7DA4\ToolsFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\PackageCode = "B281DDAB94D4DFF4D9529228B6C19A6F" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\jarfile\shell\open\command | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jdk19.0.2_x64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "jarfile" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\java.exe\IsHostApp | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\jarfile | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F41323E59C4F1D952A92CB85EC0A7DA4\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\javaw.exe\IsHostApp | C:\Windows\System32\MsiExec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe
"C:\Users\Admin\AppData\Local\Temp\Burpy-main\jdk-19.exe"
C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe
"C:\Users\Admin\AppData\Local\Temp\jds240625390.tmp\jdk-19.exe"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk19.0.2_x64\jdk19.0.264.msi" WRAPPER=1
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 31C8DF051237712B10A1E08D38249F80 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 480E49546A7808D2BD7191B708E50506
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 2691E32491690FA22791D931520810B5 E Global\MSI0000
C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
"C:\Program Files\Common Files\Oracle\Java\javapath\java.exe" -jar New-loader.jar
C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
"C:\Program Files\Common Files\Oracle\Java\javapath\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar
C:\Program Files\Java\jdk-19\bin\java.exe
"C:\Program Files\Java\jdk-19\bin\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar
C:\Program Files\Java\jdk-19\bin\java.exe
"C:\Program Files\Java\jdk-19\bin\java.exe" -jar New-loader.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.oracle.com | udp |
| GB | 2.21.188.103:443 | download.oracle.com | tcp |
| US | 8.8.8.8:53 | 103.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portswigger-cdn.net | udp |
| GB | 18.165.242.96:443 | portswigger-cdn.net | tcp |
| US | 8.8.8.8:53 | 96.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/3136-0-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_soc2mfzr.gvy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3136-3-0x000001C37D6F0000-0x000001C37D712000-memory.dmp
memory/3136-11-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
memory/3136-12-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5179c3d3e17d3d3975f24b06dd0d8ea3 |
| SHA1 | 78aa176a93556d30a55d4471fdb518c26543a832 |
| SHA256 | 3c05bc2cac7afc497531dc1cb068d947e6af1a496a5a931b787d7a8a76d46b36 |
| SHA512 | 92a8a969a39db7559cd6ba46e80f6e3d39328ed6c05f16dbbb7097713822d45eec42d21ba09233996573f2a8c617c38f13ceba65656e59a4e0dcf57466826ef5 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 8daec50c08a0be5d3fa75b54e6e5cfe8 |
| SHA1 | a9a2b7568f1c4ffe6ba1448333bd18e3514a0ca5 |
| SHA256 | c6ddffc17613426f7d783af8b241a7f6df5b66d4fd6a613867d6ade68b719515 |
| SHA512 | 8ec4d50b97f2522fbe0e0986125e4adee623196ebee44d9ac04a9890278acb7cd58ec9a6ab9656c9884d3d76b559ee5739f5ddaa49829571ddf6a0b32d3ee157 |
memory/3136-99-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MSIB6DC.tmp
| MD5 | d849eed8fef39365cb0987f2c3d1c26f |
| SHA1 | 25ad42230ba2d0f163649f560ec09250d60f263c |
| SHA256 | 9ffced196504a78813600ad96108f45ed4667c13dc0ea545b0444d923b871650 |
| SHA512 | 8b418c1f71c6d9b8c922d1634258132a0cc280ff90272b042cbfcea67c8576bb8db38a595fe27d65e90275d9e5d52c8dd5bbdff52e71c5d5f7e576685352184b |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 30913a952586800916d6a591c05069f1 |
| SHA1 | 2b76940dc107bf7a093c60fa45fa5514f5c02bea |
| SHA256 | d227f2f58a898f27ed47818fc83d4851659146491cc30228e368ebc762b58e8c |
| SHA512 | 71f0cd94bc59d7d6ed61711ecc7527d03d527e3073e9861445d118caf4443aa0f76849006661634926a3e7cba32508b0e6d0b4516cddb43791f77b99951320d3 |
memory/3136-126-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp
memory/3136-127-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
\??\Volume{8ccc3c3f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{11936229-61f0-4fb3-b5d1-323cc8dbb547}_OnDiskSnapshotProp
| MD5 | 937dddee0e58d38d5ecef9b71e97a78d |
| SHA1 | cec08947553e57e3673d1327309b1d8746998bf4 |
| SHA256 | 2c752915bed704e8e87f4898e15fe86638b30b5e5584c05dbbf82df87f4509a8 |
| SHA512 | 71a537f3087aa5712e91ca458d559454d96600a16a527e60054c3432c868da8d746e195e2bc538af6f9ace07d01dd5c4752f2b2e55bafa989cb25dd1347bc720 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 632d49aeee73014f9b3750c48335dab7 |
| SHA1 | 1d6d680f2ded524095b8cfdbfe8c54aa4cc37639 |
| SHA256 | 4b4f6b573be265ef4752c101429fe3366e45c9ea9c01c36a456db8a1b377670d |
| SHA512 | 847926ea2260e8db554699a898109fc27a9d1cfbcb8261c578e125ad98d07447cf343d1c5a5e0dd546c5d437433cb09a19c69b738ee4903a649cb6549d431c7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63
| MD5 | 8c4490bfed0c55aad8293c94b0798275 |
| SHA1 | 02520f22bba6701cba5b08c8010cb3d6437b9c5e |
| SHA256 | 93b6267ebf74cfb0aa57ef3380931f530f6a36c5f2f7df673fbe259cb8a2f01a |
| SHA512 | 5674de30201161d51b50ff697a2443b8f2363f60d34cb2e488100087c8b548cc4b8b2412516512d30ae3814cc18e71a876c9b07b0e0ad59d02871af55ac964c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63
| MD5 | f1cf94bebc863875ddfae91cc46ac7ab |
| SHA1 | 018ebaa0d665edb5b3ac6901b96786b3ecef8192 |
| SHA256 | a23d76d7aec5f9832bbcd9eb8e9bfbf89c6cad00bd566176f29604787d18afc8 |
| SHA512 | 3f66f7d242879e4ca1a6770388d8f220e7928581de372ed30b9aae41e1c682b49525947c1c265904f0450d4b4b8e2fd1e914b36b022794d654c88f201e045766 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | d85baccf3add1c404f8d30ba284c5fe4 |
| SHA1 | a3183d1f96742058503a3ada2953f36c97272834 |
| SHA256 | 75e72823c8e8bd2e6af57a3e7a3dcc481412ff3bbc2a67ab2a368233aeb32825 |
| SHA512 | 34a8b7a9311ba03142cf87ac97df7ff32ca77b3bb6f3557a384785dcfda1bb865cbe1d16e04988275648c91c0021595c65f752ae2a5baeb0fa025dd720da4b57 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | ae46cafe672175bd3afbe8b7429de45e |
| SHA1 | 88b9af10c737e698cbcdfadc29c38c2fc1a94a84 |
| SHA256 | 97ed9a8db17275b9d2104d02a9da3d6f3bc63226d1011f2c547039676f813e4f |
| SHA512 | 4c4e196cf16dd46a8688f2877ec88b1d3b25d925dbf8c2b0b83e8e4a2e092ce49558c8db1502e7fe60e367a960dc48d007dc7e5749d6f80fa5450b47ca9db4c3 |
C:\Program Files\Java\jdk-19\LICENSE
| MD5 | 7369866495acb2d7e57397f06a3ab0ba |
| SHA1 | e75e828ba2898c74b4a682ce5291a69acf9cc55a |
| SHA256 | 4d156eecbf6ca462d8cf772552fff874b167f87def9566837fb8e4fb347f29a5 |
| SHA512 | 6c1ae5229953259a258bf140241afa9dc50b642dbb5a11c183c8920678292266aecc26dd1254c3ce9184fe08c3068e2183a694a9a06f5972cc535015461ff825 |
C:\Program Files\Java\jdk-19\legal\java.logging\COPYRIGHT
| MD5 | 4586c3797f538d41b7b2e30e8afebbc9 |
| SHA1 | 3419ebac878fa53a9f0ff1617045ddaafb43dce0 |
| SHA256 | 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018 |
| SHA512 | f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3 |
C:\Program Files\Java\jdk-19\legal\java.logging\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
C:\Program Files\Java\jdk-19\bin\windowsaccessbridge-64.dll
| MD5 | d0f2ded56013e0f7beff01e7955d980c |
| SHA1 | 2c27d8f6bffa6ee538a43daba9cb0fac07abb146 |
| SHA256 | 0a6b0bca5086994476cac894dc945eee43ede4e2f266435b5c812db54fec06f9 |
| SHA512 | 19803c8222f3923d2813187198e79a4d8f35622694a3a36a5c5f43f9cde397f8fdfdd54293dd909897dd56712befe51263cbeb21afb8a390c01410fe0446ff74 |
C:\Config.Msi\e5807fb.rbs
| MD5 | 2c46315d44449fc432d55619bbdcb6cc |
| SHA1 | 6104b71ff3c95e97186528c155b5a597bd543406 |
| SHA256 | 2c948c6ee6689e4c1ce712cb2e81ffc390168fdcd5489ab59c9a9631bbaa919d |
| SHA512 | 6da4af621779ba932c13f396a3b249d30ce3271c9b66b8d238d49d727b7c2f6baa0d494b725ccd6cfc5b5ff062c09145fbaa6f4fe251133bb9198635896cfb73 |
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | fe68e8d1bd0089533d36b5c34c4557c0 |
| SHA1 | 0f3336d65d90224b5a6b73acc78e4ccffcb495ad |
| SHA256 | b34819e94ccceab4006afde60438a1059c09914db563b3c486348ad8b03772e3 |
| SHA512 | db3f049768ab92a5df7fb761a6215a16b815986fcbf78a2882644c5eb8ffcb2f3fe98c42ec10c3bf11a113705d60f22cd3ae77ac1b254de6e157d0d13e4a2207 |
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | 0074575066943ea1bcc85321e49e4049 |
| SHA1 | 90791984351480950320f31b035ab17fbce02e5f |
| SHA256 | 369c152268d4075a533407860505c9d029805ac2629b84aa84d0aefbe04e2c1e |
| SHA512 | 6de3400ba0a38d5d6869add3217d9ace983f0acb3d5ace5fc9519b28598f58399d6eb1e900f39451a2d754720a717e2f6e632d48d8824f8afe792d21dca14dc3 |
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | 4cecfd7fef407cf2482bff15beed8e4b |
| SHA1 | d99b44dc282f9458eab50d9c2b2b6d10c70c9026 |
| SHA256 | 13c8534c523aa4f912ca22b329f18b1df248c743505074d000ec59e2e650e547 |
| SHA512 | e66d880727011e2cf7683738e2a88c2fc1abe966ac0d13db00f88e8c0c59a724db802a689ca19f9cfc644c49e97571eeea0ebe725edb02dd44e6e8135fb33e58 |
memory/3136-955-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Max time network
2s
Command Line
Signatures
Processes
/tmp/Burpy-main/burpsuite_pro.sh
[/tmp/Burpy-main/burpsuite_pro.sh]
/bin/ping
[ping -q -c 1 -W 1 google.com]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | google.com | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
win7-20240419-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
debian9-mipsbe-20240418-en
Max time kernel
41s
Max time network
39s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /usr/share/burpsuite/burpsuite | /usr/share/burpsuite/burpsuite | N/A |
Creates/modifies environment variables
| Description | Indicator | Process | Target |
| File opened for modification | /etc/environment | /usr/bin/tee | N/A |
| File opened for modification | /etc/environment | /usr/bin/tee | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/burpsuite | /bin/cp | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Burpy-main/jdk19.tar.gz | /usr/bin/curl | N/A |
Processes
/tmp/Burpy-main/Linux_setup.sh
[/tmp/Burpy-main/Linux_setup.sh]
/bin/mkdir
[mkdir -p /usr/local/java]
/bin/mkdir
[mkdir -p /usr/local/java/jdk19]
/usr/bin/curl
[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]
/bin/tar
[tar -xf jdk19.tar.gz -C /usr/local/java/jdk19 --strip-components=1]
/usr/local/sbin/gzip
[gzip -d]
/usr/local/bin/gzip
[gzip -d]
/usr/sbin/gzip
[gzip -d]
/usr/bin/gzip
[gzip -d]
/sbin/gzip
[gzip -d]
/bin/gzip
[gzip -d]
/bin/rm
[rm jdk19.tar.gz]
/usr/bin/sudo
[sudo tee -a /etc/environment]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/tee
[tee -a /etc/environment]
/usr/bin/sudo
[sudo tee -a /etc/environment]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZle-0000C4-Vn]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZle-0000C7-Vb]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/tee
[tee -a /etc/environment]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlg-0000CI-LV]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZll-0000CD-BU]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlr-0000Dd-PF]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]
/usr/bin/id
[id -u]
/usr/bin/sudo
[sudo mkdir -p /usr/local/java/jre8]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlt-0000Dp-CU]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlt-0000Ds-L3]
/usr/bin/sudo
[sudo curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/curl
[curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlv-0000E3-Hk]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlv-0000E7-Kv]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlx-0000Dh-2q]
/usr/bin/sudo
[sudo tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/bin/tar
[tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlz-0000EK-GG]
/usr/bin/sudo
[sudo rm /usr/local/java/jre8/jre8.tar.gz]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlz-0000EN-Mt]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm1-0000EW-Kr]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm1-0000EZ-PS]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/bin/sudo
[sudo update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm3-0000Ek-3n]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm3-0000Eo-FO]
/usr/bin/sudo
[sudo update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/bin/mkdir
[mkdir -p /usr/share/burpsuite]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm5-0000Ey-82]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm5-0000F2-Bn]
/bin/cp
[cp loader.jar /usr/share/burpsuite/]
/bin/cp
[cp burp_suite.ico /usr/share/burpsuite/]
/bin/rm
[rm Windows_setup.ps1]
/bin/rm
[rm -rf .git]
/bin/rm
[rm burpsuite.jar]
/usr/bin/curl
[curl -s https://portswigger.net/burp/releases]
/bin/grep
[grep -Po (?<=/burp/releases/professional-community-)[0-9]+\-[0-9]+\-[0-9]+]
/usr/bin/head
[head -n 1]
/usr/bin/wget
[wget https://portswigger-cdn.net/burp/releases/download?product=pro&version=&type=jar -O burpsuite_pro_v2024-5-4.jar --quiet --show-progress]
/bin/sleep
[sleep 2]
/bin/chmod
[chmod +x burpsuite]
/bin/cp
[cp burpsuite /bin/burpsuite]
/bin/sleep
[sleep 3s]
/usr/share/burpsuite/burpsuite
[./burpsuite]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | download.oracle.com | udp |
| GB | 95.100.244.78:443 | download.oracle.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | javadl.oracle.com | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
| US | 1.1.1.1:53 | portswigger.net | udp |
| IE | 34.249.63.188:443 | portswigger.net | tcp |
| US | 1.1.1.1:53 | portswigger-cdn.net | udp |
| GB | 18.165.242.50:443 | portswigger-cdn.net | tcp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-1 | udp |
Files
/tmp/Burpy-main/jdk19.tar.gz
| MD5 | 477d9862374177c810b0b7d73b4f1e53 |
| SHA1 | 22e24467abee736e965fc3f7228ebf3a607febf3 |
| SHA256 | d97f0f402bd65a9c26aa266246b0894c8d6762e82373377641ca779c46406299 |
| SHA512 | 40503981aa19ea531892e25972422ee49405569b4d2300d10d0457341679ceba0f187552005cb4e457ba1a2e872bc003fad29dbc8f7acb2cdfc5cf92bd484478 |
/var/spool/exim4/input/1sNZle-0000C4-Vn-D
| MD5 | 5c85b3087fb2e397fc7b6ef1516a83b7 |
| SHA1 | 1ce85f2fc10fe7830b97c424ed3a3d458680659e |
| SHA256 | b99753722eed9b2f8f29fb1b39ddfe6122306c1d0addc30cf23790ed7d176fbf |
| SHA512 | 9893dbb7b28160a87bb305261476677c4349a54e773d7360ca3db233d5e2f17ee3b3f6892ddbca63693a52e28b2fa5e61e4f4a215a36c7f4affc149853fb2429 |
/var/spool/exim4/input/1sNZle-0000C7-Vb-D
| MD5 | 3b6dda57687e97a326aacbbd198b1357 |
| SHA1 | 4af4bfb7577dbc84055d38d033e6afc9c4f2011e |
| SHA256 | eaeb9671d86042fb6cee45f3c49dee8c43c1ec8f9d335aac909d0f63bf5feeb6 |
| SHA512 | e491cef7a998fd5cf22206cf7f225a6b0e1d95ef58fd6dd35bd48f2d13200fefc9ae743b2583289410d64d35a1f76a0b390f48cd32b194f1ef6cedb81ac40fc1 |
/var/spool/exim4/input/hdr.748
| MD5 | 4113433a41d6b97e215dd3249fc8a9ab |
| SHA1 | 37f13c3b98e1162abeb4d47add582c3cb3333533 |
| SHA256 | 45030b3e2f1a9a32fbc096c87a2576bd754c7e5150b8db01baf31bfdb1304b10 |
| SHA512 | b5d24efb885ed2b254fddd4545b65b75fe01d5c6de43ed2ea703fd1adf2e53f8103aeb662248fcd81054c183c1f8888be283506f84cea2d2fb790b7e17e7a508 |
/var/spool/exim4/msglog/1sNZle-0000C4-Vn
| MD5 | d779d8d56deaefc73d641ec293830b89 |
| SHA1 | ac3c00748ad2fce4dbaaa5a88ecdf33c2e6bf494 |
| SHA256 | 371f9637c7bde204b749f06a590dc869fe395197e4d2e9ec41e789375b0309ab |
| SHA512 | 388eaa37d466a3f30c1e762c581119881f430bd405b7dc2ced8cba814a21b9f6edd69332b60d41d2324060ba88acb2f196885b817c994b1c0ba887b5e661e990 |
/var/spool/exim4/msglog/1sNZle-0000C7-Vb
| MD5 | c21b673bc6e964c783d4ad09a65f16de |
| SHA1 | aae6ef49cf93ac43581f9b22c389d89ad393c04e |
| SHA256 | 15b2668ad71bdc835e53b3eaf6f8aa57ab7caac67a1d02c549a7f380d9dec8b7 |
| SHA512 | b9ac4962d7fa11fa4e7d363034f09bde021f1fdb9ca0381b5ab388db8dc461fc28d8f89d87d39419854852fe903cbae3d71fb0091f4cfea8a42c3a67ed732ec9 |
/var/spool/exim4/input/1sNZlg-0000CI-LV-D
| MD5 | 2876183a34dda9aa6c7bb16e26f0d491 |
| SHA1 | 3fb6837198d54cc3655deeaef4aea17cb3c06cc6 |
| SHA256 | 2cf63c1c45300e9618f33c2122b043e13b454eceedeb1ca0359050ed60f360fa |
| SHA512 | 56ae1ec5bcc10fcbfef63919632a23ecc5219a90746da0820ea165679c9d2fb79d0776e2de17160f4d60d96edba53036d6bbd6b7ce67e1830ac7bfa88a0fb832 |
/var/spool/exim4/input/hdr.762
| MD5 | 68050683df6b818f1fa055bfaec2583e |
| SHA1 | 06653902cddb3a63f0e86f1da0a8162a70c4a00f |
| SHA256 | 8775ee4d498d22e2ce2eea3cbf84556b0450e9b24e7707ecc216f6927eec47eb |
| SHA512 | f06628d16780630fc5136761d2e73b6b3c241d4f25e311cbf711ef93609d7712628fa20d3c6a67e481437deb2680dadec92b25d7a0166daddb9a6d1e5ef40e49 |
/var/spool/exim4/msglog/1sNZlg-0000CI-LV
| MD5 | 313a564fcee641efb2f3898cfb368967 |
| SHA1 | 6d76a32f6138ed96053eaa733c8b5b85261954fe |
| SHA256 | 98af4f37a4fc1393f3824731b4f51459bcac4f0b6e0adfcddddc425d38d7c146 |
| SHA512 | c39acd3c6f2569ad3d27040d69621a3ba45f6be93e143c362920d5529d9318b539c6498a6ef8fe581132559169b4124f4978d8ea8548edefecdd39aad208ad0f |
/var/spool/exim4/input/1sNZll-0000CD-BU-D
| MD5 | 9191d8df8b0933deaa83d00b07b453c1 |
| SHA1 | aeffcd4b2b9fa3b70f5f688ad9c941f76dd36eab |
| SHA256 | 0be1414efdc26bd933ea418799f1c064c8aa8ab4d04ed95cdcf55b54f6a6dffd |
| SHA512 | e16169e48a3b51d0128a69f9f0a5ef2c3d6a435dc9e31cc429f495664e1f7e44995281f61ec325e46277aa5b1e04f3bd0cc848cb6b56d9b731fb58dc74cd62d9 |
/var/spool/exim4/input/hdr.757
| MD5 | 1b7e5d38ec885606481233779cceca46 |
| SHA1 | 2a0bf4aa322ea888eeeb85f61a16cc54a8e69baa |
| SHA256 | a58cf230f9794d290442161797451e1fd8452239d2d6b56521d6c4af9ef6ad05 |
| SHA512 | bcd60f98bb20892ab356caef65955ea8497ce2a3b1a5b81c53125f2a25e5425fac29602bfdefda7fb06e0bab3ba3a801d12ebd46ab58d5a794c2e5cea36b34fa |
/var/spool/exim4/msglog/1sNZll-0000CD-BU
| MD5 | 8a1a649b15102e38bc39cee5c1c48e3b |
| SHA1 | 670f960e89fc6d3cd47a04aebca6d0a635e015e0 |
| SHA256 | ca80e0ed604ab915346558a174368360b3253be082f8a18a699e08bf38e4d159 |
| SHA512 | 6dc0e05e7a6e8651b70121aaed9a15cf5b8a9e26e3ef88fb71ba258e14bd04789547410e6ed503e3e02ea5bcbc1e188976ea01610e782fc9b7e4adf35ade596d |
/var/mail/user
| MD5 | 2a98625d1ea329f05cc2ff63c6dd3f6a |
| SHA1 | 8168ec3862f4c6819aa61766ff26941d90dcee1f |
| SHA256 | 67e48b618719c98f3464960327b4c16b6d75b5fe52275bee7d91529a154ede12 |
| SHA512 | 8b64f508cd265fa33b0ef595f21527f875447d89bf8495e67de5571a19829772ba6456502b45bb6261134b8a7628d8531038c52b17fd148ab05d2872d84b3eec |
/var/spool/exim4/input/1sNZle-0000C7-Vb-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1sNZle-0000C7-Vb
| MD5 | 579499fe7c022d530f589d798a1f43de |
| SHA1 | 813dc4bb1825d1e00b636e2de8bfd901e9cd7c59 |
| SHA256 | db27dacb0286e067f2886c3d998a2adce5f6a32f81335fd2e779c863bc87f6e7 |
| SHA512 | 3d3cb8831113c8e2932e04dcda15363e03f9ae8c160af8cfef6a055c9f0eef163fcc3b85302f9b38bd168d9ed465e2e163bad56faab92bf94357a690025cfb06 |
/var/mail/user
| MD5 | b0db0b638574948787435357e1087405 |
| SHA1 | db330d04ef86c01a4ad8b28a61d71b46d9403500 |
| SHA256 | f189f6d2190eb2bb5bec62e42320f10e59c359c46438e21f2d90f61161b0a976 |
| SHA512 | 85408a83a49e0d0957f03ef64205edee6c54fcc70b63400dc845417ade31c8204369cc839116c77ae500f7143e1f48834b7b95c9783c06341b526ad2f9068fd0 |
/var/spool/exim4/msglog/1sNZlg-0000CI-LV
| MD5 | c25995b64db091d7e36f28d5a2d09293 |
| SHA1 | ab92f55b529e7d93efea6e1aa2b631ba139c9b93 |
| SHA256 | b4ec7d53de1c538e72c8ea7a6c504a2aaffeb432f23a24c6c31cf3f9c0d8ee49 |
| SHA512 | b25ec5ed7245f0cca63f3d2c805f517c376e15706a244706d0384d54fe8812321b3e7173607ea267cc92211af7af598f95bd455bc29d5201a172734c14e67008 |
/var/mail/user
| MD5 | 2a0eed5aa13c569d1d8eb8811c2fdc89 |
| SHA1 | 3bea1c5407d1296c3e9a879b7525bd16a35477f7 |
| SHA256 | 4b262145667f00d3583f7506fe609172d9c5f2cb874a0e81d105456218764ea5 |
| SHA512 | 12c475eb96bd097a31f03b047cdc1fd8e761d18f316d424b3eb1625df950a793a76dc55f26d8f993c4cb8ce0d05dff259b3587390661b065f46ab9983d17f266 |
/var/spool/exim4/msglog/1sNZle-0000C4-Vn
| MD5 | d2e1d762bd7bbabde3ef607d1b7aab11 |
| SHA1 | de72242ed3002cc2d46621b7a2010c01a87a859a |
| SHA256 | d273163a94ec1318dbc12e4869cde8b3aa2fcca48e34be91eb792cae503f90e9 |
| SHA512 | ab6fe397e1cb379605490ca2fe7ee14d6bb243a9243d5957f3468fca1c5682d60dbc672ad4a48c221e6f82690e85c6c585ac97656797aae3bcbd868354d06f38 |
/var/spool/exim4/input/1sNZlr-0000Dd-PF-D
| MD5 | 1562e68eec76db0a7cbb9019892a7489 |
| SHA1 | 5315dc50a053d9e805676f6813e2cb0ac77fd338 |
| SHA256 | 3b1730f3503edfccb8066c8cb2f7e97d10a512ebc98043fafb4a8488d1b6e6cf |
| SHA512 | 2d03bb8cb7a5ee7f9f0f6551ca63d867a129f56fa45bf9caa1b432d762b76b0a89d7748eed072d0f2a04f8c7d289fc3783028de27049ed586d1af6ba5bfaf66a |
/var/spool/exim4/input/hdr.845
| MD5 | 089b74179488f167ce0d38443c9a43a3 |
| SHA1 | 60c951dd03206c53a4e251d69712c07270b74059 |
| SHA256 | 670c9021959e33a8a2fbf1d94244ea11f9f0787ba61f71ba3947f36f3e8839d0 |
| SHA512 | f24c5ba6f46cb21337ff2105972642f8474f126a3b26e5b3e0969a9336b8c92ae816007b34f0b123e3b32967550f275bd5a79bc2ae973c9ed114ddc4cd376e9d |
/var/spool/exim4/msglog/1sNZlr-0000Dd-PF
| MD5 | f8def02573ebf5bdc0b498ff09d21f6a |
| SHA1 | 73861410b404fe005b66f249ff5005a49e4fea61 |
| SHA256 | 44d2718dd24940c3e893f09e2c90bec9a2d727eab398e0eb73ae7c8b99889cd2 |
| SHA512 | 25bea464f00f1e206bb6dee644b3a2ec196c964d1201d3252e23ff25b1fee761464dde8031465a3631703788f4e68632bba4bb959fb7ad320a13f0f6d5cda963 |
/var/mail/user
| MD5 | 680cecffbd413ace409b90d8505bcb2d |
| SHA1 | 64c22de842b7445256f99a2cf8c15608cb74ded0 |
| SHA256 | cf5fe8473766aace10e8f091e9acdab38ad70addc227116df340ed967fff3f0a |
| SHA512 | 2045548f6abc7c2a2c6a2fff64d190c4de801eb0587a07d0842ebc9f7d0dffc1fbd8ca4523ce1e47f10cceffc63446c08910c78e8c52fbdc84740a861198faf9 |
/var/spool/exim4/msglog/1sNZll-0000CD-BU
| MD5 | c4c652c8623bf59c4a3e97ecabaa0b92 |
| SHA1 | bbdd5e1c2e7472f55c84e101931d42dd396923fb |
| SHA256 | b1caf28d77ee587271e744d97204ebb844521f7fa19f92af72ad6c8314e04a41 |
| SHA512 | 860838fbebec68169f95ed2b9d54cfe882618e6d994651b4c52be361d11b70f25fd950e014d3a69147d0fabf79fec7d219663f3ca1cf4e54a1c2886ec1a7f5ab |
/var/mail/user
| MD5 | e09afc94235ae89b52fc8ebf8d7c55c6 |
| SHA1 | b22cd3cbc54bbb7397d367b8f3b272099e4b35ca |
| SHA256 | 403b2382fd81913fc6ad4d0119ac8dea19ebd3babe129e11076c398b90256a14 |
| SHA512 | b51ef27386cb3ac94389f491c85730157111f5f08b089171c60aec982d366f5ceb7cacd26a879870a489083aae3d7c7cd630aa43ad25c30db20185e2bcd5eabf |
/var/spool/exim4/msglog/1sNZlr-0000Dd-PF
| MD5 | 2ef1e273bbac96c6777a21387b371369 |
| SHA1 | 8b9d3e985ffbb7d99c215c35ecfa43e3d6e79942 |
| SHA256 | 614b31e384ed445536c55e493e3c7a9804fa3eba5a0499ff54d27c4b4a4045bc |
| SHA512 | 037f461373c53b841c66abc88f2fcafc81605e3fec3f82d57ac87d3675879292863a44b994b7b1011bdb62a20cfae1da603ae50756dede1de8f8ae8a5b66195e |
/var/spool/exim4/input/1sNZlt-0000Dp-CU-D
| MD5 | f3be6b5e9c992c875cbeefd807ea400e |
| SHA1 | 61e7cb2dd3db78708dbdbd2ce75387c149dc9cdb |
| SHA256 | 062a074ae331c63b86e106c7a3f6e6dfbb563e0a9defe1522dd42aff998606b1 |
