7b4619c6841b07dd3045fcf718307040c466e2a3460c102bbef0141a7e0c1164

Resubmissions

05-11-2024 19:35

241105-ya6v9axapf 7

05-11-2024 19:29

241105-x7dqasxglr 7

Analysis

max time kernel
141s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-11-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MaltegoSetup.v4.8.1.exe
Size

165.0MB
MD5

794ea4b004116df1ea0391cc5b36f693
SHA1

ee3fbc32f4c1f03f144dc495e3f11f15e2314067
SHA256

7b4619c6841b07dd3045fcf718307040c466e2a3460c102bbef0141a7e0c1164
SHA512

8916acd2c2a1081e970980179c6414581e11c7dd0689dfe558387b89f209749bea6e815509f8d1c0275b98450329ea5e356d7ca89ef63b65454979d24743f864
SSDEEP

3145728:664zhNo01e6iR59P+3M1isIzwk8QuwE7WhcbhUZ39A9gN2dIqurL4cU+aoV3vBX:DCe66HP+3MYvzw/QDE7WhhNjN2dIqur1

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\update_tracking\org-netbeans-spi-navigator.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\java\config\Modules\org-netbeans-modules-java-sourceui.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.paterva.maltego.certificates\org-codehaus-mojo\animal-sniffer-annotations.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\extra\modules\org-netbeans-html-ko4j.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\ModuleAutoDeps\org-netbeans-modules-editor.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\Modules\org-netbeans-modules-editor-errorstripe-api.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\config\Modules\com-paterva-maltego-typing.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.paterva.entity-serializer\com-carrotsearch-thirdparty\simple-xml-safe.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.graph-external\com-carrotsearch-thirdparty\simple-xml-safe.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.laf\org-apache-xmlgraphics\batik-i18n.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\lib\aarch64\libjnidispatch-nb.jnilib	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\modules\ext\lucene-core-3.6.2.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\java\modules\org-netbeans-modules-java-platform.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\config\Modules\com-paterva-maltego-transform-protocol-v2api.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\Modules\org-netbeans-modules-editor-actions.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\modules\org-netbeans-modules-jumpto.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.paterva.maltego.transform-protocol-v2api\com-google-code-gson\gson.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.pws\com-github-scribejava\scribejava-core.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.maltego.cloud-ui\jakarta-validation\jakarta.validation-api.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\Modules\org-netbeans-modules-extexecution.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\Modules\org-netbeans-modules-projectuiapi-base.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\update_tracking\org-netbeans-modules-editor-deprecated-pre65formatting.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\update_tracking\com-bulenkov-darcula.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\update_tracking\com-paterva-maltego-notifications.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-netbeans-api-intent.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\java\config\Modules\org-netbeans-modules-java-source-base.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\update_tracking\com-paterva-maltego-tx-inputs-global.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.collab\commons-io\commons-io.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\java\config\Modules\org-netbeans-libs-javacapi.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.laf\com-twelvemonkeys-imageio\imageio-webp.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\config\ModuleAutoDeps\org-openide-execution.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\net-lingala-zip4j.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\config\Modules\org-netbeans-libs-osgi.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-openide-actions.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego\modules\locale\org-netbeans-core_maltego.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\config\Modules\com-paterva-maltego-discovery.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\config\Modules\org-netbeans-core-execution.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-netbeans-modules-masterfs-macosx.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.maltego.graalvm-javascript\org-graalvm-regex\regex.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.pinkmatter.pandora\pinkmatter\spatial-types.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.ui-graph\org-codehaus-woodstox\stax2-api.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\com-paterva-maltego-treelist-parts.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.maltego.cloud-ui\org-bouncycastle\bcpkix-jdk15on.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.maltego.cloud-ui\org-jboss-resteasy\resteasy-core-spi.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.util-ui\org-lobobrowser\cobra.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\lib\org-openide-util.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\config\Modules\org-netbeans-libs-xerces.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\update_tracking\com-paterva-maltego-licensing.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\config\Modules\com-paterva-maltego-find.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-netbeans-modules-sampler.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\update_tracking\org-netbeans-core-netigso.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\update_tracking\com-paterva-maltego-util.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\com-paterva-maltego-collab.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-openide-dialogs.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\config\Modules\com-paterva-maltego-transforms-tabular-ui.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\com-paterva-maltego-sound.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.paterva.maltego.transforms-tabular\com-carrotsearch-thirdparty\simple-xml-safe.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\config\Modules\com-paterva-maltego-view-ball.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\platform\modules\org-openide-explorer.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\modules\org-netbeans-modules-editor-indent.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\ide\update_tracking\org-netbeans-modules-lexer-nbbridge.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\config\Modules\com-paterva-maltego-util.xml	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.maltego.cloud-ui\commons-io\commons-io.jar	MaltegoSetup.v4.8.1.exe
File created	C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.laf\xml-apis\xml-apis-ext.jar	MaltegoSetup.v4.8.1.exe

