Summary

Category	Machine	Started	Completed
ARCHIVE	s1_win7_x6403_us	Feb. 18, 2025, 6:06 p.m.	Feb. 18, 2025, 6:08 p.m.

Archive betacraft-launcher-1.09_17/gradlew.bat @ betacraft-launcher-1.09_17.zip

Size	2.3KB
Type	ASCII text, with CRLF line terminators
MD5	`632f7f6dcc28a13f168cc431061e0438`
SHA1	`d841ffc9855dcc642901e8abf28dee20b0485864`
SHA256	`398db6d288bcbfc7b2059f15e2bb6f301cb39e8c421bd1e5c5682ab9bb8ed104`
SHA512	`ee023003b0d6562a1aec12b18747ab126821be96e892413a9154c05ec05986d023c8bb26a154cf964b7e7da2a4f8a76c35dd36aceda3374abe0736a5c7330225`
CRC32	`44E6C4D4`
ssdeep	`48:YmdmK63w2StxW2WK0N2gjPWK0mKMdCe3duCmKfzfbzx1:YmYpSGaPCP`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "gxjInGipOc" C:\Users\test22\AppData\Local\Temp\betacraft-launcher-1.09_17/gradlew.bat
1932
- cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\betacraft-launcher-1.09_17/gradlew.bat
  2076
  - java.exe java.exe -version
    2180
java.exe "C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe" -XX:+HeapDumpOnOutOfMemoryError -Xmx1024m -Dfile.encoding=windows-1252 -Duser.country=US -Duser.language=en -Duser.variant -cp C:\Users\test22\.gradle\wrapper\dists\gradle-4.10.3-bin\31t79e2qsceia4mkbojplrgx\gradle-4.10.3\lib\gradle-launcher-4.10.3.jar org.gradle.launcher.daemon.bootstrap.GradleDaemon 4.10.3
2844

Name	Response	Post-Analysis Lookup
objects.githubusercontent.com	A 185.199.109.133 A 185.199.111.133 A 185.199.110.133 A 185.199.108.133	185.199.111.133
github.com	A 20.200.245.247	20.200.245.247
services.gradle.org	A 104.16.72.101 A 104.16.73.101	104.16.72.101

IP Address	Status	Action
185.199.111.133	Active	Moloch
104.16.73.101	Active	Moloch
164.124.101.2	Active	Moloch
20.200.245.247	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.103:49169 185.199.111.133:443	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io	97:d8:c5:70:0f:12:24:6c:88:bc:fa:06:7e:8c:a7:4d:a8:62:67:28
TLS 1.2 192.168.56.103:49168 20.200.245.247:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA	CN=github.com	e4:33:71:dd:d6:91:4a:75:b6:1f:9e:4f:74:6d:9b:f0:dd:26:fc:3a
TLS 1.2 192.168.56.103:49167 104.16.73.101:443	C=US, O=Google Trust Services, CN=WE1	CN=gradle.org	0c:90:f6:0a:98:12:3f:4a:d8:96:7d:37:8b:ae:ac:0b:cc:4c:8a:f6

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Feb. 17, 2025, 4:01 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000b	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 17, 2025, 4 a.m.		1	1	0

One or more processes crashed (8 events)

