Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2022, 13:56
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
General
-
Target
tmp.exe
-
Size
9.6MB
-
MD5
d7a6d3669b85ffe56cbeb81db0ceaf1f
-
SHA1
4eff40582fd150566f55baba4b0f79c0a820e041
-
SHA256
3c560742aad01631415200845f72e32d9ef63ef7118abae148dde1f8b5b2d36a
-
SHA512
02b69dc7a71ecec97082619ae620ab6872a32e7ff3fe211e2544cd8fa6ba8572ac467646bd67a9bddcac3cf8bbc459052c0f2d4fe1f0c89a79e38ba7a51077b3
-
SSDEEP
196608:SnGi9/tS9Su5gTe3p2VLyMCLLtgQIJQSG5t2FUJti8wHMgDZCNedd1WIiVII5h:SnBJtSfmTe52VGMCXW+5I9dMgya1WIih
Malware Config
Signatures
-
Executes dropped EXE 23 IoCs
pid Process 3624 lzma.exe 2548 lzma.exe 228 unpack200.exe 2180 unpack200.exe 3804 unpack200.exe 4316 javaw.exe 1124 lzma.exe 4764 unpack200.exe 3564 unpack200.exe 4852 unpack200.exe 3548 unpack200.exe 4748 unpack200.exe 1312 unpack200.exe 3368 Remote SupportLauncher.exe 3620 Remote Support.exe 1676 elev_win.exe 3760 elev_win.exe 3512 SimpleService.exe 1132 SimpleService.exe 2776 session_win.exe 4268 SimpleService.exe 3036 javaw.exe 4532 javaw.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation elev_win.exe Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation elev_win.exe -
Loads dropped DLL 60 IoCs
pid Process 4316 javaw.exe 4316 javaw.exe 4316 javaw.exe 4316 javaw.exe 4316 javaw.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 2708 tmp.exe 3368 Remote SupportLauncher.exe 3368 Remote SupportLauncher.exe 3368 Remote SupportLauncher.exe 3368 Remote SupportLauncher.exe 3368 Remote SupportLauncher.exe 3368 Remote SupportLauncher.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 3036 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 4532 javaw.exe 3620 Remote Support.exe 3620 Remote Support.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies data under HKEY_USERS 12 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers\.DISPLAY1 Microsoft Basic Display Adapter javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\ javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers\.DISPLAY1 Microsoft Basic Display Adapter\32 javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers\ javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers\.DISPLAY1 Microsoft Basic Display Adapter\32 javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers\ javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\ javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22 javaw.exe Key created \REGISTRY\USER\.DEFAULT\Software\JavaSoft\Java2D\1.5.0_22\Drivers javaw.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2776 session_win.exe 2776 session_win.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2776 session_win.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2708 tmp.exe 3620 Remote Support.exe 3620 Remote Support.exe 3620 Remote Support.exe 3036 javaw.exe 4532 javaw.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2708 wrote to memory of 3624 2708 tmp.exe 84 PID 2708 wrote to memory of 3624 2708 tmp.exe 84 PID 2708 wrote to memory of 3624 2708 tmp.exe 84 PID 2708 wrote to memory of 2548 2708 tmp.exe 85 PID 2708 wrote to memory of 2548 2708 tmp.exe 85 PID 2708 wrote to memory of 2548 2708 tmp.exe 85 PID 2708 wrote to memory of 228 2708 tmp.exe 89 PID 2708 wrote to memory of 228 2708 tmp.exe 89 PID 2708 wrote to memory of 228 2708 tmp.exe 89 PID 2708 wrote to memory of 2180 2708 tmp.exe 90 PID 2708 wrote to memory of 2180 2708 tmp.exe 90 PID 2708 wrote to memory of 2180 2708 tmp.exe 90 PID 2708 wrote to memory of 3804 2708 tmp.exe 91 PID 2708 wrote to memory of 3804 2708 tmp.exe 91 PID 2708 wrote to memory of 3804 2708 tmp.exe 91 PID 2708 wrote to memory of 4316 2708 tmp.exe 93 PID 2708 wrote to memory of 4316 2708 tmp.exe 93 PID 2708 wrote to memory of 4316 2708 tmp.exe 93 PID 2708 wrote to memory of 1124 2708 tmp.exe 94 PID 2708 wrote to memory of 1124 2708 tmp.exe 94 PID 2708 wrote to memory of 1124 2708 tmp.exe 94 PID 2708 wrote to memory of 4764 2708 tmp.exe 95 PID 2708 wrote to memory of 4764 2708 tmp.exe 95 PID 2708 wrote to memory of 4764 2708 tmp.exe 95 PID 2708 wrote to memory of 3564 2708 tmp.exe 98 PID 2708 wrote to memory of 3564 2708 tmp.exe 98 PID 2708 wrote to memory of 3564 2708 tmp.exe 98 PID 2708 wrote to memory of 4852 2708 tmp.exe 99 PID 2708 wrote to memory of 4852 2708 tmp.exe 99 PID 2708 wrote to memory of 4852 