| SHA512 | dfa7c4401285111cc3d64aa81484632b8016a7918ce2b1202530c96ced9d390a78779e48a712943b329d46adf5530a0bea0f44d3d5a54a9425c872ce0a97eb77 |
/var/spool/exim4/input/hdr.857
| MD5 | 5073cb9e36d9d947b1124717938f24fc |
| SHA1 | 6dd798f669f963ea57e95c52a1cae100bacca9c0 |
| SHA256 | 41161c5e4fd800d940faa80dd7611af5f3df85ed8cad9a750f784eab3ba59d00 |
| SHA512 | cd1807e46df9bf4c4a9f616f5144755393b6697a624ca44ecf45d8374fc757b2d9bb303c445651b5c45e0fa3c07f03abeaa4aab10d20a718640a3cd9ab7d6fd7 |
/var/spool/exim4/msglog/1sNZlt-0000Dp-CU
| MD5 | fbf6377ac2dd5e241ec982d10bbd0026 |
| SHA1 | 8a12b7efcae5fad09412f826fb51357f916d9170 |
| SHA256 | 6d5f81d8d50991bb4fe9c89776565583003e34cd2d0bcf558951705592aefa70 |
| SHA512 | a3dbdcf9d433184838798486190f7ae12d291bba07adbc3039b86116611696c34f1c277a88164e54775fadac5a62afef7073866d3621166c2ff700e2b41c6dc2 |
/var/spool/exim4/input/1sNZlt-0000Ds-L3-D
| MD5 | 996ca695133822e37bbef206078a34fc |
| SHA1 | 2d57984b8c9f7c12d761c916bdb6d53036709339 |
| SHA256 | 2cb2d90e4b57157fb55555334bd40baa3b4874046d807dc4f0dc1ec299f6a1d9 |
| SHA512 | fe0859389a14f8ee5bfad5afb8236fb3771df22227b6291dcea9c6a04296a47485529b22283ca3deb34b2371454d9562f8ccacbf6f045b886d1fb985ce55052e |
/var/spool/exim4/input/hdr.860
| MD5 | 2d21105fff1e3557e63b6389482691aa |
| SHA1 | f097f52073248b31210938d82a4921f8f1dac7a5 |
| SHA256 | 5d547c692d91069db768d618e1eaebf9c0fa2de3dd9a95417b28f1611256a980 |
| SHA512 | 0fec66cd85cb1a811c2437913467b961094bbc78de4e4a9b71b5d7b5a0ece94a308c7e2e45fde8633b7c1f127c304e05778ea26abdb2feb087635e59bf9e911a |
/var/spool/exim4/msglog/1sNZlt-0000Ds-L3
| MD5 | 51e29587c6276c229858e1fa08ddd577 |
| SHA1 | e9dd685f8916a907f22ca67534f28e1db778222e |
| SHA256 | 1fa3209dfff324732c47782ed45bec77745e5b03904d273eaa65fd0bc94f0b98 |
| SHA512 | 622f87f7803ad0d102832786767e127d586d4326c860443155b785743405fba4619be94504c6ac19064f92af3f05a81c92a2ad9ee4a9f7ad5da371c4309b5616 |
/var/mail/user
| MD5 | 88d1d6085dcd8753aee7640703a86b40 |
| SHA1 | ec2333b9101d3ca36092f879851889d4acfab098 |
| SHA256 | 5ad7519d7d78758ad55450ff85549b10d632ab459002478cd9d2f07b6d12e2b9 |
| SHA512 | 3796f36924b160f6e661faf24b61bec0768d86d292136da3a312df449a74b12fac07d89df659e968de1275899999147e1ae1082b06211e1ca71a64c28048728f |
/var/spool/exim4/msglog/1sNZlt-0000Dp-CU
| MD5 | 43f1efeca0fc002eec9f06f02f3c0470 |
| SHA1 | cfc1005cea231cb41620e7f30bcc1e37b4d1ac9a |
| SHA256 | e16c2130a06e26e825ebdcab3a21a9d456cf82b053c49320b1ea685750d4d324 |
| SHA512 | 4689e9e6ecc9406a03122460d41857610128563a2a35e4e70e94efdba817983805b2ba9e6019dbd9624044d807654cd16dfc159a02ecf7e1fdc892eb9d4a3524 |
/var/spool/exim4/msglog/1sNZlt-0000Ds-L3
| MD5 | a4bda47843b5699e11ae8e4886be31c9 |
| SHA1 | 861fe50d02cde15f294e3b87dbc76f92b3807c58 |
| SHA256 | 59084ca61b22d8f12326002f0f61a8db5015886d34aa9082f167a1804490e219 |
| SHA512 | e8316033a7d9f57bdbe365338d67e8d9f4d578f1d0645d1ad75c592b2abea1c0b10482897a07c9d07276f7d4a408c80c41d029a0c661a58cc1ae704ddef26e34 |
/var/spool/exim4/input/1sNZlv-0000E3-Hk-D
| MD5 | a9b7a3c5dd7128fa2a79459373034059 |
| SHA1 | 0985a2b9b9d2c8600ddaf479d4d13cda3937868a |
| SHA256 | 37a8586c95d61a63dacda1eeb08541830576adc9c3695248c8a60d274f3eb627 |
| SHA512 | d621670cfa18f79ba1d243d815d0821d68682fccc61c625aa7af6e2fcdae5a001f37578b7b00cfc8da64e6df6f56f7117260e3863ff364337450de47348587dc |
/var/spool/exim4/input/hdr.871
| MD5 | 335ccdf13714a93505627dc174292509 |
| SHA1 | 92712ada191a8350d24559e6e997da30592e1670 |
| SHA256 | 92ffe3ff7fd20b8502182af3494ca87c41c62f1a54bd425d127fce2ab0612f40 |
| SHA512 | 746dacd2ba8638ba69aae4469687f7849dd6bede46e995081d8f8d0bddc4b86a08bfb3d977ea331c93f59318cbb735a66b4be9b75e38b083b494f5d35096e3e4 |
/var/spool/exim4/msglog/1sNZlv-0000E3-Hk
| MD5 | 696fa5993d95520d8b326968a26c4260 |
| SHA1 | 43274f4f21e86f425f45d7a156b6cbce8366dcd3 |
| SHA256 | 95062cedbdd9f223bedfadc71f2e3eaf2c22da09ce56851070b0254d22ac7dec |
| SHA512 | 355990c1371848ec90b268622d134bd5895f9e73408e71cd736f8ba886910b0703611a4d86cb74e8fc406f025661417e43c61c90b47ce62de5f233e4c7abd68f |
/var/spool/exim4/input/1sNZlv-0000E7-Kv-D
| MD5 | e1d4935c297bee5d5999c8b05a4083e1 |
| SHA1 | 6bd11f1839aca716a4404b3d694dc47c575ba579 |
| SHA256 | 702d1d1901f2b5d001aa81eca6865c08fa090e71e6902025d7916dbdff271e00 |
| SHA512 | a298960da7c2c6398d21ee6c5037de2979a60d8e10d9f744a2edea40a1d28eb7a2e86d219f3e8e872a59792a593114ebebe78c7e60a3a87a079a726503ed1af6 |
/var/spool/exim4/input/hdr.875
| MD5 | b04e19906dcc516c51f186d97416b0f0 |
| SHA1 | 724aadca0192890fbc489e5c279df26c822c8583 |
| SHA256 | 7704fbe0dcc28a3b3483ef5f45bc35f2119436c8637969bdcd7870496e7a137f |
| SHA512 | 420e96721b24634ebce6a3a577a9828cd1f630938f0e7c0401533d42d8201876073da46313b379b3ab6fdfa3f4447dab9a5b9c8a9e93b552df324de5bddca6a5 |
/var/spool/exim4/msglog/1sNZlv-0000E7-Kv
| MD5 | ea241541938a9b429e2ddb7768953668 |
| SHA1 | fb6f7a7ef4b1b262ef6ec0653a919fdb4c679045 |
| SHA256 | 6af7a3ebb7fff0ed637a8a77349abad5ced70702eecbb4d199ea0b6d0fd79ec2 |
| SHA512 | 879d526738f7ae3861f03079ca8c72c7c97ae233a7600d08187b8e0b8669c3e928ed2a68926a4fc29a73a1aa9a125e817d325759dd52c5a2988d1c1795fa4526 |
/var/spool/exim4/msglog/1sNZlv-0000E7-Kv
| MD5 | 30e50eebfddef0c191de6b8227161af6 |
| SHA1 | 63ba6f9cf1d3a3560e0ae11084b5e6b7c39bf0ae |
| SHA256 | 90b003340f48dc3d1de81a3a3f546cb75a136916d28fcb877b85c87cb59a2598 |
| SHA512 | 8d37853e6e411eb70fc3014fd11ff21c1171ca2b518a84f2d04e83d3186a3deefb6b7f7bec9199c20f2f3ea38bca7b2dd3dcbff76429ee6a245bfac800545464 |
/var/spool/exim4/input/1sNZlx-0000Dh-2q-D
| MD5 | a38bca829b3792bbd6cb7ede0934bcd2 |
| SHA1 | 304f92c75e5812e4608351191dec4891797b72f3 |
| SHA256 | bf79a585e16c4f5660a3da1c6fe397f3075af18e4d24714992d9c40da09d8172 |
| SHA512 | 28f647f5cdbe5f8f11aa5838ae92c5530365e9dc564bfdec6c2b003ced3b0b9585cec34733e5918cc1c2055ba35b8d777ca0403d137eb902f4b7425175c6b23c |
/var/spool/exim4/input/hdr.849
| MD5 | 4f2dcd9ba2034e7581a4e2107321353d |
| SHA1 | 7c38dd0b24f8045c1d2d8a7ec212fbe21221d5c3 |
| SHA256 | 4d9754141eb9ed1dfb48831a60045512901795c09dbf5d7efe69094dfa40919e |
| SHA512 | 8e96430ea9f3ad3ab4b52d6be3eb10cdd53c511314b8192e3492caf565f5c642f4cb55eb460e3b1bf48d27c29b88368d3096f2bff51007b84a32637d7b6ec99f |
/var/spool/exim4/msglog/1sNZlx-0000Dh-2q
| MD5 | 1ad5830a814f05f7b271a207ce132ccc |
| SHA1 | d7a2956f21e18945e11ec13924d4f9cd4d828f69 |
| SHA256 | 8cb522cfbe1e423ef59335f8fd32d4c2f408fe34bb3d7c8b72f7744aed8677b1 |
| SHA512 | dc7f85b12f2a25cc8bcdb737928d3afe35c7be8f8d0e408a16acdf21c283695084a12db1f68cb0397f25a83b8c4ed5392f43e2d50849e2771c2ee8458a234562 |
/var/spool/exim4/msglog/1sNZlx-0000Dh-2q
| MD5 | 7b2534da79c9b25dd5f74b87d61f0065 |
| SHA1 | 7ef4570babaef07287285fda921816ac8a773e2a |
| SHA256 | 97b91c55cf3fbe2e5c8e3b7351d7d14650704170f099da598b6ef8bb1c6b131a |
| SHA512 | b77f6ba5226c939fd417e9d0ed1b2c077a446e2a75a6f43216fe28220e05464c7da9652a58c1b5eb226b192b35ee5abdc234b6946c545c8dfac691fb641eb6b5 |
/var/spool/exim4/input/1sNZlz-0000EK-GG-D
| MD5 | 87dafb461b910094574a4fb58934b05b |
| SHA1 | 2c42947cbb8ef969e86c00e6707d5e0e4e2202f3 |
| SHA256 | 87348d793ae71076bd4d7851749e3f21977cfd3b7c15dc421021e258d4cedad7 |
| SHA512 | 2de19032c75858b9b5d0716c5f864061fc130baf6d8272a2d1923ec59813cbe5c38a978fa9d3cb24cce000c83109be28cfca71f60eb8f903fa2c5211ca348570 |
/var/spool/exim4/input/hdr.888
| MD5 | fa9db2e1a39fadecbe40b4fa924847c5 |
| SHA1 | 3b276a9dd3489201b73a6e6f7344f7371bbb38fe |
| SHA256 | 8944fd5ce3c928f3c98b1293edada129d180bf9ccf6353c169e4cfc306fa81e0 |
| SHA512 | 706e0836ee7e054982bc24189545935f1c35863b5a512a1c9119db9d6c87ddc6701bda508724a6c27d9f3196bdd6a5ac34e6518b313432f6bd4f756fb31dc651 |
/var/spool/exim4/msglog/1sNZlz-0000EK-GG
| MD5 | 186435471c70c050c06216e73d68bfa8 |
| SHA1 | 23cf742d5a53248bf43315a38f87e8a41caf5413 |
| SHA256 | 6f8d2fe7b1dd03aaa4bcc14b213525938cf38be734a554653ea3eb69608dbb25 |
| SHA512 | e4295c4a8047337d77acb7b1b80e07aece6c36c3c8cab39c17b7551eb02d46315d559001411d29a5a0f24c31c477f9da44befd995388b4887f29f98dc6af06c9 |
/var/spool/exim4/input/1sNZlz-0000EN-Mt-D
| MD5 | bcac2a49bee7706a12f4bc371fb28c8e |
| SHA1 | 28752a9da254a3e66813d6dac7058e14e1b311a1 |
| SHA256 | d03958a6035366804d2c5382417874c755d63a0d41216019f0a6448bcb197760 |
| SHA512 | 874693ae8ad62395625ddf16a56d9c3b4b237c479f56a48a1f20386ba49f7916eafb0ffce69432dcb0070bbfb7e20498f9792ad28e24dec8d7d17aa3ef938f59 |
/var/spool/exim4/input/hdr.891
| MD5 | d11ad865096b4a3b9f9cb0ab6dad4d65 |
| SHA1 | 11a5f376707b461eb97c1a4700619f9e9548e718 |
| SHA256 | c1bac90b850a3a9ea8e8a1165aafbff0bb280909f822b1e5826afc0af1a15265 |
| SHA512 | 8da85eb84bb193230542b9be943e280eae745a29185032c643e3b99ff8175a4b23c5ed86a7739ec17c32984b576f60feb54dadc7caaf83dd765538f3265c32c7 |
/var/spool/exim4/msglog/1sNZlz-0000EN-Mt
| MD5 | c8b60e648d550c60cd3e98ef633906c4 |
| SHA1 | 1c67193cd7013918bc3bfd423cf87c7c991bb34e |
| SHA256 | c3000642528a0bd24b283b0046d5ab191aff1d8fee5ccdc7ef95763e81e5c61f |
| SHA512 | c061ec0915c20a07efbca46e1357fac7b7591f776a23298caba6941e8255497abe91d175e3f5363938d75a1d4b9cfb1bc35be8397083e8b428ea1738ff29ec83 |
/var/spool/exim4/msglog/1sNZlv-0000E3-Hk
| MD5 | 72e54e9bbd3ce6981bbc4f093d6e4f21 |
| SHA1 | 9c85b5def4aa8b3ac4402cae8cb34d9f2e200240 |
| SHA256 | 82d97d6f6df42fe306fa63face7681c1725dedcb3619236a2d4e26f7305ab68d |
| SHA512 | 64624e8e428bcb21d977ee44ca9d9b5cc2ff8f7e2e4c6d53d240e15d9386f2db606f3cabc02d9c2a45f9d00cddf381d8395fa82a9672ecf6c3332b1217b62630 |
/var/spool/exim4/msglog/1sNZlz-0000EK-GG
| MD5 | d75562eb928b150b687d2dfae20dd8f1 |
| SHA1 | 14c4e7435bb2f27f784d27066245d2b2e60dd11b |
| SHA256 | faaaa3d5aafae258c1964f72c9deef8afe0a0408efdf9d03eb5a08e2873cfec9 |
| SHA512 | bb3cc6e54331ee9725a70978f45dbec76a1850fd20ae05bee6ff7863972cd3fdd8964972b2368f9bffa3e41eb473b13652079bc358ea25ee7c8f8bc836f9738d |
/var/spool/exim4/msglog/1sNZlz-0000EN-Mt
| MD5 | b5aa16e511c9927a19e24e7190458eb2 |
| SHA1 | 112b9f991c97b30fe20d796fbb9d922c02c24a22 |
| SHA256 | 486f72489b915a9fcbabd40f782ea6f363312e524c8472cd4cc8c7c264969665 |
| SHA512 | 46d7d85079111836d77157c107224fff7ed6774a59db21c10e92274d63eb069c787e0dfb8107d238bf69f71e013b96ca0d2962813e31ba7895f3d41395f3fdc8 |
/var/spool/exim4/input/1sNZm1-0000EW-Kr-D
| MD5 | 8ee98eb9c521051b8fcdc994a22e744b |
| SHA1 | c7560acb97f458618127db948142c1bd69aebed2 |
| SHA256 | 0de0ff65ec78dfa76ed10f552aa5d9c4d7fcd74c374ebea13afd9cd8b46c3d94 |
| SHA512 | 9039be6439eacdcae9394675c692ed6c2152071e9bd386484601553d7ffe9ddfbb6c27450bd3f0765adf5211c276ddb3fc84323ae50ce7035f0937746dd650e1 |
/var/spool/exim4/input/hdr.900
| MD5 | 878b58c190a8aaac10d4f1826616d44a |
| SHA1 | 4670a6f933fe9585b421e950d82adbbc802aa7a9 |
| SHA256 | 567fcb3360b1b9ce4f5e3ac820020d4fec3d4e3c2464a723a8d3976cfad436e6 |
| SHA512 | dddf1630bebef2a8f5aa57bb481abfce2bdee5b0ba72aef382062c24c8de2c3fea4e18912cbfcc01176d5ed83b082315fd0c2b6bca0ebff742f73b4dee57b845 |
/var/spool/exim4/msglog/1sNZm1-0000EW-Kr
| MD5 | c8caa79912467ffad1af56e513272f18 |
| SHA1 | 891fecacd4b3e0a303f8643051d2ef31de0c6785 |
| SHA256 | 26b80065efc8939c51d59dc8d452595c5dcb393405cbe1ad98d975354a499556 |
| SHA512 | 2e447cc225dabae638ccac035e47207cd4b942729e7a470a98f56b4350858e83aa6b086256f4da0ec95a030fed15e5fba4c3ceb2f752d9026480e626a04a8cda |
/var/spool/exim4/input/1sNZm1-0000EZ-PS-D
| MD5 | 441bdc9a456c222608af59f1c66a71a4 |
| SHA1 | 15f5f8f87759f17d29aeff962c2a7d99a796c685 |