Time & API	Arguments	Status
__exception__ Feb. 17, 2025, 4 a.m.	stacktrace: exception.instruction_r: 8b 06 8d b5 f8 00 00 00 c5 fe 7f 06 c5 fe 7f 7e exception.instruction: mov eax, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x24a0202 registers.esp: 13760228 registers.edi: 1 registers.eax: 6 registers.ebp: 1950143680 registers.edx: 0 registers.ebx: 16910336 registers.esi: 0 registers.ecx: 3405691582	1
__exception__ Feb. 17, 2025, 4 a.m.	stacktrace: exception.instruction_r: 8b 06 8d b5 f8 00 00 00 c5 fe 7f 06 c5 fe 7f 7e exception.instruction: mov eax, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x23b0202 registers.esp: 34469496 registers.edi: 1 registers.eax: 6 registers.ebp: 1949226176 registers.edx: 0 registers.ebx: 16910336 registers.esi: 0 registers.ecx: 3405691582	1
__exception__ Feb. 17, 2025, 4 a.m.	stacktrace: _JVM_GetManagementExt@4+0x61bef AsyncGetCallTrace-0x58871 jvm+0x7d0ef @ 0x73fdd0ef 0x23c38de 0x23b47b4 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde _JVM_GetManagementExt@4+0xa50eb AsyncGetCallTrace-0x15375 jvm+0xc05eb @ 0x740205eb _JVM_GetManagementExt@4+0xa62a7 AsyncGetCallTrace-0x141b9 jvm+0xc17a7 @ 0x740217a7 _JVM_GetManagementExt@4+0xa63f8 AsyncGetCallTrace-0x14068 jvm+0xc18f8 @ 0x740218f8 _JVM_GetManagementExt@4+0x65ca1 AsyncGetCallTrace-0x547bf jvm+0x811a1 @ 0x73fe11a1 0x23c3ffe 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde _JVM_GetManagementExt@4+0xa50eb AsyncGetCallTrace-0x15375 jvm+0xc05eb @ 0x740205eb _JVM_GetManagementExt@4+0xa62a7 AsyncGetCallTrace-0x141b9 jvm+0xc17a7 @ 0x740217a7 _JVM_GetManagementExt@4+0xa63f8 AsyncGetCallTrace-0x14068 jvm+0xc18f8 @ 0x740218f8 _JVM_GetManagementExt@4+0x65ca1 AsyncGetCallTrace-0x547bf jvm+0x811a1 @ 0x73fe11a1 0x23c3ffe 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x59ba8 _JVM_EnqueueOperation@20-0x55108 jvm+0x167758 @ 0x740c7758 JVM_GetThreadStateNames+0x59e13 _JVM_EnqueueOperation@20-0x54e9d jvm+0x1679c3 @ 0x740c79c3 _JVM_InvokeMethod@16+0xb3 _JVM_NewInstanceFromConstructor@12-0x10d jvm+0x104093 @ 0x74064093 _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20+0x15 _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16-0x3 java+0x3b26 @ 0x74513b26 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 exception.instruction_r: c7 04 11 01 00 00 00 a1 88 82 2e 74 85 c0 74 15 exception.instruction: mov dword ptr [ecx + edx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_GetManagementExt@4+0x61baf AsyncGetCallTrace-0x588b1 jvm+0x7d0af exception.address: 0x73fdd0af registers.esp: 1205785144 registers.edi: 1179077016 registers.eax: 2 registers.ebp: 1205785148 registers.edx: 31129600 registers.ebx: 1208695064 registers.esi: 1179912192 registers.ecx: 256	1
__exception__ Feb. 17, 2025, 4:01 a.m.	stacktrace: 0x2480cc0 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde _JVM_DoPrivileged@20+0x2bf _JVM_GetStackAccessControlContext@8-0x1b1 jvm+0x10b2cf @ 0x7406b2cf _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16+0x17 _Java_java_security_AccessController_getStackAccessControlContext@8-0x3 java+0x1061 @ 0x74511061 0x24bc164 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x740bb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x73fb08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x73fb0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x73fb1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x73fb200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7400d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x73fe0f22 _JVM_GetManagementExt@4+0x92676 AsyncGetCallTrace-0x27dea jvm+0xadb76 @ 0x7400db76 _JVM_GetManagementExt@4+0x69edc AsyncGetCallTrace-0x50584 jvm+0x853dc @ 0x73fe53dc _JVM_GetManagementExt@4+0x6af72 AsyncGetCallTrace-0x4f4ee jvm+0x86472 @ 0x73fe6472 _JVM_GetManagementExt@4+0x66437 AsyncGetCallTrace-0x54029 jvm+0x81937 @ 0x73fe1937 0x23c3aee 0x23b4300 0x23b4854 0x23b4889 0x23b4889 0x23b4889 0x23b4854 0x23b4854 0x23b4889 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b4854 0x23b4854 0x23b47e9 0x23b47b4 0x23b47e9 0x23b47e9 0x23b47e9 0x23b47b4 0x23b47e9 0x23b4889 0x23b4889 0x23b4889 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b4889 0x23b4889 0x23b47b4 0x23b47e9 0x23b47e9 0x23b47b4 exception.instruction_r: 89 0c 0d 00 00 db 01 81 3d 88 82 2e 74 00 00 00 exception.instruction: mov dword ptr [ecx + 0x1db0000], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x24801de registers.esp: 1205786120 registers.edi: 1179912192 registers.eax: 1187317992 registers.ebp: 1205786152 registers.edx: 0 registers.ebx: 0 registers.esi: 1205786128 registers.ecx: 256	1
__exception__ Feb. 17, 2025, 4:01 a.m.	stacktrace: _JVM_SetVmMemoryPressure@4-0x128cd jvm+0x7273 @ 0x73f67273 _JVM_SetVmMemoryPressure@4-0x1285c jvm+0x72e4 @ 0x73f672e4 JVM_GetThreadStateNames+0x4f379 _JVM_EnqueueOperation@20-0x5f937 jvm+0x15cf29 @ 0x740bcf29 JVM_GetThreadStateNames+0x74947 _JVM_EnqueueOperation@20-0x3a369 jvm+0x1824f7 @ 0x740e24f7 JVM_GetThreadStateNames+0x40a57 _JVM_EnqueueOperation@20-0x6e259 jvm+0x14e607 @ 0x740ae607 JVM_GetThreadStateNames+0x69f08 _JVM_EnqueueOperation@20-0x44da8 jvm+0x177ab8 @ 0x740d7ab8 _JVM_FindSignal@4+0xfdbf8 ??