2708 tmp.exe 99 PID 2708 wrote to memory of 3548 2708 tmp.exe 100 PID 2708 wrote to memory of 3548 2708 tmp.exe 100 PID 2708 wrote to memory of 3548 2708 tmp.exe 100 PID 2708 wrote to memory of 4748 2708 tmp.exe 101 PID 2708 wrote to memory of 4748 2708 tmp.exe 101 PID 2708 wrote to memory of 4748 2708 tmp.exe 101 PID 2708 wrote to memory of 1312 2708 tmp.exe 102 PID 2708 wrote to memory of 1312 2708 tmp.exe 102 PID 2708 wrote to memory of 1312 2708 tmp.exe 102 PID 2708 wrote to memory of 1796 2708 tmp.exe 103 PID 2708 wrote to memory of 1796 2708 tmp.exe 103 PID 2708 wrote to memory of 1796 2708 tmp.exe 103 PID 2708 wrote to memory of 1380 2708 tmp.exe 104 PID 2708 wrote to memory of 1380 2708 tmp.exe 104 PID 2708 wrote to memory of 1380 2708 tmp.exe 104 PID 2708 wrote to memory of 400 2708 tmp.exe 107 PID 2708 wrote to memory of 400 2708 tmp.exe 107 PID 2708 wrote to memory of 400 2708 tmp.exe 107 PID 2708 wrote to memory of 4144 2708 tmp.exe 108 PID 2708 wrote to memory of 4144 2708 tmp.exe 108 PID 2708 wrote to memory of 4144 2708 tmp.exe 108 PID 2708 wrote to memory of 3368 2708 tmp.exe 111 PID 2708 wrote to memory of 3368 2708 tmp.exe 111 PID 2708 wrote to memory of 3368 2708 tmp.exe 111 PID 3368 wrote to memory of 4164 3368 Remote SupportLauncher.exe 112 PID 3368 wrote to memory of 4164 3368 Remote SupportLauncher.exe 112 PID 3368 wrote to memory of 4164 3368 Remote SupportLauncher.exe 112 PID 2708 wrote to memory of 3292 2708 tmp.exe 114 PID 2708 wrote to memory of 3292 2708 tmp.exe 114 PID 2708 wrote to memory of 3292 2708 tmp.exe 114 PID 2708 wrote to memory of 2768 2708 tmp.exe 117 PID 2708 wrote to memory of 2768 2708 tmp.exe 117 PID 2708 wrote to memory of 2768 2708 tmp.exe 117 PID 2708 wrote to memory of 3500 2708 tmp.exe 118
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\lzma.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-JWrapper-00036355140-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-JWrapper-00036355140-archive.p2"2⤵
- Executes dropped EXE
PID:3624
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\JWrapper-Windows32JRE-00028603591-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\JWrapper-Windows32JRE-00028603591-archive.p2"2⤵
- Executes dropped EXE
PID:2548
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\ext\sunpkcs11.jar"2⤵
- Executes dropped EXE
PID:228
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\jsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\jsse.jar"2⤵
- Executes dropped EXE
PID:2180
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\rt.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\rt.jar"2⤵
- Executes dropped EXE
PID:3804
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\javaw.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\javaw.exe" "-Xshare:dump"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4316
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-Remote Support-00036356974-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-Remote Support-00036356974-archive.p2"2⤵
- Executes dropped EXE
PID:1124
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\customer.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\customer.jar"2⤵
- Executes dropped EXE
PID:4764
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\liquidlnf.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\liquidlnf.jar"2⤵
- Executes dropped EXE
PID:3564
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\sevenzip.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\sevenzip.jar"2⤵
- Executes dropped EXE
PID:4852
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\osxwrapper.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\osxwrapper.jar"2⤵
- Executes dropped EXE
PID:3548
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\sevenzip.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\sevenzip.jar"2⤵
- Executes dropped EXE
PID:4748
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\jwrapper_utils.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\jwrapper_utils.jar"2⤵
- Executes dropped EXE
PID:1312
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\DetectedProxies" /t /e /g "Users":F2⤵PID:1796
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\ProxyCredentials" /t /e /g "Users":F2⤵PID:1380
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\JWrapper-Remote Support-splash.png" /t /e /g "Users":F2⤵PID:400