| SHA256 | cf4ed094792ba259cddb35bb146d630637dcdb458c533d0da79d6de60f81fed9 |
| SHA512 | e7d244c7abe478dc1043cdfdc3423ca644a332c6ae8bd7c27d2fd2f36216f7936c8663e282b1f04c3236c8211f2039f2caa640b2038ad2158755a7b41d66b5fc |
/var/spool/exim4/input/hdr.903
| MD5 | 96be00d6d2c67a8359f42f80e5d12dbc |
| SHA1 | 0a629c1b4171541ea9e4ae5802ffc37fbfc572b6 |
| SHA256 | 44b569ec4072fc1e0fa6cfecbce338d465064f2e3bcd176354ec81f1147d2447 |
| SHA512 | 9f19da082dd95d5f56a65824c10a5c229ead0124224fa8a48ad445693e9c6523358c6ab7be35e2c9651b75f05bb12978767a0a13791fc92efb407be5aa5c7b57 |
/var/spool/exim4/msglog/1sNZm1-0000EZ-PS
| MD5 | 67a3e67b376da1d8eceb11d29215bd0c |
| SHA1 | 31ad79f26ad32e5545703d69d59c7f58e0f1e963 |
| SHA256 | be895883c3e610f1a6041e5515dd14a0a7002a7d905c88df2ad3dc03fe766922 |
| SHA512 | a801d0d95e99194885eb3965ce21701f790825357d5eaafbbcb2d19d2ec8b3d3d2316f5197de0ff061dcf18718d751de2b61d971ac60d048d17a2ad971810eeb |
/var/spool/exim4/input/1sNZm3-0000Ek-3n-D
| MD5 | aa6bc4c87c240f75aa2b3df87c2651f0 |
| SHA1 | 93f00f1fe23c0845a936a64e1927d938cde7540c |
| SHA256 | ed59184ff617181e8caf49fdf344b6472b7b76c179fd992b5ee1c6564f05d4a2 |
| SHA512 | b037dfe1c6977882871d6569c47bda3ecf9a82c1eda86a26cfb97e4f9dc48113ad017478c27a164e77d88a0fcba3812a1a7e71b138dc0220dd561ed1eb160bca |
/var/spool/exim4/input/hdr.914
| MD5 | 4d536e4b93b84a02a6612925d18f4ea0 |
| SHA1 | d57eae95a050e795102a80a80c458b946702100f |
| SHA256 | 6eee2ab6147841cc4909f0ad9db4874a0cb3227218150f7a6db08fc9a109e2e4 |
| SHA512 | 0d9989fc0d7453f8f4af6885641851cd21e3e3d85dd1ca9fc8e5bc8ecb34ffdd3393cfd01ec116d24fe8c5832c5e73a88d3fbd6dcd20773ae3adbfd010599826 |
/var/spool/exim4/msglog/1sNZm3-0000Ek-3n
| MD5 | fb88e0c9ba11a2a914ea874c1b5c268f |
| SHA1 | 8606680c81c6b97bee26fc1e5a277293731dc305 |
| SHA256 | 7b657d92bb6389f91efc716575f07d1e8003e609dac856ed3a071f00b6df2b5b |
| SHA512 | d98e25f92bc65faed1f06293ab40b3535a67db4375f277de036843408cf9f8f51a31ab79717777c3eb030851766366b4e5c71202b93793e083f7bf101a56ed26 |
/var/spool/exim4/msglog/1sNZm1-0000EW-Kr
| MD5 | e61f47bbd1b9f55236f52b82621266fa |
| SHA1 | 89cfb338efaa48f6a1d261d1803992203f8f341b |
| SHA256 | 929ea77a157126fb3a05db7da48abb0fb15df31bc34d989e9085aa68aa32c2d3 |
| SHA512 | 1c154c08c3df4d22c1164620bc51af3d2256b1db79dcd70fc554e144fe71dc4cf16a3f489bb80722eb75e8e7c202876f2fdb41498bb96a5aa205f1d33de52377 |
/var/spool/exim4/input/1sNZm3-0000Eo-FO-D
| MD5 | 9526a87ddb408f5cf7e290eba8cdd86c |
| SHA1 | 1785c03c3c16133bb31f97e273857246a2b5c535 |
| SHA256 | 2d8931ee5283252ccb6510364d6d60b82d5ca9ca990a2625bd8642d41cbcec92 |
| SHA512 | 74d2e160b6a49992665353717672257b43cbfffd5ee8a7b71ebdbffbc48e41f6e1f2bb45c63ba42171a24c6cb8e1bfbf9d3bcaacad9b469a7a0e77a3bca396cc |
/var/spool/exim4/input/hdr.918
| MD5 | b6610ec9b82dda5695f4334e14c4107d |
| SHA1 | 095b9c6811e99e97d616d3e21131d894034aef0b |
| SHA256 | 73de235f84930d23a4ebda6c24e4775e16811a7c1574462416e6ee9ebe6bfc88 |
| SHA512 | 3bae0c87a1ee7ccc87e4d3f50da0a099f2a9e4c8ad127f065f66ab6d0a7d4af6a953f745a9172fe7083e4d9fce1aa00a294b02b27a3be59dbb2635085d161116 |
/var/spool/exim4/msglog/1sNZm3-0000Eo-FO
| MD5 | d617cf951aa6648d2c2bd137c429444b |
| SHA1 | f698f39d445b81df4afd1bb9f7555880467c3320 |
| SHA256 | adfb0e1b8dec9a62e8d8065a9340b560fae7bc101532ff4498f727304712f155 |
| SHA512 | 453e0a80ac1704facba408346c30a862c24f7440d952469cac54bd3473e741d64b2340a5dde30cea03e3bd89a183bcba9bfc2b5ae2a8184c7ff91c5f30479bca |
/var/spool/exim4/msglog/1sNZm1-0000EZ-PS
| MD5 | f29b3374c7e055aa24272653f7291a69 |
| SHA1 | 299aa95074d2b81882080af0525ce1ad281a2933 |
| SHA256 | 2cbefe3e0e9a4bda630df204040c44c478fffec0e31b853075594591d0968194 |
| SHA512 | 639b79559c918a4386ae731eaee1a67563a201abc4d39c5dedcf62df4ccd3be773003210adb5a74236962200467b3e4f93b53ba07a77407ee351a2a2b2efa22b |
/var/spool/exim4/msglog/1sNZm3-0000Ek-3n
| MD5 | d7d1cd0b8c8d169fc13976f0f4fb67ab |
| SHA1 | 30acad9ede0ae09599ea60ad0a1e4768cbc6092a |
| SHA256 | 28898626cf3b84e4ed2dcb37af4c1f19e7106f25ca026daaaa458c832e376b36 |
| SHA512 | 319c18d69067de89e2fed371f58e0f8b97bac8ae397e66b0209a69b22356cb3947a3ef67d20a6e5b1522053b618b06284baa2dfab130254f0cebfe4a363b3c40 |
/var/spool/exim4/input/1sNZm5-0000Ey-82-D
| MD5 | 1f085b14dbd3a371b801f6f00bbbc3d8 |
| SHA1 | f2ed72765a2c17f8166630e76ddfe51c99f2e36e |
| SHA256 | 1356b87abb5aa003288a611e05d6723de42fc7f7a1848f75821eee3b49757deb |
| SHA512 | f88722b4e146950b43b0558adac321fa3fe6c26f586e52f68f49415ca1a547f129ab6fbe8724bd7e76e5c5f17ef0dccf6e2c115dabe105829cf1a8c34d363bc4 |
/var/spool/exim4/input/hdr.928
| MD5 | d33766c7af8d004e35cfb2dacaa37cd3 |
| SHA1 | 923d416208715d2bf53d95e73044d13f68916d71 |
| SHA256 | 52dd0b12ba940c2b5d1b0afa6540078ac834664dd091c81c17a3bd50565256c2 |
| SHA512 | 5929e149f19c3704e0d4d355f811eaca7e53f11a6881858aa54b8c0ccb1c19044dd0b7ad71ca4fb3450224f524e6d0009efa5cc68d3ac72e2a2321809ba53232 |
/var/spool/exim4/msglog/1sNZm5-0000Ey-82
| MD5 | 7be131866d7d3302e9f7593bb398a03c |
| SHA1 | b507f8f42ec9cf7c7f341f9d92d35fa6aecef21a |
| SHA256 | ee1769108c4998ac2bdb436b2d90f86c787390db49da62f8d6734dd29f87a6cb |
| SHA512 | fad5b1f13b190c462b0fb60486394ada8058f0c6fc02b8b97966dc6fa6f95d93628fd6a89cc87427b2aaaedebec8b40b05676307d01b348feec89f9b02f49950 |
/var/spool/exim4/input/1sNZm5-0000F2-Bn-D
| MD5 | 9947c55475d8c305bf82dfd8f4013efa |
| SHA1 | 4998f27275a6ba84ea6582dcab6e459862d7c1be |
| SHA256 | fb21e19776b5fc1c2cd8e13019794f054b7c64d9039527868ffe1ea821f08e6c |
| SHA512 | e8e2e735e7465e10ce82a8df6d1fc58b6ff5ca7aa6f5f244ebff181f9a47b65c61ac0c611da7b569e194ee0eb230a7d9f2d5e12f69d719ef917b9e5f168d250f |
/var/spool/exim4/input/hdr.932
| MD5 | 012977ff7a2e44f945f5529803f1c73e |
| SHA1 | 0ba3f2ae6e8b3d2f2b365bc8244634888d176a81 |
| SHA256 | f00c92f964006cd230c88be35473b619671463142f19ca97064d11c458361a37 |
| SHA512 | 0479e26169cf4ebd456492c1197f0a1a7f862e6d901e92aa27cfacc58a2ac809bb206b15a2eb3f8820d187e65d95cdf530f74b35313af6b278c0c44963de38f6 |
/var/spool/exim4/msglog/1sNZm5-0000F2-Bn
| MD5 | 3caee101c91dc661fa7d426d7ecbc386 |
| SHA1 | 5aed483557657f61b377074ad50a4133f13eddb9 |
| SHA256 | 77b9757155a36e2bb70b83d9f499f1639bea3ae3ba42f4ca5a46678b8265856a |
| SHA512 | 0e9073a157aaf44b46cca045d488c85df907867525a8f52ebdb684be7d55ca7b9ce073430807f7d10d5a74f58750bae9d688f0e8dee20add2d62077c65266455 |
memory/936-1-0x775c0000-0x775d1060-memory.dmp
/usr/share/burpsuite/loader.jar
| MD5 | 56a0eef3a96bf373db1298bc6cb63158 |
| SHA1 | f9fb9175a901f4fede20b9d61eb4fadafdd1feea |
| SHA256 | 1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3 |
| SHA512 | d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492 |
/usr/share/burpsuite/burp_suite.ico
| MD5 | 6e90fd2a5093ef7181d9f01f1d1aed53 |
| SHA1 | 88df4a91627ab8adcc4c46738acc180fa50ee245 |
| SHA256 | 7ae3e5b9292a92c750eadcb7b272202b043c401eee2837aa7a775c41700c361c |
| SHA512 | a134a3867698b1c59dae5878e8538187070f326f5fd7926cc7e6ae44bf768db2088ba9579cd0aeca8584d0bf48f3b53619c6d32dbddf39131c8858847d959390 |
/var/spool/exim4/msglog/1sNZm5-0000F2-Bn
| MD5 | 44b559187c1d778f38defc989bf379f5 |
| SHA1 | 4490da1b81388b98327282e7993601fc8b629244 |
| SHA256 | 4d55b41ab3c527c011537473a8378d94ba16fc014c3bb994ea427668bef29478 |
| SHA512 | 8e7e1a0c875b3d0fd0d55f890f7661482e2707daf610340103e0f948801964c3543ef4dab52427a5c562ac46b2fa815ca3325485e3b24de2d0e24a83fbb173ae |
/var/spool/exim4/msglog/1sNZm5-0000Ey-82
| MD5 | 781ad83fb23c7f043bb317512071ec7f |
| SHA1 | c23ff32373df897dc234e4546ab7b5f3bd2ad485 |
| SHA256 | 3d409257a10479fc8eec00ae47bd36457a2aa294b268dd1e705a7773fe1e44fe |
| SHA512 | 78f541a2f1c4f855f98556c33b3a6090300793e9c7f5c2e94ea1ccd3aa4523fff4026158569798a9f46f9e04f605db15a0dac38ba90168fccf849ff6c366cf80 |
/usr/share/burpsuite/burpsuite
| MD5 | 91f22d9e29f84119d6845b3c959d0274 |
| SHA1 | 205288d6c2949890de534155eae7185d6aa96681 |
| SHA256 | 3416560471aac7e55419b164a1f2da5aff70dfa59b65318546fae7458d9f44c5 |
| SHA512 | c1205c97da639144ed6bda9a05defa0ddfe318d4eee42d4088de79207ed4d34b85bbe9896fb2d27bb51d0623ac7b95fddf2492a4dbb2a4c927e8b2de4fe63d36 |
/var/spool/exim4/msglog/1sNZm3-0000Eo-FO
| MD5 | 1aee5c87cc7cc3aa2b9b275dbeecbc21 |
| SHA1 | 08b7ec82ede8478dcfd2332b8ef35ebd5b2150f7 |
| SHA256 | 145cbeb687645df6a06cf8d6b99718047b349734d51d42c5e4499b2fb5413b5d |
| SHA512 | ac7cbf8179321648180a49ddc6d606c055bb1220f82230a1909b727a85f3d983ef182baf489ffd43b539078b599162e0c781a16e5fad97c21b01e68168763fa4 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
debian9-armhf-20240611-en
Max time kernel
148s
Max time network
3s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Processes
/tmp/Burpy-main/Linux_setup.sh
[/tmp/Burpy-main/Linux_setup.sh]
/bin/mkdir
[mkdir -p /usr/local/java]
/bin/mkdir
[mkdir -p /usr/local/java/jdk19]
/usr/bin/curl
[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | download.oracle.com | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Processes
/tmp/Burpy-main/burpsuite_pro.sh
[/tmp/Burpy-main/burpsuite_pro.sh]
/bin/ping
[ping -q -c 1 -W 1 google.com]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.21:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
debian9-mipsel-20240418-en
Max time kernel
7s
Max time network
0s
Command Line
Signatures
Processes
/tmp/Burpy-main/burpsuite_pro.sh
[/tmp/Burpy-main/burpsuite_pro.sh]
/bin/ping
[ping -q -c 1 -W 1 google.com]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | google.com | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
win7-20240611-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar
Network
Files
memory/2464-2-0x00000000025F0000-0x0000000002860000-memory.dmp
memory/2464-11-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2464-12-0x00000000025F0000-0x0000000002860000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win10v2004-20240611-en
Max time kernel
140s
Max time network
112s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2484 wrote to memory of 968 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 2484 wrote to memory of 968 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\keygen.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/2484-2-0x000001C600000000-0x000001C600270000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 8d1e51ba9332122f555e143e35d15699 |
| SHA1 | d701d60aa9b9d4e4cd705bff13aba2c6d44e8911 |
| SHA256 | 36ec4dafb8ffed078f2d9f9a93fb2b9ac9c7c5a30007fb0175625edcd5ed7d46 |
| SHA512 | 7435dbb1febb3884bd1fa5650af616b0fff310748f4f7e182e59894974cde97338b14a698b12af7e5f99f87d6df596a6fd4cb230e8691b4767c262429aebdcaa |
memory/2484-17-0x000001C600270000-0x000001C600280000-memory.dmp
memory/2484-18-0x000001C675890000-0x000001C675891000-memory.dmp
memory/2484-25-0x000001C6002A0000-0x000001C6002B0000-memory.dmp
memory/2484-24-0x000001C600290000-0x000001C6002A0000-memory.dmp
memory/2484-22-0x000001C600280000-0x000001C600290000-memory.dmp
memory/2484-28-0x000001C6002C0000-0x000001C6002D0000-memory.dmp
memory/2484-27-0x000001C6002B0000-0x000001C6002C0000-memory.dmp
memory/2484-33-0x000001C6002E0000-0x000001C6002F0000-memory.dmp
memory/2484-32-0x000001C6002D0000-0x000001C6002E0000-memory.dmp
memory/2484-35-0x000001C6002F0000-0x000001C600300000-memory.dmp
memory/2484-37-0x000001C600300000-0x000001C600310000-memory.dmp
memory/2484-38-0x000001C600310000-0x000001C600320000-memory.dmp
memory/2484-41-0x000001C600000000-0x000001C600270000-memory.dmp
memory/2484-42-0x000001C600320000-0x000001C600330000-memory.dmp
