Analysis Overview
SHA256
e2ddf82263d14205ee0daf3bb3a975ed253fc867ab438f8535a53e6de3d4454a
Threat Level: Known bad
The file 30062025_1829_Shipping Bill28060483 dated 28062025.PDF.zip was found to be: Known bad.
Malicious Activity Summary
STRRAT
Strrat family
Drops startup file
Adds Run key to start application
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-06-30 18:29
Signatures
Strrat family
Analysis: behavioral2
Detonation Overview
Submitted
2025-06-30 18:29
Reported
2025-06-30 18:34
Platform
win11-20250619-en
Max time kernel
295s
Max time network
298s
Command Line
Signatures
STRRAT
Strrat family
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-625765727-1271952295-745797415-1000\Software\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\cmd.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\java.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1472 wrote to memory of 5184 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 1472 wrote to memory of 5184 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 1472 wrote to memory of 4544 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 1472 wrote to memory of 4544 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 5184 wrote to memory of 3508 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\schtasks.exe |
| PID 5184 wrote to memory of 3508 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\schtasks.exe |
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\SYSTEM32\cmd.exe
cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\system32\schtasks.exe
schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
Files
memory/1472-2-0x000001D680000000-0x000001D680270000-memory.dmp
memory/1472-12-0x000001D680270000-0x000001D680280000-memory.dmp
memory/1472-14-0x000001D680280000-0x000001D680290000-memory.dmp
memory/1472-16-0x000001D680290000-0x000001D6802A0000-memory.dmp
memory/1472-20-0x000001D6802B0000-0x000001D6802C0000-memory.dmp
memory/1472-19-0x000001D6802A0000-0x000001D6802B0000-memory.dmp
memory/1472-23-0x000001D6802C0000-0x000001D6802D0000-memory.dmp
memory/1472-24-0x000001D6802D0000-0x000001D6802E0000-memory.dmp
memory/1472-26-0x000001D6802E0000-0x000001D6802F0000-memory.dmp
memory/1472-28-0x000001D6802F0000-0x000001D680300000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar
| MD5 | 8a30b5e4b7e88307428e06d20a2c215e |
| SHA1 | 258651d8b434c450f31d0ca53f7b3b0777fd6532 |
| SHA256 | d4a0cff4585e4c3f173848935b24350a882edd846dc58a52cff5809a30e38cc9 |
| SHA512 | 2c8f5062f0ef5c59fce3dda07317695b3059c743e687fcb0422eadb62c745e9db5166be9ca924e521276d3a2b7b66d0a2ca1ff7d029c43c3eb8cd258570c7f94 |
memory/1472-34-0x000001D6F8F50000-0x000001D6F8F51000-memory.dmp
memory/1472-44-0x000001D6802E0000-0x000001D6802F0000-memory.dmp
memory/1472-43-0x000001D6802D0000-0x000001D6802E0000-memory.dmp
memory/1472-42-0x000001D6802C0000-0x000001D6802D0000-memory.dmp
memory/1472-41-0x000001D6802B0000-0x000001D6802C0000-memory.dmp
memory/1472-40-0x000001D6802A0000-0x000001D6802B0000-memory.dmp
memory/1472-39-0x000001D680290000-0x000001D6802A0000-memory.dmp
memory/1472-38-0x000001D680280000-0x000001D680290000-memory.dmp
memory/1472-37-0x000001D680270000-0x000001D680280000-memory.dmp
memory/1472-36-0x000001D680000000-0x000001D680270000-memory.dmp
memory/4544-48-0x0000026880000000-0x0000026880270000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4544-67-0x00000268F5ED0000-0x00000268F5ED1000-memory.dmp
memory/4544-69-0x0000026880000000-0x0000026880270000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-30 18:29
Reported
2025-06-30 18:34
Platform
win10v2004-20250619-en
Max time kernel
293s
Max time network
297s
Command Line
Signatures
STRRAT
Strrat family
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill2806083 dated 28062025.PDF.jar | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shipping Bill2806083 dated 28062025.PDF = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\Shipping Bill2806083 dated 28062025.PDF.jar\"" | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\java.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1448 wrote to memory of 5668 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 1448 wrote to memory of 5668 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 1448 wrote to memory of 2908 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 1448 wrote to memory of 2908 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Java\jre-1.8\bin\java.exe |