Loads dropped DLL 7 IoCs

pid	Process
4988	MaltegoSetup.v4.8.1.exe
4988	MaltegoSetup.v4.8.1.exe
4988	MaltegoSetup.v4.8.1.exe
4988	MaltegoSetup.v4.8.1.exe
4988	MaltegoSetup.v4.8.1.exe
4988	MaltegoSetup.v4.8.1.exe
4384	java.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MaltegoSetup.v4.8.1.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtgl	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\edit\ = "Edit Maltego Graph"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtgx	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\edit\command	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\edit	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego\URL Protocol	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtz\ = "Maltego Entities"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\ = "Maltego Entities"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\open	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\edit\ = "Edit Maltego Entities"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\DefaultIcon	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\DefaultIcon\ = "C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe,0"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\edit	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --open \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\open\command	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --open \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\DefaultIcon\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.ico\",0"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\open\command	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\ = "Maltego Graph"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\ = "open"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\DefaultIcon\ = "C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe,0"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\open	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --open \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\edit\command	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtgx\ = "Maltego 3 Graph"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\ = "open"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\DefaultIcon\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.ico\",0"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtz	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --import \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtgl\ = "Maltego Graph"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\DefaultIcon\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.ico\",0"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\edit\command	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\edit	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego\shell	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\DefaultIcon	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego\shell\open\command	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\open	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\DefaultIcon\ = "C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe,0"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" \"%1\""	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\ = "Maltego 3 Graph"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --open \"%1\""	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego\shell\open\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --cloud \"%1\""	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Graph\shell\ = "open"	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego 3 Graph\shell\edit\ = "Edit Maltego 3 Graph"	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\DefaultIcon	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\maltego\shell\open	MaltegoSetup.v4.8.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\open\command	MaltegoSetup.v4.8.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Maltego Entities\shell\edit\command\ = "\"C:\\Program Files (x86)\\Paterva\\Maltego\\v4.8.1\\bin\\maltego.exe\" --import \"%1\""	MaltegoSetup.v4.8.1.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4384	4988	MaltegoSetup.v4.8.1.exe	83
PID 4988 wrote to memory of 4384	4988	MaltegoSetup.v4.8.1.exe	83
PID 4384 wrote to memory of 3064	4384	java.exe	85
PID 4384 wrote to memory of 3064	4384	java.exe	85
PID 4384 wrote to memory of 572	4384	java.exe	87
PID 4384 wrote to memory of 572	4384	java.exe	87
PID 4384 wrote to memory of 1812	4384	java.exe	89
PID 4384 wrote to memory of 1812	4384	java.exe	89
PID 4384 wrote to memory of 3656	4384	java.exe	91
PID 4384 wrote to memory of 3656	4384	java.exe	91
PID 4384 wrote to memory of 2620	4384	java.exe	93
PID 4384 wrote to memory of 2620	4384	java.exe	93
PID 4384 wrote to memory of 124	4384	java.exe	95
PID 4384 wrote to memory of 124	4384	java.exe	95
PID 4384 wrote to memory of 4108	4384	java.exe	97
PID 4384 wrote to memory of 4108	4384	java.exe	97
PID 4384 wrote to memory of 1416	4384	java.exe	99
PID 4384 wrote to memory of 1416	4384	java.exe	99
PID 4384 wrote to memory of 2652	4384	java.exe	101
PID 4384 wrote to memory of 2652	4384	java.exe	101
PID 4384 wrote to memory of 3900	4384	java.exe	103
PID 4384 wrote to memory of 3900	4384	java.exe	103
PID 4384 wrote to memory of 2612	4384	java.exe	105
PID 4384 wrote to memory of 2612	4384	java.exe	105
PID 4384 wrote to memory of 4592	4384	java.exe	107
PID 4384 wrote to memory of 4592	4384	java.exe	107
PID 4384 wrote to memory of 4048	4384	java.exe	109
PID 4384 wrote to memory of 4048	4384	java.exe	109
PID 4384 wrote to memory of 4596	4384	java.exe	111
PID 4384 wrote to memory of 4596	4384	java.exe	111
PID 4384 wrote to memory of 4520	4384	java.exe	113
PID 4384 wrote to memory of 4520	4384	java.exe	113