_7DCmdFactory@@6B@-0x913c jvm+0x2baf78 @ 0x7421af78 0x244daef 0x24980fd JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x740bb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x73fb08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x73fb0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x73fb1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x73fb200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7400d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x73fe0f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x73fe1107 0x23c3ffe 0x23b4300 0x23b4889 0x23b4889 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x740bb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7405f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x740ddc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x740de4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74122ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x7460c556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x7460c600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c7 04 08 01 00 00 00 5d c3 cc cc 83 3d 68 80 2e exception.instruction: mov dword ptr [eax + ecx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_SetVmMemoryPressure@4-0x1293b jvm+0x7205 exception.address: 0x73f67205 registers.esp: 1221322384 registers.edi: 1180569600 registers.eax: 512 registers.ebp: 1221322384 registers.edx: 1948628436 registers.ebx: 32088856 registers.esi: 1180569600 registers.ecx: 31129600	1
__exception__ Feb. 17, 2025, 4:01 a.m.	stacktrace: 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b4854 0x23b47b4 0x23b47e9 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x59ba8 _JVM_EnqueueOperation@20-0x55108 jvm+0x167758 @ 0x740c7758 JVM_GetThreadStateNames+0x59e13 _JVM_EnqueueOperation@20-0x54e9d jvm+0x1679c3 @ 0x740c79c3 _JVM_InvokeMethod@16+0xb3 _JVM_NewInstanceFromConstructor@12-0x10d jvm+0x104093 @ 0x74064093 _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20+0x15 _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16-0x3 java+0x3b26 @ 0x74513b26 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47b4 0x23b47e9 0x23b4335 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4300 0x23b4889 0x23b4889 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x740bb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7405f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x740ddc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x740de4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74122ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x7460c556 exception.instruction_r: 85 05 00 01 da 01 c3 ba 10 0b 87 44 64 8b 0c 25 exception.instruction: test eax, dword ptr [0x1da0100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2464ea7 registers.esp: 1221322156 registers.edi: 18 registers.eax: 71303920 registers.ebp: 1221322324 registers.edx: 0 registers.ebx: 0 registers.esi: 71303932 registers.ecx: 16	1
__exception__ Feb. 17, 2025, 4:01 a.m.	stacktrace: _JVM_SetVmMemoryPressure@4-0x128cd jvm+0x7273 @ 0x73f67273 _JVM_SetVmMemoryPressure@4-0x1285c jvm+0x72e4 @ 0x73f672e4 JVM_GetThreadStateNames+0x4f379 _JVM_EnqueueOperation@20-0x5f937 jvm+0x15cf29 @ 0x740bcf29 JVM_GetThreadStateNames+0x74947 _JVM_EnqueueOperation@20-0x3a369 jvm+0x1824f7 @ 0x740e24f7 JVM_GetThreadStateNames+0x40a57 _JVM_EnqueueOperation@20-0x6e259 jvm+0x14e607 @ 0x740ae607 JVM_GetThreadStateNames+0x69f08 _JVM_EnqueueOperation@20-0x44da8 jvm+0x177ab8 @ 0x740d7ab8 _JVM_GetManagementExt@4+0x62088 AsyncGetCallTrace-0x583d8 jvm+0x7d588 @ 0x73fdd588 0x23bb1d6 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b4854 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47e9 0x23b47b4 0x23b47e9 0x23b4854 0x23b4889 0x23b4300 0x23b4889 0x23b4300 0x23b4889 0x23b4300 0x23b4889 0x23b4300 0x23b47b4 0x23b47e9 0x23b47b4 0x23b4889 0x23b4300 0x23b4889 0x23b4300 0x23b4854 0x23b4889 0x23b4300 0x23b4854 0x23b4889 0x23b4300 0x23b4889 0x23b4889 0x23b4889 0x23b4889 0x23b4854 exception.instruction_r: c7 04 08 01 00 00 00 5d c3 cc cc 83 3d 68 80 2e exception.instruction: mov dword ptr [eax + ecx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_SetVmMemoryPressure@4-0x1293b jvm+0x7205 exception.address: 0x73f67205 registers.esp: 1205790548 registers.edi: 1179912192 registers.eax: 256 registers.ebp: 1205790548 registers.edx: 1948628436 registers.ebx: 32088856 registers.esi: 1179912192 registers.ecx: 31129600	1
__exception__ Feb. 17, 2025, 4:01 a.m.	stacktrace: _JVM_SetVmMemoryPressure@4-0x128cd jvm+0x7273 @ 0x73f67273 _JVM_SetVmMemoryPressure@4-0x1285c jvm+0x72e4 @ 0x73f672e4 JVM_GetThreadStateNames+0x4f379 _JVM_EnqueueOperation@20-0x5f937 jvm+0x15cf29 @ 0x740bcf29 JVM_GetThreadStateNames+0x74947 _JVM_EnqueueOperation@20-0x3a369 jvm+0x1824f7 @ 0x740e24f7 JVM_GetThreadStateNames+0x40a57 _JVM_EnqueueOperation@20-0x6e259 jvm+0x14e607 @ 0x740ae607 JVM_GetThreadStateNames+0x69f08 _JVM_EnqueueOperation@20-0x44da8 jvm+0x177ab8 @ 0x740d7ab8 _JVM_FindSignal@4+0xfdbf8 ??_7DCmdFactory@@6B@-0x913c jvm+0x2baf78 @ 0x7421af78 0x244daef 0x2488041 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x740bb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x73fb08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x73fb0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x73fb1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x73fb200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7400d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x73fe0f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x73fe1107 0x23c3ffe 0x23b47e9 0x23b47e9 0x23b47e9 0x23b4889 0x23b4889 0x23b4889 0x23b47e9 0x23b4300 0x23b4300 0x23b4889 0x23b4854 0x23b4889 0x23b4889 0x23b0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x740baf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x741813ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x740bafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x740bb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x740bb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7405f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x740ddc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x740de4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74122ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x7460c556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x7460c600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c7 04 08 01 00 00 00 5d c3 cc cc 83 3d 68 80 2e exception.instruction: mov dword ptr [eax + ecx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_SetVmMemoryPressure@4-0x1293b jvm+0x7205 exception.address: 0x73f67205 registers.esp: 1200744080 registers.edi: 1179325440 registers.eax: 640 registers.ebp: 1200744080 registers.edx: 1948628436 registers.ebx: 32088856 registers.esi: 1179325440 registers.ecx: 31129600	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Starts servers listening (7 events)