memory/2484-45-0x000001C600270000-0x000001C600280000-memory.dmp
memory/2484-46-0x000001C600290000-0x000001C6002A0000-memory.dmp
memory/2484-47-0x000001C600330000-0x000001C600340000-memory.dmp
memory/2484-48-0x000001C675890000-0x000001C675891000-memory.dmp
memory/2484-50-0x000001C600280000-0x000001C600290000-memory.dmp
memory/2484-51-0x000001C600340000-0x000001C600350000-memory.dmp
memory/2484-53-0x000001C6002A0000-0x000001C6002B0000-memory.dmp
memory/2484-55-0x000001C6002B0000-0x000001C6002C0000-memory.dmp
memory/2484-57-0x000001C6002D0000-0x000001C6002E0000-memory.dmp
memory/2484-56-0x000001C6002C0000-0x000001C6002D0000-memory.dmp
memory/2484-58-0x000001C6002E0000-0x000001C6002F0000-memory.dmp
memory/2484-59-0x000001C6002F0000-0x000001C600300000-memory.dmp
memory/2484-60-0x000001C600300000-0x000001C600310000-memory.dmp
memory/2484-61-0x000001C600310000-0x000001C600320000-memory.dmp
memory/2484-62-0x000001C600320000-0x000001C600330000-memory.dmp
memory/2484-63-0x000001C600330000-0x000001C600340000-memory.dmp
memory/2484-64-0x000001C600340000-0x000001C600350000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win7-20240611-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar
Network
Files
memory/2436-2-0x0000000002420000-0x0000000002690000-memory.dmp
memory/2436-11-0x0000000000120000-0x0000000000121000-memory.dmp
memory/2436-12-0x0000000002420000-0x0000000002690000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
148s
Max time network
128s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/Burpy-main/Linux_setup.sh
[/tmp/Burpy-main/Linux_setup.sh]
/bin/mkdir
[mkdir -p /usr/local/java]
/bin/mkdir
[mkdir -p /usr/local/java/jdk19]
/usr/bin/curl
[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | download.oracle.com | udp |
| US | 1.1.1.1:53 | download.oracle.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | e2875.d.akamaiedge.net | udp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
debian9-mipsel-20240418-en
Max time kernel
43s
Max time network
40s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /usr/share/burpsuite/burpsuite | /usr/share/burpsuite/burpsuite | N/A |
Creates/modifies environment variables
| Description | Indicator | Process | Target |
| File opened for modification | /etc/environment | /usr/bin/tee | N/A |
| File opened for modification | /etc/environment | /usr/bin/tee | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/burpsuite | /bin/cp | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/tar | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/sudo | N/A |
| File opened for reading | /proc/self/stat | /usr/bin/sudo | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sudo | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Burpy-main/jdk19.tar.gz | /usr/bin/curl | N/A |
Processes
/tmp/Burpy-main/Linux_setup.sh
[/tmp/Burpy-main/Linux_setup.sh]
/bin/mkdir
[mkdir -p /usr/local/java]
/bin/mkdir
[mkdir -p /usr/local/java/jdk19]
/usr/bin/curl
[curl -L https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.tar.gz -o jdk19.tar.gz]
/bin/tar
[tar -xf jdk19.tar.gz -C /usr/local/java/jdk19 --strip-components=1]
/usr/local/sbin/gzip
[gzip -d]
/usr/local/bin/gzip
[gzip -d]
/usr/sbin/gzip
[gzip -d]
/usr/bin/gzip
[gzip -d]
/sbin/gzip
[gzip -d]
/bin/gzip
[gzip -d]
/bin/rm
[rm jdk19.tar.gz]
/usr/bin/sudo
[sudo tee -a /etc/environment]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/tee
[tee -a /etc/environment]
/usr/bin/sudo
[sudo tee -a /etc/environment]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZle-0000CY-Rg]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlj-0000Cb-U3]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/tee
[tee -a /etc/environment]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlq-0000E0-40]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlu-0000Dw-Si]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/java java /usr/local/java/jdk19/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlw-0000E9-2B]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jdk19/bin/javac 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlw-0000EC-DH]
/usr/bin/id
[id -u]
/usr/bin/sudo
[sudo mkdir -p /usr/local/java/jre8]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/bin/mkdir
[mkdir -p /usr/local/java/jre8]
/usr/bin/sudo
[sudo curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZly-0000EP-4b]
/usr/bin/curl
[curl -L -o /usr/local/java/jre8/jre8.tar.gz https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244548_89d678f2be164786b292527658ca1605]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZly-0000ES-Di]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlz-0000EX-Eh]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZlz-0000Ea-JX]
/usr/bin/sudo
[sudo tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/bin/tar
[tar -xzf /usr/local/java/jre8/jre8.tar.gz -C /usr/local/java/jre8]
/usr/local/sbin/gzip
[gzip -d]
/usr/local/bin/gzip
[gzip -d]
/usr/sbin/gzip
[gzip -d]
/usr/bin/gzip
[gzip -d]
/sbin/gzip
[gzip -d]
/bin/gzip
[gzip -d]
/usr/bin/sudo
[sudo rm /usr/local/java/jre8/jre8.tar.gz]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm3-0000Er-99]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm3-0000Eu-G9]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/java java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/bin/sudo
[sudo update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --install /usr/bin/javac javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/bin/sudo
[sudo update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm5-0000F6-AX]
/usr/sbin/sendmail
[sendmail -t]
/usr/sbin/sendmail
[sendmail -t]
/usr/bin/update-alternatives
[update-alternatives --set java /usr/local/java/jre8/jre1.8.0_301/bin/java 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm5-0000F9-Pf]
/usr/bin/sudo
[sudo update-alternatives --set javac /usr/local/java/jre8/jre1.8.0_301/bin/javac 1]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm6-0000FF-V0]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sNZm7-0000FI-3P]
/bin/mkdir
[mkdir -p /usr/share/burpsuite]
/bin/cp
[cp loader.jar /usr/share/burpsuite/]
/bin/cp
[cp burp_suite.ico /usr/share/burpsuite/]
/bin/rm
[rm Windows_setup.ps1]
/bin/rm
[rm -rf .git]
/bin/rm
[rm burpsuite.jar]
/usr/bin/curl
[curl -s https://portswigger.net/burp/releases]
/bin/grep
[grep -Po (?<=/burp/releases/professional-community-)[0-9]+\-[0-9]+\-[0-9]+]
/usr/bin/head
[head -n 1]
/usr/bin/wget
[wget https://portswigger-cdn.net/burp/releases/download?product=pro&version=&type=jar -O burpsuite_pro_v2024-5-4.jar --quiet --show-progress]
/bin/sleep
[sleep 2]
/bin/chmod
[chmod +x burpsuite]
/bin/cp
[cp burpsuite /bin/burpsuite]
/bin/sleep
[sleep 3s]
/usr/share/burpsuite/burpsuite
[./burpsuite]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | download.oracle.com | udp |
| GB | 95.100.244.78:443 | download.oracle.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | javadl.oracle.com | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| GB | 23.204.232.117:443 | javadl.oracle.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-10 | udp |
| US | 1.1.1.1:53 | portswigger.net | udp |
| IE | 34.249.63.188:443 | portswigger.net | tcp |
| US | 1.1.1.1:53 | portswigger-cdn.net | udp |
| GB | 18.165.242.81:443 | portswigger-cdn.net | tcp |
Files
/tmp/Burpy-main/jdk19.tar.gz
| MD5 | 477d9862374177c810b0b7d73b4f1e53 |
| SHA1 | 22e24467abee736e965fc3f7228ebf3a607febf3 |
| SHA256 | d97f0f402bd65a9c26aa266246b0894c8d6762e82373377641ca779c46406299 |
| SHA512 | 40503981aa19ea531892e25972422ee49405569b4d2300d10d0457341679ceba0f187552005cb4e457ba1a2e872bc003fad29dbc8f7acb2cdfc5cf92bd484478 |
/var/spool/exim4/input/1sNZle-0000CY-Rg-D
| MD5 | 2c00f3c17457dc1a3b58b59c8feafdb8 |
| SHA1 | 96a3c358fc629424e30b1623b5df494aa5b0ddbf |
| SHA256 | b0b4f9a6884d5175f70e9438a0a28ea10809057140123ce9d5e5295e7a837839 |
| SHA512 | 9c80340b88cf72f75b7ce0b4ce631a8c7af27da3fb18a21ea9cb38673d15a60a0c51539add273d8390bae1d150d3b537b19d1fb9d3c825f2c0e83de042ecb1ff |
/var/spool/exim4/input/hdr.778
| MD5 | 61dc620ef5b6d0efb5ba4a362e7e01f9 |
| SHA1 | 64bcff59369adec2404915bb396496de0646c409 |
| SHA256 | c8068dfc0dad5d6d5fe9e81f5e400907f9e651f653f13c7eaa1d0522020d1e8e |
| SHA512 | 040763d4f5eff92a3e6ff7c6cbade9a33c5b48c5d0594c22b115a681f2a99d627ebe0ed928205b69b17840fc53837d3888a28a624775b54788fc18602823df3e |
/var/spool/exim4/msglog/1sNZle-0000CY-Rg
| MD5 | f819b91eb100307ba875603280a4e05b |
| SHA1 | aa50b151a2a904b0aa0736b9fa4fe8402629bfe5 |
| SHA256 | 7dedbc41dc000db15f11c8e74bd0886f119cdd53a0d5e1303791df93f7de7e9c |
| SHA512 | 1b855016c9ec08b69e93642b62bf1cdfde0c518642473eb49bb68248c2111aeb903341eee8950a8e59caed2f0290fc0181bb13c2c77a623096435bcff6576917 |
/var/spool/exim4/input/1sNZlj-0000Cb-U3-D
| MD5 | 9f28094456305a459d7038920743b71e |
| SHA1 | 7c62ebdcca8b31de684ddc9d71dbf646015715a3 |
| SHA256 | 5d30088fcf1fb333f50314ea310d5f9f6af04b2dcf0f6b02e40d1a3c78f502cc |
| SHA512 | 6a957ee0dbef4be0fe7aa8c214c863aa3d76895f12d2316d76632a2786f1dc32b011f86470cfed2a31d33cbcce096ca8adbe713bf4b3d1288a20a35b87f161c9 |
/var/spool/exim4/input/hdr.781
| MD5 | 93ba6b2a0e3037116ccbe450a8088060 |
| SHA1 | e9ead3cf508893991bfb6fc7609b1d59d4000b78 |
| SHA256 | 58707565c41ee2eccd406b586d1262dcc9ce166da9e5c76b0e3c1fea4ab768e1 |
| SHA512 | b2793f0cce6f420aa2d14101455b25689d9b3affab9352607b960403a589c84f88c760b600438ae766abd311c3260200f3561fe0e6d4f54b6ce84fa4a487588c |
/var/spool/exim4/msglog/1sNZlj-0000Cb-U3
| MD5 | 7685f6d1ac4c10635711dc882a776f39 |
| SHA1 | 860cb51bb4d3f54539a8b5d86bb3030404f82dc1 |
| SHA256 | 8a639cc697c31e54e7338121111f5e624ced93b3157d783721732ecf049f83a6 |
| SHA512 | 6c1e60aeef3d34794cb992af6aaa5cf0b21e20a851c3770266302aff0d1521f6c5b27bd73d1a49930bb12f03efdb73a636f689a6c02d1470b076bcf33c110338 |
/var/mail/user
| MD5 | a30e46f8640ef305975d8548bdee6eba |
| SHA1 | c0cc506d546dbb42c1ffae44d76edc580925fef1 |
| SHA256 | 205b199a6bea2182e8d9f667ce9d93ff3861d0e0ce93297db4609dac0b755d87 |
| SHA512 | e1d05f25ef96ed825022a97ca5b981198bfea180e0cd5078aaee44635d7036701e69692e662951dcbae8f144ab7e2e5170276a656fd376da129e1698ac879e64 |
/var/spool/exim4/input/1sNZle-0000CY-Rg-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1sNZle-0000CY-Rg
| MD5 | aea3d766ad0b66d86ad6d331123fe606 |
| SHA1 | 3ae656fc3cf9a284cc8d1bbcc2e2ffcc46dfe8b1 |
| SHA256 | 874fc4199b2cb66e93aa624d4d92203b8a682a87841dada88a0b298f8a62e6ba |
| SHA512 | f8a76c9b3983d320bbc045f2927358a30513c2613d40773cdbb3394fa6800d8d62eadbfe890f98533bc34c8b1be992314435bf2cad5557561f055b7abc2c08c0 |
/var/mail/user
| MD5 | 74436d6f17f9ccd0e35b3160003db57e |
| SHA1 | 3b7e70c4375c296ee2b3915a2f9250b9ff6ff922 |
| SHA256 | 2646546d44c758107a09135850d1cba08cd729ed536ddec65cb2d2d51aebd154 |
| SHA512 | 916a003bc82d3c6f28eb7996e2fedd0e4796ad083941b64ed3941a954c06828b32729d0a6ce9d05444c3d37b1aff61e4c5a097b74ebdbbff22699a54882163eb |
/var/spool/exim4/msglog/1sNZlj-0000Cb-U3
| MD5 | 7b9343fae03dfa28d787db01fd149a94 |
| SHA1 | 5662313bceb58f86eb8e8333fd7862c1e8e09616 |
| SHA256 | 3d498ae7506095429145c5d4bb220b129fa81e7fc79a3bd5df1d996e677e3446 |
| SHA512 | fc4ea1fa1babe42e283f114642662c4459351e46f7f678f833ca457b2db0d4e81749e0c1a29092906886bac3fe63770246ae73dd2fe84ac20336ed480ddca8ab |