C:\Users\Admin\AppData\Local\Temp\MaltegoSetup.v4.8.1.exe
"C:\Users\Admin\AppData\Local\Temp\MaltegoSetup.v4.8.1.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Java\jdk-1.8\bin\java.exe
  "C:\Program Files\Java\jdk-1.8\bin\java.exe" -jar "C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.java-config-ui\com-paterva-maltego\java-config-app.jar" -nogui
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4384
- - C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:3064
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:572
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:1812
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\temp4317848165551245240565325641760 TestMem
    3⤵
    PID:3656
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx200m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:2620
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx4196m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:124
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx6194m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:4108
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx7193m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:1416
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx7692m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:2652
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx7942m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:3900
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx8067m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:2612
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx8129m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:4592
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx8160m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:4048
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx8176m -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:4596
- - C:\Program Files\Java\jdk-1.8\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\bin\java.exe" -classpath C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790 TestJDK
    3⤵
    PID:4520

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Paterva\Maltego\v4.8.1\etc\maltego.conf

Filesize
5KB

MD5
51ce2e48562c12ea6512d6d4a808a713

SHA1
c3c2e6f8d80ab172246dfcf6102288e8da77187f

SHA256
5d745f43e068ee6e46a5c22b0ca2d45ae2339dfa7803f9fa08b9652b9eb3103a

SHA512
8018870c7f5fdfc5805a61fa9a3896ee505c0ca64a1d7da0c28dc0ffb7db3b3c6d477fb9bd084bf5d23239504c8a83a3e22934ba8758f0bca3395b165d05cba0

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-core-platform\modules\ext\com.paterva.maltego.transform-protocol-api\com-carrotsearch-thirdparty\simple-xml-safe.jar

Filesize
407KB

MD5
150936ed745f2c207db42931d7d5839b

SHA1
045fda5ac6087bc82a209d8cdb73f8d0dbdcfc7b

SHA256
4506e4bb57d41481936f0ac684468ca4b2cc9e002ca8466ee19e23228d455957

SHA512
d13c25a9c4b7ce07e6b096e37591b37e415332d3e1adcb65c753238f1c3d968a98293223a720101b0af0d76c4bd9f8a0d487de9b0122172187b59e923877592a

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.graph-store\com-google-code-gson\gson.jar

Filesize
258KB

MD5
0d507d266dcf7eea4b53fc3778d901c9

SHA1
02cc2131b98ebfb04e2b2c7dfb84431f4045096b

SHA256
378534e339e6e6d50b1736fb3abb76f1c15d1be3f4c13cec6d536412e23da603

SHA512
10bf91c79ab151b684834e3ca8ba7d7e19742a3eeb580bde690fba433f9fffe3abbd79ed3fe3f97986c3a2badc4d14e28835a8ef89167b4b9cc6014242338769

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.collab\commons-io\commons-io.jar

Filesize
496KB

MD5
ed8191a5a217940140001b0acfed18d9

SHA1
377d592e740dc77124e0901291dbfaa6810a200e

SHA256
f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f

SHA512
97eab31b073c5c57c8bcfaa2fec7b481a15a9a1f9ed864dfdc63b57f062b230557caa734c3133aca1165facb588c58db0185c07832241d70159e87a4bcf48008

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.detailview\commons-lang\commons-lang.jar

Filesize
277KB

MD5
4d5c1693079575b362edf41500630bbd

SHA1
0ce1edb914c94ebc388f086c6827e8bdeec71ac2

SHA256
50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c

SHA512
4a5a3dbe4941c645e2cca068cca5c1882cfe988b02e7cd981d1e51784900767d1deab0e0e0566f559c9fcabb4a180e436d5bb948902d4f4106f37360466afb42

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.error-reporting-ui\commons-logging\commons-logging.jar

Filesize
60KB

MD5
040b4b4d8eac886f6b4a2a3bd2f31b00

SHA1
4bfc12adfe4842bf07b657f0369c4cb522955686

SHA256
daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636

SHA512
ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.graph-csv-io\commons-collections\commons-collections.jar

Filesize
574KB

MD5
f54a8510f834a1a57166970bfc982e94

SHA1
8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5

SHA256
eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8

SHA512
51c72f9aca7726f3c387095e66be85a6df97c74b00a25434b89188c1b8eab6e2b55accf7b9bd412430d22bd09324dec076e300b3d1fa39fccad471f0f2a3da16