| PID 5668 wrote to memory of 4560 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\schtasks.exe |
| PID 5668 wrote to memory of 4560 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\schtasks.exe |
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\SYSTEM32\cmd.exe
cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
C:\Windows\system32\schtasks.exe
schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\Shipping Bill2806083 dated 28062025.PDF.jar"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| US | 8.8.8.8:53 | giversclub.dns04.com | udp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
| FR | 194.59.30.123:1750 | giversclub.dns04.com | tcp |
Files
memory/1448-2-0x000001D0EC090000-0x000001D0EC300000-memory.dmp
memory/1448-14-0x000001D0EC310000-0x000001D0EC320000-memory.dmp
memory/1448-13-0x000001D0EC300000-0x000001D0EC310000-memory.dmp
memory/1448-17-0x000001D0EC320000-0x000001D0EC330000-memory.dmp
memory/1448-18-0x000001D0EC330000-0x000001D0EC340000-memory.dmp
memory/1448-24-0x000001D0EC360000-0x000001D0EC370000-memory.dmp
memory/1448-23-0x000001D0EC350000-0x000001D0EC360000-memory.dmp
memory/1448-22-0x000001D0EC340000-0x000001D0EC350000-memory.dmp
memory/1448-27-0x000001D0EC370000-0x000001D0EC380000-memory.dmp
memory/1448-29-0x000001D0EC380000-0x000001D0EC390000-memory.dmp
memory/1448-30-0x000001D0EC390000-0x000001D0EC3A0000-memory.dmp
memory/1448-36-0x000001D0EA830000-0x000001D0EA831000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Shipping Bill2806083 dated 28062025.PDF.jar
| MD5 | 8a30b5e4b7e88307428e06d20a2c215e |
| SHA1 | 258651d8b434c450f31d0ca53f7b3b0777fd6532 |
| SHA256 | d4a0cff4585e4c3f173848935b24350a882edd846dc58a52cff5809a30e38cc9 |
| SHA512 | 2c8f5062f0ef5c59fce3dda07317695b3059c743e687fcb0422eadb62c745e9db5166be9ca924e521276d3a2b7b66d0a2ca1ff7d029c43c3eb8cd258570c7f94 |
memory/1448-39-0x000001D0EC090000-0x000001D0EC300000-memory.dmp
memory/1448-49-0x000001D0EC390000-0x000001D0EC3A0000-memory.dmp
memory/1448-48-0x000001D0EC380000-0x000001D0EC390000-memory.dmp
memory/1448-47-0x000001D0EC370000-0x000001D0EC380000-memory.dmp
memory/1448-46-0x000001D0EC360000-0x000001D0EC370000-memory.dmp
memory/1448-45-0x000001D0EC350000-0x000001D0EC360000-memory.dmp
memory/1448-44-0x000001D0EC340000-0x000001D0EC350000-memory.dmp
memory/1448-43-0x000001D0EC330000-0x000001D0EC340000-memory.dmp
memory/1448-42-0x000001D0EC320000-0x000001D0EC330000-memory.dmp
memory/1448-41-0x000001D0EC310000-0x000001D0EC320000-memory.dmp
memory/1448-40-0x000001D0EC300000-0x000001D0EC310000-memory.dmp
memory/2908-53-0x000001BBB26B0000-0x000001BBB2920000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 24e065d0ebd8442d90edae56e3eda8d3 |
| SHA1 | 6f848b248203f11fe3d14b0b54a94e71e04500db |
| SHA256 | 180b67a9611e296d6a472cef416b335c135b469c74e66bb878e825a583f55631 |
| SHA512 | b3d7389ddaca45fa7dd86af0e966a19bb51bfd2095c3db38fdcc228bd77fe27b9d94705d00c2ae98af23678f012901a7302c638bfa63a7ece53c4178a3c294f5 |
memory/2908-64-0x000001BBB2920000-0x000001BBB2930000-memory.dmp
memory/2908-66-0x000001BBB2930000-0x000001BBB2940000-memory.dmp
memory/2908-68-0x000001BBB2940000-0x000001BBB2950000-memory.dmp
memory/2908-73-0x000001BBB2960000-0x000001BBB2970000-memory.dmp
memory/2908-72-0x000001BBB2950000-0x000001BBB2960000-memory.dmp
memory/2908-76-0x000001BBB2970000-0x000001BBB2980000-memory.dmp
memory/2908-78-0x000001BBB2990000-0x000001BBB29A0000-memory.dmp
memory/2908-77-0x000001BBB2980000-0x000001BBB2990000-memory.dmp
memory/2908-80-0x000001BBB29A0000-0x000001BBB29B0000-memory.dmp
memory/2908-81-0x000001BBB2690000-0x000001BBB2691000-memory.dmp
memory/2908-82-0x000001BBB26B0000-0x000001BBB2920000-memory.dmp
memory/2908-83-0x000001BBB2920000-0x000001BBB2930000-memory.dmp
memory/2908-84-0x000001BBB2930000-0x000001BBB2940000-memory.dmp
memory/2908-86-0x000001BBB2940000-0x000001BBB2950000-memory.dmp
memory/2908-88-0x000001BBB2960000-0x000001BBB2970000-memory.dmp
memory/2908-87-0x000001BBB2950000-0x000001BBB2960000-memory.dmp
memory/2908-89-0x000001BBB2970000-0x000001BBB2980000-memory.dmp
memory/2908-91-0x000001BBB2990000-0x000001BBB29A0000-memory.dmp
memory/2908-90-0x000001BBB2980000-0x000001BBB2990000-memory.dmp
memory/2908-92-0x000001BBB29A0000-0x000001BBB29B0000-memory.dmp
memory/2908-95-0x000001BBB29B0000-0x000001BBB29C0000-memory.dmp