/var/spool/exim4/input/1sNZlq-0000E0-40-D
| MD5 | e76b784686c1305c88915e8a15792fd1 |
| SHA1 | e71678bd8cb3a524527cd75f9856d434ff6b18d8 |
| SHA256 | f3e2addf037ba2aabce5becc4dae73ff3b668673d9bcaae9a71e50b77c9dcfa6 |
| SHA512 | 3f4cb7e0bcb44a67f4df0a25114810b1711a49bb27ed8751f2d45d17a82c52064e89c1c82b8644b13236627999a24058414a1bcde77e9bbca61ee8d32ace923a |
/var/spool/exim4/input/hdr.868
| MD5 | cce0b9bda284372c156f2db9af9acc88 |
| SHA1 | dc44b16230978fbc1052bbcb1a346b5e9ddb2657 |
| SHA256 | 69875778e4cbf19c7c22276364903755a70eee476bf2e1343aefb38023262d14 |
| SHA512 | 5c3c2ed6c910936bb3d75128ba3b327429bc2e258e0bd26555a8f931f00a5697c9e4b0ecc5e409f92942696de839d25287007c59db083d34a4a9fa5f07320d3b |
/var/spool/exim4/msglog/1sNZlq-0000E0-40
| MD5 | b74c7ca093ff27ba698a148303099d5d |
| SHA1 | b3fe64e46466ed5e5c73c1c2dccf08619a438407 |
| SHA256 | 68da7ef66ca9acd3e74a30fbd0b249f3addd74b9307b859e27e1577ddb0d9ba2 |
| SHA512 | 2974b06d7b7dfa9759afdf6cd42ec268bf8bb90e267af4a6013a187837dbaafe0d655d1d0b97491e8fa78f0ac6141b4f6094002e62ffc88db60a601654efa7b4 |
/var/mail/user
| MD5 | f4e596f46d31404dfec3a48bbc334a91 |
| SHA1 | 6a1317208947df5305b8ebd4fe711ec0d71701bb |
| SHA256 | 58e91472ebca6bd572311c9cfe3f04b4494dd8828348eb43a9b8e5c05a837933 |
| SHA512 | 01533646cb07458c78734f724be59938b1772ac55dd53c2ae1622fbc146de6680e248b74b73c9dbe9fa6bcced1ec940a1523a6e666a342ec770ca2a73fc204e4 |
/var/spool/exim4/msglog/1sNZlq-0000E0-40
| MD5 | e87497d8e9dd74892a6397321003214a |
| SHA1 | d228c82e7caa32647f3b9a7bd1f59e7f6b6919d4 |
| SHA256 | a1cf0eb1a8fa08eff311a06b9562bce908fbe427cb202ef90ec9771ff1316d76 |
| SHA512 | 92f28bdcba684ba0d778158cc0db3cae78717ae9d9d854046bfe6d8dbb5e8c088f04d47226456ff401f63063391242e5c6b2d7d3f938a55644d1b5984c26edd0 |
/var/spool/exim4/input/1sNZlu-0000Dw-Si-D
| MD5 | 99a6d97832758e9f1ef1524306d399e8 |
| SHA1 | 3d3b2680e59d9a02c6777e1207f629f3a64fdbcd |
| SHA256 | 23394856f3f7606f05470456a5bde728d621be0cac4ad792e380e3c6226fcd8e |
| SHA512 | a1f7e08e33e76985953219b0dd7bbf4c1d92fa3cf18fe32cbdac2fa26b499b022c95a03dedc2fa750139ac58a08921153ed7c4d8c17cb71d5b2eb3a4770a1eed |
/var/spool/exim4/input/hdr.864
| MD5 | 707177204548ec5f5c5e59a6e4e24fd1 |
| SHA1 | 26ad06a102c6947998cd80065fc846c7287d5298 |
| SHA256 | 9601004aa7e53fb142a9e4216ec60225bf121a012eac064a37d54ec8d1b9a678 |
| SHA512 | 70dee89fb6044f8e8ecdb6436e6acc5c87b24c030acd4661b620d6c595927cdf507a344f79b40814f263df7f86cd19eaca9da0ee77aa8ec1341b105c7977eae6 |
/var/spool/exim4/msglog/1sNZlu-0000Dw-Si
| MD5 | a65baceeba88eef4559b626c2bbd6f71 |
| SHA1 | cc4108dd6b6928a8d96bda2887d9922b1f952791 |
| SHA256 | 363f219a223152b352013c288d5bbec6e999b5656e1a87ca4ea9cedba7d440ac |
| SHA512 | 96121d14cfb838ddf4c423c9804ed9b7a0de11432c8309c58264b2b2063b1648d410f0680ecbd2678507b784203ea9e0cf97dc11ef1b0ce6ea14626cb872b538 |
/var/mail/user
| MD5 | 7451a032b5e9d8a2e8e605108d652f3d |
| SHA1 | d31f0071ecf7c58d85e0c5fa5185966b6163ce85 |
| SHA256 | d343ad56847a0b3837642f79d36dd281a3e589ac5621ed1e08242a3c224910b6 |
| SHA512 | 236f2a36523bba7def9aaca9fb0f517d944b42eb29adcd11c90ed5f67fef763111a4be64fd897937c300d3380b76f2a99c226a2eec982e3108cf46d77cc029e4 |
/var/spool/exim4/msglog/1sNZlu-0000Dw-Si
| MD5 | 5fc88861bd28d1d7cc3838f0d6fb6f98 |
| SHA1 | ad633254aa0c5af1ce3d158f2a519c7cb841742b |
| SHA256 | dafaeee0d66917cbcffbe5c4ef2627ee2b34b5e4de2ac5847b55a560ba0b572c |
| SHA512 | 8349e0153e0019c0acb3a7b0dce840c204ac314ed6c1c12db049aabf519a492ffce0f3b1fd0025bd18d54ed6e4bdc7f53d63490f70244bd89e9e57d6d993d621 |
/var/spool/exim4/input/1sNZlw-0000E9-2B-D
| MD5 | 54a98ff0812a55e1196d12598b7e051b |
| SHA1 | f170031e0cf3ed513ab4a7fd6b42aa7064db2e59 |
| SHA256 | a2d521237116b748431209db8f89a313f9654a68b372cb7e079705a14215b27f |
| SHA512 | 3224cf8966a80e25e4f0a417e8cca06057bd0fbdbc99c6a7fa8a7222d179285e79d104673f922f2dd3867a0ec2024ad9b4c8250c312ef0cd4b4c388b1be178e2 |
/var/spool/exim4/input/hdr.877
| MD5 | 913a339b55365fa147d7fa1673214a19 |
| SHA1 | eba9e1e06ae97f9a87edd0b8df8a47591998f157 |
| SHA256 | dee13faf75fa752f685ce9bc9d2c130e9348015264b1dbeafdb4e075a1cca6ef |
| SHA512 | 2e3bea13bbdb87d2db7fb0d27e0289a0b80bf8a5520a3b09fd2b733b0f8093584c2b78b5aa733b22180fba8c0c09b6034dcb1372d0dc4f0e0e4df326b81380f5 |
/var/spool/exim4/msglog/1sNZlw-0000E9-2B
| MD5 | 583fe70b70fb472a1baa771281f94b06 |
| SHA1 | 72978afbb1296b65b2c3465409e6dd9e0efc2c5e |
| SHA256 | 34878637628b890b7fcd0cd15802966d9233c9ea6bda3706b65d3a391b70abef |
| SHA512 | 8653d393dc58f66aab45339e0e8682ca0cf194fc904ede233a412431c72ca9143c456e9eb1c4c1ae7ea0358c721870fa67b6cafd4533b9857e4c48ba6a7c5331 |
/var/spool/exim4/input/1sNZlw-0000EC-DH-D
| MD5 | 2cb5b9b7e5205e4ac0486ae03529d1ec |
| SHA1 | ebbef5e4acbfd60be8404018336c4aa4cd1dcc3b |
| SHA256 | c7b364caffa98a36610931d4cb4396034e053233a501fc3b78b3c8f0d1349a56 |
| SHA512 | 9fdecc70395c25538c797cd4af8985270cd5a166a9f995093d44351eb58d73e174bef7a6cbd776a43df6413bd993308462e8cfa463aa278d5c5db182daa75056 |
/var/spool/exim4/input/hdr.880
| MD5 | a754f4e11443f08ef86c8f720186ddfd |
| SHA1 | 0034344e8175f51e11479b8f4e9baac442f188ec |
| SHA256 | a46bf536e3a9329f6e4dcc1be183724284347d4e0e081756624c68b8f25c0933 |
| SHA512 | 4df4898aa7f817187f411f70610ddcb51307d5b9b65368d79598fea86130bf2e99fdf9111baf5d608b51e3c4f8fd004342fe1d28829e83bbe72497929f672def |
/var/spool/exim4/msglog/1sNZlw-0000EC-DH
| MD5 | 5546b89b2026bfeb6bddee140e4f2ef3 |
| SHA1 | 988ca2bf91638cac82b0947a58a9e5bfb55bf20e |
| SHA256 | 27a589c12f1734661855282da1bda57e5831d79081909c4a829daadccd5c606e |
| SHA512 | 1b3fffbe613868a5b1411885d3f0213376aba66c27383cd7d486ed82a4fd1a836b1b3fb9ced6f1eb3184fc6d082acb5b31bf30af2ba4592eda820ee4e6436813 |
/var/mail/user
| MD5 | 31e24f1f690295bedab9d89b453c8d04 |
| SHA1 | 2eedf08838cd8d032e458535e9042e76de60a1e3 |
| SHA256 | c29d67ec141828541494b67a7b9735605cdd4dba4faacd0fb2c363b4e4a0f7fc |
| SHA512 | 6dacc8b6911205a12f95643531ae9bc9045ce801b6373355293922d110d5f62f2fe70950f5ac056f23496deb2e321814c3859de440fdd91b776169969278fa46 |
/var/spool/exim4/msglog/1sNZlw-0000E9-2B
| MD5 | e0ffa29c0f7c0300cbd9cd4ca650e667 |
| SHA1 | bdc32b972dd4f1052e1e30d04b83912a24ce3066 |
| SHA256 | f9dd1c7cbc6f73dd89d8c79f07b3f0f4c8ca4d9aa85431c5b5ea7c9e9e358e44 |
| SHA512 | 9cf738eb3fef98c396232e95d25fd48a55539f7c0f6598594f62ba7f4d33c61d54a5bc40257e08fad73856ca4fdc3f5d18e61d8ac4f631076b7a27a957c888f2 |
/var/mail/user
| MD5 | 446027e287dbc76a341b6afd987d463b |
| SHA1 | e91aaf744a29f07b61139d4f204013fe4d0ebec8 |
| SHA256 | d163883149a61eebbdf7c6860faa9d1c571b5aacb089837342c6deef6a0ffa17 |
| SHA512 | 0967266906cfb59dd739715a67e52336145d69b8f309b9f487e92cd830e63332ff53f01334d042a9a80700dcd1b2c46f79ec1005d9b78447d603076f7b620990 |
/var/spool/exim4/msglog/1sNZlw-0000EC-DH
| MD5 | 098077792cada87e667a0e1986b14410 |
| SHA1 | 19d65e847bee45bb4056612d3fbe55b7a3b01e2f |
| SHA256 | 39b0772bb58b38be53ccf30c318e607879bbcbe656f2e369f7181a37d3cbf8a7 |
| SHA512 | f6dbab96cf28185ecf335b0c39c498c565359e422c618558358674fa94c9be2ac734a2bb3b3774ddb39533fc83717774a4720d6a0b63ab45d5b55201447ee8cf |
/var/spool/exim4/input/1sNZly-0000EP-4b-D
| MD5 | 7a7dc5fab6cc24565f3f1de5ea6f63ae |
| SHA1 | 29b01a906acf7ce167134725f121d247bad3ac83 |
| SHA256 | 470998e409cb2ab3e70beca0f3a8b4661a6f4558b18a7bb70e6fc969c09a4af5 |
| SHA512 | 4edd12ba6dc5dab188e1e7ea41fe43162c9ad6ef338b87e24134849b9ad4c80464e77dc517957f87e5d71e0785d447b26104c4bbb92d06612a78d7474dd50d31 |
/var/spool/exim4/input/hdr.893
| MD5 | fbae815c76160eee6aa1d1cdae2e609d |
| SHA1 | bc143bd5f8368dd216465b6a7fc480917d5ab09d |
| SHA256 | 34f0e71a9fb679a7a454f873af8065ee8f9c75bce2c89f0b8ba3e319cc535616 |
| SHA512 | a37e3da78f24137de85bf7cf47aee3c561e51059906569f9d409b154945d1f03d94ea9d01f0462110399b74ce060fa3f16ab5f78f126c7492479491f325955dc |
/var/spool/exim4/msglog/1sNZly-0000EP-4b
| MD5 | a28cbb12292f643bd62fece10438a4fa |
| SHA1 | b4909c6db087818aeb682aa6beb2c90f70510cf5 |
| SHA256 | 85e01c69a12486fabadfe8bea0554fb59cd0af75eba882c57194a98acd62062b |
| SHA512 | 0908e26b995471382420ddd83108e19d7011d64508a0f5f0ff0471bc8305622075d2604fe181359f8a7546a4e0f8c342a8c33e69f3563476d14e0d484b1e8de5 |
/var/spool/exim4/input/1sNZly-0000ES-Di-D
| MD5 | 462bc76a995a31cc7df803c197d7b9b5 |
| SHA1 | 0cb0d63fc6cdd5ef897361d3ebc093f9054d2ae8 |
| SHA256 | b5f64d34945297ae6b8a9acb8c87edeb9799b445caf0b86137f583dafe9e7332 |
| SHA512 | 23727f3417bac37b65e6990141a12b54500376204a492f3407b7574ed5d40ad9884138ce25b756a35790eb1d3c411341190310ef4c7a6676d56ab5330901a2cb |
/var/spool/exim4/input/hdr.896
| MD5 | bd7d66f45bdd5662be7a2a6ec1f63a9a |
| SHA1 | 4abac2f33a1498bb09be5c7ef09f0056f03375e9 |
| SHA256 | e66b0c07cde15788ac80c7eca48d823d2175cdf88051ccb681a101ec7b43bc5b |
| SHA512 | 848ada62e5a32aa730eb0121cfb840974495fb49a2e3995f6dac2caf2c286a17457b6287153834b918f1747f9edfc0b5e50f19cc4d432fcb428fda4023d4c867 |
/var/spool/exim4/msglog/1sNZly-0000ES-Di
| MD5 | 53edb9a450d4f896ee932d0ca80a5f3c |
| SHA1 | 417ad244f0ae4b362d156f9fb64daf702e501469 |
| SHA256 | 7a9f5839d19ddc525ae3dcc2542b3ade72d0d79f4686611fba30f6ac50d5fb63 |
| SHA512 | 1475b225ca23eb99f9d1ab08214509a58baeb0e40dc7cb7a988a3fcd73dc31913ddaaf1ca301dc2ad257967397882d98d6ff637cf9cef64b80fc2b19584f245c |
/var/spool/exim4/input/1sNZlz-0000EX-Eh-D
| MD5 | 71b03a25c4802882b97dc889d90f0472 |
| SHA1 | fac4dab7a0b006f1cb8e69fd70094acea1fd0494 |
| SHA256 | e812097d8dd0583209c4cdb33c2419def0e21bb252cc66d9756f70a9254cf1b3 |
| SHA512 | bcfb24094d548177c8eb4b6c07788b684ee0334b8316dd276217ae5e20f3be2b7e32f6dc7d73a971237ecc5ef35e3ceb0df10aea439844d4e96b6f0dd869d1bb |
/var/spool/exim4/input/hdr.901
| MD5 | 878927f37f426b1cbeedc5f10e376e1a |
| SHA1 | 4bf2971d123e19ac81c79949094c82baac5d2f99 |
| SHA256 | e39ece27481c26705eda0b98798c6165f0f8a6b68b97c657510db7de026201bb |
| SHA512 | ee81da42ae84f4c53ea4a552b1831b86372831e2541e76a39f7a51a322e8949d6b00ff1974701223ef82e613ab28c9137c7763a3e1a39f95f2e103d2ca654938 |
/var/spool/exim4/msglog/1sNZlz-0000EX-Eh
| MD5 | 08c6096d087003dbdfce897217c925a6 |
| SHA1 | ccfd843897ade8eb22539b91174a2e79552d7875 |
| SHA256 | 14b88140444fbe1285d60bdfcfc5a0c55152956455de6f333d8c7095ab821e1d |
| SHA512 | 737e672a357dccdab7079273980b94189f44832b94b7cb1b87b2f65f80f8f5524b5c5e89841d46a826d8c18899b4f2c92feb69f82982d83d18b1d4288c643e33 |
/var/spool/exim4/input/1sNZlz-0000Ea-JX-D
| MD5 | 01ec46df9bfc43b33ace78df025bfc4e |
| SHA1 | 5d12f8f570b2b5c23059420439f41b84cd522373 |
| SHA256 | 22d96591461ba975c10ea535d027eed6ab240a9aaab237b8829ba36225bfeb6f |
| SHA512 | c238d2f3f335dc695961f92c363a8280d7bce374280690cda9a71a6f7784d0e584e8d72e73be735ae8ebefec0f183cbd03433628c3ec257da9c9aa813b7aad04 |
/var/spool/exim4/input/hdr.904
| MD5 | 7a6c4c71236b098583ec88d906887ec8 |
| SHA1 | 49f66a342ca57cfbcdfcd41e1fa7dd6296223650 |
| SHA256 | 3bd85721567161b4efbd43226c9643d55c09b5cf165c13c4600c290c26cddcb5 |
| SHA512 | 8e3533ad337a7e1bc7ecce412224adc23c3e6224e788bf4e06136f7b9f9ff723f5b692c7bf70f7ea9873d1e911a2033c0589d0f144870a62a2006144cfa90f07 |
/var/spool/exim4/msglog/1sNZlz-0000Ea-JX
| MD5 | 145c5048e071b0f3e2b46f524e2505f9 |
| SHA1 | 27fdd07fd0f5a1624c41572e0e6646866ad85945 |
| SHA256 | ad19d3d68a2a6e82525b79f41d24a7ee7c393a04cd6c178bf1db9fa4df15f700 |
| SHA512 | d7771b73b21b5e966bf31b37eceb253c7a1146d976684a26082613cbf471b7e068ba8fbe77364745836aa38af448e344267704b7f4e176d84987a2ae8b9f0825 |
/var/spool/exim4/msglog/1sNZly-0000EP-4b