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.java-config-ui\com-paterva-maltego\java-config-app.jar

Filesize
3.4MB

MD5
2a829208e1b50a6b579284d56b559cf9

SHA1
817070f87d68760e8d3afc9640d3478cef1f9270

SHA256
bf094166dbe5a7e75dc05618ba4545c2057378add96f3297480c20ad3171e052

SHA512
2a80d4aff10639d511c4d51fd82373b2b4d71d309aa7ba94e8c11bc4fb810cf17df8f17ec3648170aa0936ceb17ae196707d408db1e9fddaa954611c11a8ca99

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.pws\org-apache-commons\commons-collections4.jar

Filesize
734KB

MD5
4a37023740719b391f10030362c86be6

SHA1
62ebe7544cb7164d87e0637a2a6a2bdc981395e8

SHA256
1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1

SHA512
5939c9931eb9557caee3b45fe1dd9ce54cabdc4e6182ed7faac77e1a866dd0cb602bfa4ece2f3316d769913366106bd2b61bf3bb5faad1fa7d808124c06dec0f

Download Submit
C:\Program Files (x86)\Paterva\Maltego\v4.8.1\maltego-ui\modules\ext\com.paterva.maltego.transform-protocol-v3\com-fasterxml-jackson-core\jackson-databind.jar

Filesize
1.6MB

MD5
f0a1c37dc7d937f14e183d84f15c0f83

SHA1
0524dcbcccdde7d45a679dfc333e4763feb09079

SHA256
b6ca2f7d5b1ab245cec5495ec339773d2d90554c48592590673fb18f4400a948

SHA512
ca3fa3b21047c8762b5b806f82de712a353f30880af00297fce1f4fec90471435a25d93aa0925961a34f4fa18e0d973f4611d5cb2c53d3d0b28f00ac1b9b6462

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

Filesize
50B

MD5
929441d267a920013d04c883ccb7dc52

SHA1
bd407588d28697ba9fc22c8c8724dc790fbb868f

SHA256
37db29f3a9bd554a08bac3a4ff9c0dcb09f0db46a5de025c222aa052c7e0d349

SHA512
368df7dadade1877d4f52e4bb88bc0d12fdd5a06c6c578a63dba64bea1ff93e284266a736303339ee5ea378d1ecc1760baaa80f321500598e9b899ff3cf88e45

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\7fa4e33b-d5e7-4064-941b-c7fa8172ff50.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna990190937253294797.dll

Filesize
248KB

MD5
34d12b1e2af72d9bb267bbc8c0d53e4a

SHA1
d9ed8776645f6b4f52df16132450863c47ea92d7

SHA256
13b2cac3f50368ab97fa2e3b0d0d2cb612f68449d5bbd6de187fc85ee4469d03

SHA512
c0a063477cf63a8b647ea721842968b506d70ea22c586a412707d7293b46c218b6a510f34b7dbedd3ed29a9d4b5dc5c6a1995403d65884b17348a9545e580a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\Splash.dll

Filesize
4KB

MD5
5523b14664a36d46dc418281658f159b

SHA1
00472094b487c5811fd6ee258ea293a4774fc3fc

SHA256
7e45fc576cb1ac837e6c717734c5ac0634836a8603cd6ec4280af5e7f5ec065b

SHA512
d06612bd10a361e31f659d59966760ad088b0b35196f0805f4c2a97b38f90886af583aa58b17f75bcfbc450e56778f08d06e68147ea9b05d8af10a5fd0c7b9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\StartMenu.dll

Filesize
7KB

MD5
dc91f181f9cb870fff0c58bc0ea63eda

SHA1
cc37e24f6071dea801d0eb59bcc2a9221cf1c74b

SHA256
e74f442771f034a24b77d3a849b343551bdef69ef151c622cb9fd5f34dccda81

SHA512
714605cad60dca30da96172b5ca1a1d8838d27f0a9979aa0db125d373cd3e015ae6b39c7b7d2b3fc9a4b5433ff1d7d2427caf3a2b5d1ae321e218d3c8fe8f9a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\UserInfo.dll

Filesize
4KB

MD5
f8b6dd1f9620be4ef2ad1e81fb6b79fa

SHA1
f06c8c8650335bace41c8dbe73307cbe4e61b3b1

SHA256
a921cc9cc4af332be96186d60d2539cb413dfa44cfd73e85687f9338505ff85e

SHA512
f15811088ecde4cd0c038db2c278b7214e41728e382b25c65c2eb491bc0379c075841398e8c99e8cceba8be7e8342bc69d35836ebe9b12ebebff48d01d5fa61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\modern-wizard.bmp