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\Remote_SupportICO.ico" /t /e /g "Users":F2⤵PID:4144
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\Remote SupportLauncher.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\Remote SupportLauncher.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\customer.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\liquidlnf.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\sevenzip.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwrapper_utils.jar;" -Xmx256m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\JWLaunchProperties-1665842235645-44"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3368 -
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\JRE-LastSuccessfulOptions-JWrapper-Windows32JRE-00028603591-complete" /t /e /g "Users":F3⤵PID:4164
-
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\ChosenLanguage" /t /e /g "Users":F2⤵PID:3292
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwLastRun" /t /e /g "Users":F2⤵PID:2768
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\jwLastRun" /t /e /g "Users":F2⤵PID:3500
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\Remote Support.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\Remote Support.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\customer.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\liquidlnf.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\sevenzip.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwrapper_utils.jar;" -Xmx256m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\JWLaunchProperties-1665842243676-46"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3620 -
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWApps\JRE-LastSuccessfulOptions-JWrapper-Windows32JRE-00028603591-complete" /t /e /g "Users":F3⤵PID:3328
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\ProgramData\SimpleHelp" /t /e /g "Users":f3⤵PID:688
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /e /g "Users":f3⤵PID:2872
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /e /g "Users":f3⤵PID:1784
-
-
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeC:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe --waitforreturncode C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe --waitforreturncode C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\MMoveLauncher702166829241731268.service"3⤵
- Executes dropped EXE
- Checks computer location settings
PID:1676 -
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe"C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "--waitforreturncode" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\MMoveLauncher702166829241731268.service"4⤵
- Executes dropped EXE
- Checks computer location settings
PID:3760 -
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\MMoveLauncher702166829241731268.service"5⤵
- Executes dropped EXE
PID:3512
-
-
-
-
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\jwLastRun" /t /e /g "Users":F2⤵PID:1980
-
-
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeC:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe1⤵
- Executes dropped EXE
PID:1132 -
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService764848082⤵
- Executes dropped EXE
PID:4268
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\session_win.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\session_win.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\javaw.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\customer.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\liquidlnf.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\sevenzip.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwrapper_utils.jar;" "-Dsun.java2d.dpiaware=false" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49890" "127.0.0.1" "49891" "elevated"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2776 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\javaw.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\javaw.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\customer.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\liquidlnf.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\sevenzip.