| MD5 | b6c1d8e71af8531e095dfa98c0ee64c0 |
| SHA1 | 8315f6e0324dbb37768daee02679ce46dca6e2f0 |
| SHA256 | de4116fb915f6cdd9a2da367a05ce08aed3c29af11662dc74be776ad3d58d970 |
| SHA512 | 7cb59a9ed65c59caf2303e051f48750ff9434a7ac7b25705e13eb38d048e571366986da9a756141c395e055c2c23d2b71630555ebe1712effe86328313de248b |
/var/spool/exim4/msglog/1sNZly-0000ES-Di
| MD5 | 4acac42a37434738f96276fb4fb60c7e |
| SHA1 | 718f1667d546727960e1fe7c5eb3db921b9e625f |
| SHA256 | bf597006bbd20a8f75d32856ff4308331dd268336388d0d4e6ccea966227662c |
| SHA512 | 9807d8a4fe72bb027e603c5e98ea3cc7f552f2b9b5b48be04f87b6867c28595f02c6d041d8a76ee781dcf9eccc14e4905fb1d1029125601e1a264b7fc95890fa |
/var/spool/exim4/msglog/1sNZlz-0000EX-Eh
| MD5 | 780f04597cc6812c366cfb98bf7ac336 |
| SHA1 | 9c7512cdc0fa75bb0c4ff7590639a99f56b00d7a |
| SHA256 | 6fcb0170fe035a6af569e39bf9abe833299f22a5114e895ec4248b5339f9e086 |
| SHA512 | 84e03e75e9f92e1df0243428c7d3f812b54044ba62caa0c7805f9bb2db3dc2e68f8781370613a0d4177cd85e925e8b7a7d7a406b01088dacb4436eb545566be6 |
/var/spool/exim4/msglog/1sNZlz-0000Ea-JX
| MD5 | 97367c8ece0e18f03d3c0f5780988e18 |
| SHA1 | c0ae8499b629fcea75ba3d46cacab333ed72bef3 |
| SHA256 | c91d57475e1762cd083e01963a5fcdc1c28bdd2dba6efc0de419a6657b2a109c |
| SHA512 | 945993930fd6ae1bdee71bcea0e82510431f17f7eb1c4d5dc6fd6423250b6d4c25c41606e0cc950dff184854d35fc03b32028992c65cac12432e77de962906ac |
/usr/local/java/jre8/jre8.tar.gz
| MD5 | 29fd49c59bc4df8670dcdd57e74ae2a4 |
| SHA1 | 3fe71fa89a806c5e19e8ab19584a4ee206e1dc4c |
| SHA256 | 43f3533bac729d5c3c1f304b91f3551c86b1a6eef55a12a10864ece89bf9aab9 |
| SHA512 | 1718e249629d081cc30242ab65b97f51e5d47bbb5d001529e4aefdd8b928d0c317aa9bb67557a863a20d85c270367933dbca9c7cea377aaa2d4b29f47ecb168a |
/var/spool/exim4/input/1sNZm3-0000Er-99-D
| MD5 | 38c3b116082bc6500b495aea92b94b0e |
| SHA1 | 48cd6b0904a7bf0c0f94dfc514b86caf97ce0113 |
| SHA256 | 85378a3cea7fbce37fa383ee78d5a9b7e785f9c5674d82c4704bda7df2c3e8d0 |
| SHA512 | db6d803162c731dada9bbed3f26e61fe7fec00a732891bce57fdfc85e70dc902d59dfa8b35b5c6cd2c6b48cf1f18a2c3c62aaec3512468ab1d9a581734a06568 |
/var/spool/exim4/input/hdr.921
| MD5 | 34708c4754837d209c5b7b9814f81623 |
| SHA1 | 6c1fc17d2da91eaa1dcce16e2ed77b7b547444ad |
| SHA256 | 4c525580b0d515b75025be94c24f619783af4aa266c47e475a4bc3c0bee3233d |
| SHA512 | 0ece25f31252a6b471de26743d33ef8ddb431d3de94737ff6cb0d9a5b98f2313d0f3604600c4376660c3b9d4c1cfcac02b92ede8de90909223b9611d1339cc5b |
/var/spool/exim4/msglog/1sNZm3-0000Er-99
| MD5 | c656eda51ba922aa2ecff6b42d9582f4 |
| SHA1 | 5c1838ba2da6a89e837b7ee89f92a26212a0629b |
| SHA256 | 683f75d807a31616230aff6d1f69cb54491f9cd17914083c568d93912019dacb |
| SHA512 | 531ba41e9477ee2864f4b84b8da32b454f1fecd9742a8f4052dcab89ef506e0b4403adadd1f1797b08a27791d51d2c929e0bc7a20590fd0745fd5dba4b384947 |
/var/spool/exim4/input/1sNZm3-0000Eu-G9-D
| MD5 | 1f05283324f6798584b58607362c5b58 |
| SHA1 | bcbd6b497e79850ead67d16323f924747bcf8cff |
| SHA256 | 6acd4c04e164e0e7d30dcecf77473a32035a754e2ec7eead62b954d2fe787383 |
| SHA512 | fedcb9c3739eced960ce6b520409b59618bdc7b8deab5885774dce969781ab075ba79a2c5370f6467485dac1a103f0cfcad16b4d461b4de4a90ab26ffa285e40 |
/var/spool/exim4/input/hdr.924
| MD5 | e47f378dbaf74a7a22bc5120894e0ba0 |
| SHA1 | b57aaf470edc48c0c0954987b0d20f104dbd2511 |
| SHA256 | 76c787f236815daeb2c39dea2358ca3c15d657f9717e3f1dc67844cd4b18a980 |
| SHA512 | e5964d98b405c7897da5d30eff13b8fef8712ce2122d1656bdc1bc1c361e1e0ddd56907bef79716a01466da3046f8e9bfcd5b9dfccd1dc859e48aa0e54fbdd8d |
/var/spool/exim4/msglog/1sNZm3-0000Eu-G9
| MD5 | 8fc09465debde9f8492d64c73812f13e |
| SHA1 | 210c152dade885ed9a3c311a66307fe83e8b3f1b |
| SHA256 | aed0957ac43268c08803927bb90b839ea5f31e645a420a887895d793e38325ab |
| SHA512 | 8d25dfaf9bf64c965f8c6783f51b71dbe66a285e7d3abea109519f36b427944dbbb683d092d592975265b90612e0ad18b59f8355a7e157db352981915d10b701 |
/var/spool/exim4/msglog/1sNZm3-0000Er-99
| MD5 | ed36bb3790d5278dce29e0bf949d5dc4 |
| SHA1 | ce74e6091135737dbbcc4c71929b8f3b6cbde46e |
| SHA256 | d538d1a0c9a60601dd4e5a119b5d888cc4a930b6432ffda2121340466fa293e1 |
| SHA512 | 963d6ae011b6c84f7a680973ef36934fcc12064c2443d3dbeec16ef3b5d88a5ebf8be49db20034f3cf8c5aed561014a251c1acc9b2d50d57728294f8da922fe4 |
/var/spool/exim4/msglog/1sNZm3-0000Eu-G9
| MD5 | ef9328730ee140357761ed0dcd62e918 |
| SHA1 | ca5225186f25b081422a752c7c44509ea3e03e72 |
| SHA256 | 3390e31312d08019e96374bed99225d87200a59f6eb028f0008c9b3e08721d3f |
| SHA512 | b09c6bc5b49cc9646232ba2331c2e0f30c9fd831f0f7d255d1d1fe33dcb65cb36606b98b237e1d27c908f490af5e7cccc54b9adefad42f8a3b25fc5f6f7af3d3 |
/var/spool/exim4/input/1sNZm5-0000F6-AX-D
| MD5 | def6160efc118ff56f69199a4aebbb49 |
| SHA1 | 26e7085244aceca9327343f14c8aeab42c0dc2a4 |
| SHA256 | ca6134bd636c6ea67c404c622cfc271bb6c3cbec9086b7fcfc4528f317d4492c |
| SHA512 | 2ce106d4a591ac86c9cd15a5bb955798f46d6e27b4ebae6c68451a7aa1a784bdc67b97c73d110c405fe07e2f1ffe5e64b2f83df33c9cd72ef1b96cdeb6d8fab3 |
/var/spool/exim4/input/hdr.936
| MD5 | 210d2b23119e03197764dc38803dcbd9 |
| SHA1 | 4843a0ea2d470d7ef97758af8030d017fb5d40cc |
| SHA256 | 00a0337eb0d70d046e7e7e6e3cf181c66ac14b8b14f92bca024859c6f81e3991 |
| SHA512 | 10a2043ddd5ebb45c40e06df212b3a17c6057d214fd59002fb4824229a5807709cf7e81c4e671ed1379cf5a6bca6c8dadd8d7aca52e7ef348fe2bd99d1faee5c |
/var/spool/exim4/msglog/1sNZm5-0000F6-AX
| MD5 | e5b2ee12d34178a66fa0029afbbcbdb3 |
| SHA1 | 0397506480232dad85fc91be3562322e7eb77470 |
| SHA256 | 4699f5d0bc0af2515de1b3891a647a4f5d653b7c30f1d049a259930760c22010 |
| SHA512 | a60439247725e40f234bd775977758c64962318704cee3899cc23f549af8ba8d5b32af80f6aa877d8bc4a884310a3fdcf92d9ec10c059b2205c204eaa23f286c |
/var/spool/exim4/input/1sNZm5-0000F9-Pf-D
| MD5 | 1e1cc6e48634cc324922d0f768571b42 |
| SHA1 | ebb15541b29288aa66194edb5579ca557e3ba8ae |
| SHA256 | 08c8600382592a88c1859baaabc32db86c181970cdef44fdcaea534508870c2d |
| SHA512 | c04e77126f483dce26332dcd7f22637a1ef242b8ae66c15ff4fee982bba38bb27fb37971991d19878b5cf95953dd746599f034ec30559524b05cf9489ebe4a8c |
/var/spool/exim4/input/hdr.939
| MD5 | 63007fcfd0db49be21dcc44b445f2b5b |
| SHA1 | 3ddaba35cfd842ea401c0133b57ed3f5e77615c1 |
| SHA256 | d138d9479587704735dd0a989177f85434d4d674a3de12455dd647822e760b39 |
| SHA512 | 9fee192c5a77b1539a40cf93d3e7aebe5d626e62927e4a1aa8f96974b03d60e8a7b3f69685e1f85ebf068a0890a202e8dd3bf5c17e5afb91ca5b956668d891f4 |
/var/spool/exim4/msglog/1sNZm5-0000F9-Pf
| MD5 | a014570318b67acc69e42c23691fc28f |
| SHA1 | 04223f75ba3304a9e68ad858b6fc1faed5f5a451 |
| SHA256 | 33d6b69f5c0a527aaa7c7837ea438306d762b52a679a0241b048c67ee8dd7e13 |
| SHA512 | 9dd4df6c5517e005bbe97a0b607766481baf30ccd1b0ae47293eea83f1e438b897457204309484a679d092783026b3162bc18e6740ebf56ad7963722646ebff8 |
/var/spool/exim4/msglog/1sNZm5-0000F6-AX
| MD5 | ae7c7c2e74b2b4e55c4a88070d9c1a8f |
| SHA1 | 314800bb552b46e3afe010421a3bebbbdb07c777 |
| SHA256 | 41dd291d27f11cdf573331a6c502b377986162b4af4774a56342096199012b0c |
| SHA512 | 2cfcfe68c0133b219fca7e739596936676541cea28a162603853b39b2e1695b1f0b09d593112cfb7ab9ab3678554d4e0050fa723086214b759f1073f7b7e79cf |
/var/spool/exim4/input/1sNZm6-0000FF-V0-D
| MD5 | e5166166d11ace0aebda0059f288bc84 |
| SHA1 | ed9309f8b9cc58762b6cb442ed26a7bae2d2b3e7 |
| SHA256 | 9ab15cdaf64ab90bfc80e894f30d50673f14d8323f06d8d8c37411496aa03ab0 |
| SHA512 | 493291b1e500884d48c40a3e22627774a49987a7cb8abcd069dc3e771d3d1227e84aab9954256a006441313c5cb1fdf8e34b35c20dcb0c9919ab7c8dfb92cc58 |
/var/spool/exim4/input/hdr.945
| MD5 | 470df69cf7fa4b4c5987a16f24e8f625 |
| SHA1 | 53caa0a2548af1b3677b577fe5d98b2e107b4c72 |
| SHA256 | 387dbdfd23785f5b403bd3130efac0632fde75f71cf2527320eb888e8e1d52f0 |
| SHA512 | d831fb61629b184e101ba1c22d0e28ef4f79fb3701e32f7ac30a624acbdb06ad6124b9d806f32ba8c4a78fc076d2b50cd9e73827a2b9a77d5367cd5459ccb3e8 |
/var/spool/exim4/msglog/1sNZm6-0000FF-V0
| MD5 | b4612b79b9cfae8c4f94123539f9cc77 |
| SHA1 | f0f454141fe32c6d71913524e2d1c6a82cd7bfb8 |
| SHA256 | 28ecc6b0e46635e01ef83c420f447a03e399379443379261da6d3a56863c50a3 |
| SHA512 | f025eae1aa869e9161aa769a95eeb6d82443ae0fd39e5b7fc2fa9493e53aa54780a2296bcb1c7217e9282e278d683e3df776630bd7fb8d93ac88e50e7765dd98 |
/var/spool/exim4/input/1sNZm7-0000FI-3P-D
| MD5 | 030207c5919adf5ef8150a2940d7fae8 |
| SHA1 | cb70316c86e41a5d7693198f6c69b05d8590b57b |
| SHA256 | 81ec0c90c98b0484ffa10a0bfbb80b1b3cc410ac709c64298baa9ec24b5302ec |
| SHA512 | cdac6a1bda42afbef1f048c2e5f17aad8281d75325adc45d6d024ffc053ce91e2c39cae851319d0c7625e03b8a9b7fb108a347e6f5eb76c00421a9864776dd5d |
/var/spool/exim4/input/hdr.948
| MD5 | 910ace0dad04d48c2589246c27908683 |
| SHA1 | af0d9332d304f13e0b42bef0fd1e19d532b47650 |
| SHA256 | 9716d0e9f7112850ad2d2a32861d2a41df58f112428ac5a4cac51590eaabe20d |
| SHA512 | 8a03fd11e827a4190a13f349abcfff7bf76b06dab8f65d75ede347fcc530a0f26c69f62e0f7b141b02324b5435251a86bb3556fe8af62c7be9850e2c3ee9d63a |
/var/spool/exim4/msglog/1sNZm7-0000FI-3P
| MD5 | ebecf7c999525c5c214594da3560acb2 |
| SHA1 | 64af609fd4019e72c168284daf4d4ff3ea08c745 |
| SHA256 | 8bf81c0e886a6cced8b23bf1c2b27671718f93eef0a037e3105c29cec356fa4d |
| SHA512 | 434a77dd051eea8b8f96b648ce8276cb4eee3163cac71f37fc981c17cd86756559e14ff7009e5541df6a9e4d885008c960c9ca0a07b7e1b49f2fcdfe56233fb6 |
/var/spool/exim4/msglog/1sNZm5-0000F9-Pf
| MD5 | 03b1978f121268840e1797dd874c59fd |
| SHA1 | f7ea9ae619b944aeb8c32f5e5fe117b4bd847a81 |
| SHA256 | 3d48cdb51494fd2a05b1dc631fdf1541909a0b6ee075e25c06b6f633b2e20f14 |
| SHA512 | 63b31a8368fe8db39d56bf211566f670163a5670e55ef0371402c73259d911ca3b81cdec501738afa1b8a514462e68d52f5d449568a5f5c188e02d092e8a21fa |
/usr/share/burpsuite/loader.jar
| MD5 | 56a0eef3a96bf373db1298bc6cb63158 |
| SHA1 | f9fb9175a901f4fede20b9d61eb4fadafdd1feea |
| SHA256 | 1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3 |
| SHA512 | d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492 |
/usr/share/burpsuite/burp_suite.ico
| MD5 | 6e90fd2a5093ef7181d9f01f1d1aed53 |
| SHA1 | 88df4a91627ab8adcc4c46738acc180fa50ee245 |
| SHA256 | 7ae3e5b9292a92c750eadcb7b272202b043c401eee2837aa7a775c41700c361c |
| SHA512 | a134a3867698b1c59dae5878e8538187070f326f5fd7926cc7e6ae44bf768db2088ba9579cd0aeca8584d0bf48f3b53619c6d32dbddf39131c8858847d959390 |
/var/spool/exim4/msglog/1sNZm6-0000FF-V0
| MD5 | 7dd3ec74d866199da8c5a2f66eb79bc1 |
| SHA1 | f52e24383dc0ef6f892882fe99f0d3066b99cff8 |
| SHA256 | 0c6afb8721f3617abfbacc2410f998a37a030d276c54188d8a534450e0bcecca |
| SHA512 | 0b5904551ea907cd57c378aa0d29537832ebf277540617321c43f7a8e246eb85b636a593a41e0703e74bbbf6575af8ae27395327785ae320696647709698cefe |
/var/spool/exim4/msglog/1sNZm7-0000FI-3P
| MD5 | 1fa7f2fed0501a004782d7e01231e7a8 |
| SHA1 | 46126613886b1f2274d229071bb190752239e316 |
| SHA256 | 87ace1408e2289ce14d8f607ca5e8f7f3c1ec15e11ec178178f4b8c342d3877b |
| SHA512 | 452181acf4ef8013d9b73f8cb06b9ea238b38983b33ba0efdf4c3022d5b870a1a8c1a6b3149f4680b3882f4871c8853fac62a81d8cbe1e0b05c57a448339f4ea |
/usr/share/burpsuite/burpsuite
| MD5 | 91f22d9e29f84119d6845b3c959d0274 |
| SHA1 | 205288d6c2949890de534155eae7185d6aa96681 |
| SHA256 | 3416560471aac7e55419b164a1f2da5aff70dfa59b65318546fae7458d9f44c5 |
| SHA512 | c1205c97da639144ed6bda9a05defa0ddfe318d4eee42d4088de79207ed4d34b85bbe9896fb2d27bb51d0623ac7b95fddf2492a4dbb2a4c927e8b2de4fe63d36 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