Time & API	Arguments	Status	Return
bind Feb. 17, 2025, 4 a.m.	ip_address: socket: 1424 port: 0	1	0
listen Feb. 17, 2025, 4 a.m.	socket: 1424 backlog: 50	1	0
bind Feb. 17, 2025, 4 a.m.	ip_address: socket: 1464 port: 0	1	0
accept Feb. 17, 2025, 4 a.m.	ip_address: socket: 1424 port: 0	1	1496
bind Feb. 17, 2025, 4 a.m.	ip_address: socket: 1500 port: 0	1	0
listen Feb. 17, 2025, 4 a.m.	socket: 1500 backlog: 50	1	0
accept Feb. 17, 2025, 4 a.m.	ip_address: socket: 1500 port: 0	1	1508

Allocates read-write-execute memory (usually to unpack itself) (50 out of 71 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02500000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02508000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02518000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02520000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02528000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02530000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02538000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02540000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023e0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023f8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02408000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02410000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02418000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02420000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02428000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02430000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02438000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02440000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02448000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02450000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02458000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02460000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02468000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02470000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02478000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02480000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02488000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02490000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02498000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d0000 process_handle: 0xffffffff	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 17, 2025, 4 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x16200000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Feb. 17, 2025, 4 a.m.	flags: 28 family: 0	1	0	0