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwrapper_utils.jar;" "-Dsun.java2d.dpiaware=false" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49890" "127.0.0.1" "49891" "elevated"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3036 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\javaw.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\javaw.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\customer.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\liquidlnf.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\sevenzip.jar;C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete\jwrapper_utils.jar;" -Dsun.java2d.dpiaware=false "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00036356974-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49927 127.0.0.1 49928 elevated_backup4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4532
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5f1d3ff8443297732862df21dc4e57262
SHA19069ca78e7450a285173431b3e52c5c25299e473
SHA256df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119
SHA512ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\jwutils_win32.dll
Filesize88KB
MD55231a5bd4b50ee3418ee38559976ed96
SHA14ac9850e5f02853606a3a79bd588d806c24d8a3b
SHA256e0f5c27758e2c797fc7fd592f2a3349a4ce466f0199919a3d02418ec359290cd
SHA512d1be530a4bc8658add4a91d05b1f48deeb4c2b3514ce3db5f04a42b4c3139d65199a07057427c6e3a4a7ce941711ec2e430789f832043963d5a9722bbad7cc28
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe
Filesize71KB
MD5e59aa0e52e93c781dcdab8ad7cc4054c
SHA11be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e
SHA256410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f
SHA512d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00036355140-complete\lzma.exe
Filesize71KB
MD5e59aa0e52e93c781dcdab8ad7cc4054c
SHA11be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e
SHA256410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f
SHA512d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\awt.dll
Filesize1.3MB
MD5d68a6b4ec67373433e72c26517c32b2f
SHA10cbe4c775194b5bc3b59392408d29b097a1ba664
SHA256f2a7465215f298ec9c604c59ee9cf720560e106b478c425056d13c40e65b1bb8
SHA512d9debe367be76c5de51a4faf4e68efb9c8c8c34d4c4a62ceb005d7b05a852f6d349354fd023baefcbc697d0ac3a893b44e500f26ebfbe0e1fb7f704a67a4beb0
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\client\classes.jsa
Filesize11.8MB
MD5e5a98871e4fd87438c0bbedc38aaa194
SHA1c95bfcf4d2a202d6cb840c03098f0adaf2493b3f
SHA2561e44a79246685d7c277ae10d4d4295224159c5ceb3659e4ca418cd40c4cd6e4a
SHA5122db553f81401e9aff5bbf32a3bd679090dcaeeec70e992c1f070580aaabd9e9650278be12081dd6366e779cad17c1552234a6e33829b721f4d2ed62961eba5d8
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\client\jvm.dll
Filesize1.6MB
MD5c9c4c710990b34b3c851e76a56360fc9
SHA1a1d7bbf2e6f198b2af725eb469b6d41d6ac979c1
SHA256b6ed5d2218569e924930dd2a84536001ef34f89698b6c65140f05b1873266434
SHA512d03f1827b5f3ad687a7f0664c537a8dfe090d97cce67f3d7970780777497b4fd1cbbfe893fbed1d3d4e39ed71a27b547c388685ea8d1c6fdbd673ecd87dad8b6
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\hpi.dll
Filesize32KB
MD57f4f5d189ec48566d9d8c2ebaed68c74
SHA18ba4ab69b6a453640708ba8337e53d01ce041834
SHA256ad9a3a3949742995b9b2b302e99b9a15a5c0211acccbdf4d6a9f86a69a3f305a
SHA51252b461a23c4377974494a1b57f49e8c32e072e933be59f36900290f518504f7d42189e22aab7a51dcda128d0606bcd9c0a85404340313ac322e39db36828da13
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\java.dll
Filesize116KB
MD53b3613ae9a31e5099ff803b8c858a86d
SHA15cc6c08550cd2f4ef6d37d521c7891051413f16d
SHA2565a5e216f287cbcaf7a4ba8ccb8fcb3dae0b05378d89ba6a70f1d50b394306796
SHA512ed360d73fcc2362129ff4e2c52f8fdf84970598f49be081740e7ed23d23fa8cdf7a01d13cbe2b8cff3fa0d2ecc7455487f98e827eabc2c0d76037e1d4afef365
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\jpeg.dll
Filesize128KB
MD54ee73ef7e9f4593e7d1685aac04c312f
SHA120b293ac19c5a23d8d7618d72bb14bb993dea2fd
SHA256a5af9e5407dd2993ff7f1ef589ac8edfb7482a495a434953307cffedfbd8cfbc
SHA512d7d40950f1522216adf3d169e13600a9fbe579940a41220dbe423a4f2ed5bb868faa895b84c9d20dfc428fc5ed9d372eceab09d8f67c99562d2cef71d2dbfa70
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\net.dll
Filesize76KB
MD5c0abcbae12150c44bc99791b28f8bf41
SHA1ce4a1f1c5177021d49f07f784adc64cf2468b187
SHA25621c8c8d6e73e4383ef4cc2ea3dee140f6d8b460da78a04d3604c27bd55218edf
SHA512357435ad7b6aa1d51773ac654e8c8dd9f0a7485f68a16c202172558cf9a1d27520674375319e5e79e2af6288fc5de8c62e26ebb763401e3ca75539b1b802adb7