win7-20240221-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2928 wrote to memory of 2656 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
| PID 2928 wrote to memory of 2656 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
| PID 2928 wrote to memory of 2656 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
| PID 2928 wrote to memory of 2660 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
| PID 2928 wrote to memory of 2660 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
| PID 2928 wrote to memory of 2660 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\system32\java.exe |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps1
C:\Windows\system32\java.exe
"C:\Windows\system32\java.exe" -jar New-loader.jar
C:\Windows\system32\java.exe
"C:\Windows\system32\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar
Network
Files
memory/2928-4-0x000007FEF5EDE000-0x000007FEF5EDF000-memory.dmp
memory/2928-6-0x0000000001D90000-0x0000000001D98000-memory.dmp
memory/2928-5-0x000000001B610000-0x000000001B8F2000-memory.dmp
memory/2928-7-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
memory/2928-8-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
memory/2928-9-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
memory/2928-10-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
memory/2928-15-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
memory/2928-16-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
debian9-mipsbe-20240418-en
Max time kernel
1s
Max time network
3s
Command Line
Signatures
Processes
/tmp/Burpy-main/burpsuite_pro.sh
[/tmp/Burpy-main/burpsuite_pro.sh]
/bin/ping
[ping -q -c 1 -W 1 google.com]
/usr/bin/wget
[wget https://github.com/Divinemonk/burpsuite_pro/releases/latest/download/install_burppro.sh -q]
/bin/chmod
[chmod +x install_burppro.sh]
/tmp/Burpy-main/install_burppro.sh
[./install_burppro.sh]
/bin/rm
[rm install_burppro.sh]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:15
Platform
win7-20240508-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar
Network
Files
memory/2912-2-0x0000000002560000-0x00000000027D0000-memory.dmp
memory/2912-11-0x0000000000250000-0x0000000000251000-memory.dmp
memory/2912-12-0x0000000002560000-0x00000000027D0000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4132 wrote to memory of 4520 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 4132 wrote to memory of 4520 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 4132 wrote to memory of 2332 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 4132 wrote to memory of 2332 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\loader.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -version
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portswigger.net | udp |
Files
memory/4132-2-0x000002363A960000-0x000002363ABD0000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 5ba0476865bd18d9e31dfcc464639b98 |
| SHA1 | 639c4d2c23d69213005c7a6434db551f19f62c14 |
| SHA256 | 9df8fc973c3858334e566994eefa288bb9728c2636dce0fa4e14aa35d052596b |
| SHA512 | 96fd637479bd391d555497d7317fb4fad177e5374acf2da32398f231db50d52b09ccfb5297793edc8a28628e256577e25afcf52f464677cc214020c26982e016 |
memory/4132-17-0x000002363ABD0000-0x000002363ABE0000-memory.dmp
memory/4132-20-0x000002363ABF0000-0x000002363AC00000-memory.dmp
memory/4132-19-0x000002363ABE0000-0x000002363ABF0000-memory.dmp
memory/4132-22-0x000002363AC00000-0x000002363AC10000-memory.dmp
memory/4132-25-0x000002363AC10000-0x000002363AC20000-memory.dmp
memory/4132-26-0x000002363AC20000-0x000002363AC30000-memory.dmp
memory/4132-31-0x000002363AC40000-0x000002363AC50000-memory.dmp
memory/4132-30-0x000002363AC30000-0x000002363AC40000-memory.dmp
memory/4132-34-0x000002363AC50000-0x000002363AC60000-memory.dmp
memory/2332-41-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp
memory/4132-43-0x00000236390F0000-0x00000236390F1000-memory.dmp
memory/2332-51-0x000001AA082F0000-0x000001AA082F1000-memory.dmp
memory/4132-52-0x000002363AC60000-0x000002363AC70000-memory.dmp
memory/2332-53-0x000001AA09B60000-0x000001AA09DD0000-memory.dmp
memory/4132-58-0x000002363AC70000-0x000002363AC80000-memory.dmp
memory/4132-57-0x000002363A960000-0x000002363ABD0000-memory.dmp
memory/4132-61-0x000002363AC80000-0x000002363AC90000-memory.dmp
memory/4132-60-0x000002363ABD0000-0x000002363ABE0000-memory.dmp
memory/4132-65-0x000002363AC90000-0x000002363ACA0000-memory.dmp
memory/4132-64-0x000002363ABF0000-0x000002363AC00000-memory.dmp
memory/4132-63-0x000002363ABE0000-0x000002363ABF0000-memory.dmp
memory/4132-67-0x000002363AC00000-0x000002363AC10000-memory.dmp
memory/4132-68-0x000002363ACA0000-0x000002363ACB0000-memory.dmp
memory/4132-70-0x000002363AC10000-0x000002363AC20000-memory.dmp
memory/4132-71-0x000002363ACB0000-0x000002363ACC0000-memory.dmp
memory/4132-75-0x000002363ACC0000-0x000002363ACD0000-memory.dmp
memory/4132-74-0x000002363AC20000-0x000002363AC30000-memory.dmp
memory/4132-78-0x000002363AC30000-0x000002363AC40000-memory.dmp
memory/4132-83-0x000002363AC50000-0x000002363AC60000-memory.dmp
memory/4132-82-0x000002363ACE0000-0x000002363ACF0000-memory.dmp
memory/4132-81-0x000002363ACD0000-0x000002363ACE0000-memory.dmp
memory/4132-80-0x000002363AC40000-0x000002363AC50000-memory.dmp
memory/4132-84-0x00000236390F0000-0x00000236390F1000-memory.dmp
memory/4132-86-0x000002363ACF0000-0x000002363AD00000-memory.dmp
memory/4132-88-0x000002363AC60000-0x000002363AC70000-memory.dmp
memory/4132-90-0x000002363AC70000-0x000002363AC80000-memory.dmp
memory/4132-91-0x000002363AC80000-0x000002363AC90000-memory.dmp
memory/4132-92-0x000002363AC90000-0x000002363ACA0000-memory.dmp
memory/4132-94-0x000002363ACA0000-0x000002363ACB0000-memory.dmp
memory/4132-96-0x000002363ACB0000-0x000002363ACC0000-memory.dmp
memory/4132-97-0x000002363ACC0000-0x000002363ACD0000-memory.dmp
memory/4132-98-0x000002363ACD0000-0x000002363ACE0000-memory.dmp
memory/4132-99-0x000002363ACE0000-0x000002363ACF0000-memory.dmp
memory/4132-100-0x000002363ACF0000-0x000002363AD00000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Burpy-main.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-29 17:13
Reported
2024-06-29 17:16
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
125s
Command Line
Signatures
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4732 wrote to memory of 4512 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 4732 wrote to memory of 4512 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\icacls.exe |
| PID 4732 wrote to memory of 4940 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 4732 wrote to memory of 4940 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Burpy-main\BurpLoaderKeygen.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -version
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portswigger.net | udp |
| IE | 34.249.63.188:443 | portswigger.net | tcp |
| US | 8.8.8.8:53 | 188.63.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/4732-2-0x000001931B2E0000-0x000001931B550000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | b4f96f771615811283df249bda94ddaf |
| SHA1 | 1c5eb50c1b78631029ffb6970db829e5f42b0bff |
| SHA256 | 1e3b6bf069ac99ded6cc22abc5e0c3c32775be8d57dddc13e7889b83b34e8935 |
| SHA512 | a75955603c90cfcefdf8111e966da0c1c77ec4fb2694800a84ba6a80a512debc66ebf2365413a55bdc78b26ba95762eac9562457db2d389303e1c22361b24584 |
memory/4732-15-0x000001931B2C0000-0x000001931B2C1000-memory.dmp
memory/4732-17-0x000001931B550000-0x000001931B560000-memory.dmp
memory/4732-19-0x000001931B560000-0x000001931B570000-memory.dmp
memory/4732-23-0x000001931B580000-0x000001931B590000-memory.dmp
memory/4732-22-0x000001931B570000-0x000001931B580000-memory.dmp
memory/4732-26-0x000001931B590000-0x000001931B5A0000-memory.dmp
memory/4732-27-0x000001931B5A0000-0x000001931B5B0000-memory.dmp
memory/4732-29-0x000001931B5B0000-0x000001931B5C0000-memory.dmp
memory/4732-31-0x000001931B5C0000-0x000001931B5D0000-memory.dmp
memory/4732-34-0x000001931B5D0000-0x000001931B5E0000-memory.dmp
memory/4732-37-0x000001931B5E0000-0x000001931B5F0000-memory.dmp
memory/4940-42-0x000001CC01D70000-0x000001CC01FE0000-memory.dmp
memory/4940-52-0x000001CC00480000-0x000001CC00481000-memory.dmp
memory/4940-56-0x000001CC01D70000-0x000001CC01FE0000-memory.dmp
memory/4732-58-0x000001931B5F0000-0x000001931B600000-memory.dmp
memory/4732-57-0x000001931B2E0000-0x000001931B550000-memory.dmp
memory/4732-61-0x000001931B550000-0x000001931B560000-memory.dmp
memory/4732-62-0x000001931B600000-0x000001931B610000-memory.dmp
memory/4732-65-0x000001931B610000-0x000001931B620000-memory.dmp
memory/4732-64-0x000001931B560000-0x000001931B570000-memory.dmp
memory/4732-69-0x000001931B620000-0x000001931B630000-memory.dmp
memory/4732-67-0x000001931B570000-0x000001931B580000-memory.dmp
memory/4732-68-0x000001931B580000-0x000001931B590000-memory.dmp
memory/4732-71-0x000001931B590000-0x000001931B5A0000-memory.dmp
memory/4732-73-0x000001931B630000-0x000001931B640000-memory.dmp
memory/4732-72-0x000001931B5A0000-0x000001931B5B0000-memory.dmp
memory/4732-75-0x000001931B5B0000-0x000001931B5C0000-memory.dmp
memory/4732-76-0x000001931B640000-0x000001931B650000-memory.dmp
memory/4732-80-0x000001931B650000-0x000001931B660000-memory.dmp
memory/4732-79-0x000001931B5C0000-0x000001931B5D0000-memory.dmp
memory/4732-85-0x000001931B5D0000-0x000001931B5E0000-memory.dmp
memory/4732-87-0x000001931B670000-0x000001931B680000-memory.dmp
memory/4732-86-0x000001931B660000-0x000001931B670000-memory.dmp
memory/4732-84-0x000001931B2C0000-0x000001931B2C1000-memory.dmp
memory/4732-91-0x000001931B680000-0x000001931B690000-memory.dmp
memory/4732-90-0x000001931B5E0000-0x000001931B5F0000-memory.dmp
memory/4732-94-0x000001931B690000-0x000001931B6A0000-memory.dmp
memory/4732-98-0x000001931B5F0000-0x000001931B600000-memory.dmp
memory/4732-99-0x000001931B6A0000-0x000001931B6B0000-memory.dmp
memory/4732-102-0x000001931B600000-0x000001931B610000-memory.dmp
memory/4732-103-0x000001931B6B0000-0x000001931B6C0000-memory.dmp
memory/4732-104-0x000001931B610000-0x000001931B620000-memory.dmp
memory/4732-105-0x000001931B6C0000-0x000001931B6D0000-memory.dmp
memory/4732-108-0x000001931B6D0000-0x000001931B6E0000-memory.dmp
memory/4732-107-0x000001931B620000-0x000001931B630000-memory.dmp
memory/4732-113-0x000001931B2C0000-0x000001931B2C1000-memory.dmp
memory/4732-114-0x000001931B630000-0x000001931B640000-memory.dmp
memory/4732-115-0x000001931B6E0000-0x000001931B6F0000-memory.dmp
memory/4732-121-0x000001931B640000-0x000001931B650000-memory.dmp
memory/4732-122-0x000001931B650000-0x000001931B660000-memory.dmp
memory/4732-124-0x000001931B660000-0x000001931B670000-memory.dmp
memory/4732-125-0x000001931B670000-0x000001931B680000-memory.dmp
memory/4732-126-0x000001931B680000-0x000001931B690000-memory.dmp
memory/4732-127-0x000001931B6F0000-0x000001931B700000-memory.dmp
memory/4732-128-0x000001931B690000-0x000001931B6A0000-memory.dmp
memory/4732-131-0x000001931B6A0000-0x000001931B6B0000-memory.dmp
memory/4732-132-0x000001931B6B0000-0x000001931B6C0000-memory.dmp
memory/4732-133-0x000001931B6C0000-0x000001931B6D0000-memory.dmp
memory/4732-134-0x000001931B6D0000-0x000001931B6E0000-memory.dmp
memory/4732-135-0x000001931B6E0000-0x000001931B6F0000-memory.dmp
memory/4732-136-0x000001931B6F0000-0x000001931B700000-memory.dmp