Potentially malicious URLs were found in the process memory dump (50 out of 55 events)

url	http://commons.apache.org/lang/
url	http://nekohtml.sourceforge.net/index.html
url	http://bugreport.java.com/bugreport/crash.jsp
url	http://www.apache.org/licenses/LICENSE-2.0
url	http://commons.apache.org/cli/
url	http://www.joda.org/joda-time/
url	http://www.github.com/3breadt/dd-plist
url	https://github.com/gradle/gradle/issues/2293t
url	http://www.oracle.com/hotspot/jvm/vm/compiler/id
url	http://xml.apache.org/commons/
url	http://bndtools.org/
url	http://www.apache.org/licenses/LICENSE-2.0.txt
url	http://www.gradle.org
url	https://dl.google.com/dl/android/maven2/
url	http://commons.apache.org/proper/commons-codec/
url	http://xerces.apache.org/xerces2-j/
url	http://www.oracle.com/hotspot/jvm/
url	http://commons.apache.org/collections/
url	http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6325169.
url	http://jatl.google.com
url	https://repo.maven.apache.org/maven2/
url	http://openjdk.java.net/jeps/220).
url	http://www.saxproject.org/
url	https://docs.gradle.org/%s/userguide/%s.html
url	http://ant.apache.org/ivy/
url	https://www.apache.org/licenses/LICENSE-2.0.txt
url	http://bugreport.sun.com/bugreport/
url	https://github.com/bndtools/bnd
url	https://docs.gradle.org/%s/dsl/%s.html
url	http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
url	http://apache.org/licenses/LICENSE-2.0
url	http://www.mozilla.org/rhino
url	http://xml.apache.org/
url	http://opensource.org/licenses/mit
url	http://github.com/FasterXML/jackson
url	https://github.com/google/gson
url	http://www.beanshell.org/
url	http://bnd.bndtools.org/
url	http://www.oracle.com/hotspot/jvm/java/monitor/address
url	https://github.com/FasterXML/jackson-core
url	http://commons.apache.org/io/
url	http://www.apache.org/
url	http://asm.ow2.org
url	https://gradle.com/scans/help/gradle-incompatible-plugin-version
url	https://gradle.com/scans/help/gradle-cli
url	https://help.gradle.org
url	http://www.google.com/
url	http://www.slf4j.org/codes.htmln
url	http://www.slf4j.org/codes.html
url	http://www.oracle.com/technetwork/java/javaseproducts/

Yara rule detected in process memory (50 out of 125 events)

description	Create a windows service	rule	Create_Service
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communication using DGA	rule	Network_DGA
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Take ScreenShot	rule	ScreenShot
description	Escalate priviledges	rule	Escalate_priviledges
description	Steal credential	rule	local_credential_Steal
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Communications over HTTP	rule	Network_HTTP
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	File Downloader	rule	Network_Downloader
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Communications over FTP	rule	Network_FTP
description	Run a KeyLogger	rule	KeyLogger
description	Communications over P2P network	rule	Network_P2P_Win
description	Create a windows service	rule	Create_Service
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communication using DGA	rule	Network_DGA
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Take ScreenShot	rule	ScreenShot
description	Escalate priviledges	rule	Escalate_priviledges
description	Steal credential	rule	local_credential_Steal
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Communications over HTTP	rule	Network_HTTP
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl

Appends a known multi-family ransomware file extension to files that have been encrypted (7 events)

file	C:\Users\test22\AppData\Local\Temp\.gradle\4.10.3\fileHashes\fileHashes.lock
file	C:\Users\test22\.gradle\daemon\4.10.3\registry.bin.lock
file	C:\Users\test22\.gradle\caches\4.10.3\fileHashes\fileHashes.lock
file	C:\Users\test22\.gradle\caches\journal-1\journal-1.lock
file	C:\Users\test22\.gradle\native\25\windows-i386\native-platform.dll.lock
file	C:\Users\test22\AppData\Local\Temp\.gradle\buildOutputCleanup\buildOutputCleanup.lock
file	C:\Users\test22\AppData\Local\Temp\.gradle\4.10.3\taskHistory\taskHistory.lock

Archive betacraft-launcher-1.09_17/gradlew.bat @ betacraft-launcher-1.09_17.zip

Summary

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All