Filesize
222KB

MD5
8b1165b5ec10708a578bd3bf05815456

SHA1
895ddfceccea32cad382d4e5d56ff86e35c42663

SHA256
544735ff8b514c533a60b98cd46b1ee16666c8d61eb11d2c920f898bb1e517e2

SHA512
dd6081c81206674ccd0c89017a54e772e06d234d86552f1b32766451b787c97a83b8ad7fa141f02b7c748c49c92e6a928f7d7bb6f4c8c8826ade8492aa7db980

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\nsDialogs.dll

Filesize
9KB

MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk927D.tmp\nsExec.dll

Filesize
7KB

MD5
11092c1d3fbb449a60695c44f9f3d183

SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33

SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp402332841677747209564612195790\TestJDK.class

Filesize
658B

MD5
661a3c008fab626001e903f46021aeac

SHA1
2bfef77dacaab66c7246d146bd8c200ca70953e4

SHA256
8fd6ed9f2040706bef34722817729e2e99fbc00acd5de27fae2227f3a3644564

SHA512
0661f836d055e94f24be186837a2f8dd44e34a5632a250eff443d8f95e4a9fbabcefbca1606f8e0b9927655860c0d0f3ba8b451351db5bd81a82912c6a5cdd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp4317848165551245240565325641760\TestMem.class

Filesize
924B

MD5
b32b5f9363eea9d3b22666036750d03e

SHA1
127bd8e237bf6a54f9d9c8837526c0a846e16dcd

SHA256
eee5985a6a31e9974459e516d70f125b24792cac7d3a2bc79112628bd234e81b

SHA512
562fa52c90302a14fa332188a2e02a610cf78fd93c0ceea8e69c764ab6618e535ef2f5828d31dec50ec4d2195980b364c941c8be98f10dc7dd116607cc690161

Download Submit
memory/124-1313-0x00000287EA3E0000-0x00000287EA3E1000-memory.dmp

Filesize
4KB

Download
memory/572-1257-0x000001E0A8230000-0x000001E0A8231000-memory.dmp

Filesize
4KB

Download
memory/1416-1339-0x00000285F8D20000-0x00000285F8D21000-memory.dmp

Filesize
4KB

Download
memory/1812-1271-0x000001AB05530000-0x000001AB05531000-memory.dmp

Filesize
4KB

Download
memory/2612-1379-0x00000223DE1C0000-0x00000223DE1C1000-memory.dmp

Filesize
4KB

Download
memory/2620-1300-0x00000232EE520000-0x00000232EE521000-memory.dmp

Filesize
4KB

Download
memory/2652-1352-0x000001ECDFA80000-0x000001ECDFA81000-memory.dmp

Filesize
4KB

Download
memory/3064-1233-0x00007FF865350000-0x00007FF865376000-memory.dmp

Filesize
152KB

Download
memory/3064-1245-0x0000026799710000-0x0000026799711000-memory.dmp

Filesize
4KB

Download
memory/3656-1286-0x000001D531750000-0x000001D531751000-memory.dmp

Filesize
4KB

Download
memory/3900-1365-0x00000259341A0000-0x00000259341A1000-memory.dmp

Filesize
4KB

Download
memory/4048-1406-0x00000204C4E20000-0x00000204C4E21000-memory.dmp

Filesize
4KB

Download
memory/4108-1326-0x000001E99F1C0000-0x000001E99F1C1000-memory.dmp

Filesize
4KB

Download
memory/4384-1221-0x0000018D8D7C0000-0x0000018D8D7C1000-memory.dmp

Filesize
4KB

Download
memory/4384-1439-0x0000018D8D7C0000-0x0000018D8D7C1000-memory.dmp

Filesize
4KB

Download
memory/4384-1202-0x0000018D8D7C0000-0x0000018D8D7C1000-memory.dmp

Filesize
4KB

Download
memory/4384-1192-0x00007FF865350000-0x00007FF865376000-memory.dmp

Filesize
152KB

Download
memory/4520-1432-0x000001D175CE0000-0x000001D175CE1000-memory.dmp

Filesize
4KB

Download
memory/4592-1392-0x00000134B1A90000-0x00000134B1A91000-memory.dmp

Filesize
4KB

Download
memory/4596-1419-0x0000023611590000-0x0000023611591000-memory.dmp

Filesize
4KB

Download