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\verify.dll
Filesize48KB
MD595c10f3184ed7aa45709f7cd70b49589
SHA11096dc0c79d201b7bd77e0399c6b8d86bc1f8a6f
SHA256e6f4b6e25a2bc7fc03a73032c60138410b30ac528c7d10da87ea612e52a7b736
SHA512211c522ccdeee5145cf1cddc9806c79915d16ac1d2614c3bcf75d776d61c314c66ebef53f90aae5218ad472c15fba12f0ad0d19f0dfbb022fd36462e480de637
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00028603591-complete\bin\zip.dll
Filesize60KB
MD519984073548bc33fc67c04aa277cdd44
SHA164189f2f71e40ae2794dcfb2df53056a82aa33c2
SHA256f450c1a55a143d35b8b330c7538c22b8781d729aa947e27cbc2afc4e19434686
SHA512b08ac43a0c6f12301339c30717908989ffe8bc3cf3889bcd347e83dbdc6fb21150d715da8525edd800015122c417da0870d08affbf35b5496410e36b913c5022
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-JWrapper-00036355140-archive.p2
Filesize2.0MB
MD5d49d991c7f9f1043d09026ff995f919b
SHA18d2832d0dc0b3b7d901e7cfb5af4cbf9d1c37c90
SHA256dd04c2e3e401a9e02bf044f43e1e9dc4587abea2b2612c9589d884ca566f8337
SHA512ed684137d21107000143df7112a63824298ceff054a13fac149979fd6d1ddb4546c1295615703f3b797098d83cb17a58f1f3529b5e50e2d508079257c1f5ddd3
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-JWrapper-00036355140-archive.p2.l2
Filesize641KB
MD52cf32aac2757980087b40f8bef8d7343
SHA1fc30f25b33aae5ef42cda53d8a964d29d27e3164
SHA256a832d2e7f26b7d7758aa5b5d7870d7ee79765847eb34c4f1b8476a1a7e71386c
SHA51271f91cf1cf60683bdfa8abd75a9bba5fd3bb35b4135492e64f2af959b92a567356239aeec6871234c6357bd6f6f5f283aadfab2a63a1c81b3d91ef59956608aa
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-Remote Support-00036356974-archive.p2
Filesize9.0MB
MD520c8dc8aed6a22eaa86528647a0f92b5
SHA124de009ee9efa727e71615d885cd75bdf41f4ea7
SHA256a85014d396d6a5973e7d078355c2700e05328051831287117968aa8a5087d2cf
SHA51210fd1865c627b5aa9777f413ac91501ab4765cb38d1064530f830a31ca459b283eac4b3850609ec2b370dfd58e66b9826d098151b18a67ddcf7434dff9aa24be
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\JWrapper-Remote Support-00036356974-archive.p2.l2
Filesize2.3MB
MD58a34ad1ba43c12f841c1983371233c1b
SHA18d6bd94b8ad94423985e8e64f34c98e8296ac786
SHA25668c9afc67335322ac1b01b1afd3d857a4c6163ee3b3ed9c4b9e60f82a693e32a
SHA51262768b7e3230edae0018fa0c9788913b19d9dd5d8b6afa697fcd8a8717ffcc835e06676eb5ffbb4e7cf01c01c3ea5a6b7d5d13445a2de4c064aa843fdbd698a0
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\osxwrapper.jar
Filesize806KB
MD5d47b6f7fe98a9b0897cbf23ba9db3357
SHA173e28b59a944377fb746b08a9ffd512c90915fe3
SHA25689e1473e08c1516f6f6b3575160c43fc6119a261f9e96184ad48b3311c1719d1
SHA512b93accbec0b61f206cf7d82c370702329473ae96d7f74a2a1dadbdf4bc8071beccdab8cd63bdfbcd99b08eaae67d1252b339f57d5b0fc5c9a166cec4e884def0
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\osxwrapper.jar.p2
Filesize546KB
MD55a0509ea429d85dba8357aae2787bebc
SHA19f078da99590d5880ce2676c6584a7e6d9a4ed98
SHA2567c19c487687820d18f261b49bacd1b56c7732fee458397d57713f883bfbbfb78
SHA512dd7a5f71f1f76b5df4a7403fde6e81943458f8ae8229047c1fd168b646729c5a2cf78a6f982ee36b4f12453001cc09fb3ec4e04287b8083085bdd05ceb66cee4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\sevenzip.jar
Filesize86KB
MD5939d286c7ba6a10739e7d6e64bf86908
SHA148c01101c92e15a1468ace9ef009b12a2efd3d3c
SHA2564ccab1b63a12a244547b8cc416d4337b3ef79c01874836612ad3c59404c21fbf
SHA5125523810e851b4d2615cead4f91ffa3ee7b72856d9dd1cbc97a74cdcce9d2b084a149db2f71aa4c179755e1345e20a2ec6cbd5c6425652371a64b87f3287a984b
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\Remote SupportMacLauncher32.app\Contents\Resources\Java\sevenzip.jar.p2
Filesize33KB
MD51b4c722b52709f4be669bffa9372a8e6
SHA185448d4a99489e822955469a2cd70c637478da3a
SHA256a7efaf21829c8f6e4ef38abd45ed51b2606142da50e5cc40a2671c41e0d1f4f9
SHA5122f1876ec48369bdb7d0582404efa101d6528229137ccbbdb6fa81ff6fcace86a1b74401d88ed404d8f0261eaaaf78282bad51cb9fa1de17d400e1ba67b051338
-
Filesize
5.8MB
MD509d478ab386de738c94bdfe967e9aa8d
SHA12076fe6b44a429e298f30862e295d8fb7f575434
SHA2566359231373bef30ab2a14b977b4a65a1ae84544bee475b94efe68251028bcfe1
SHA51293d7fcf1b2421036520df4ae6e52362c73396eeacc620184c1964635481d4569adaf108903160de37d13114814b42e97831ca450a0c4dc1a597b909bc6ec74a6
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\customer.jar.p2
Filesize2.2MB
MD54008679ebbe987eb2b51ed9aefc8372d
SHA131d4692561f8ec71e00500788fa6af6af14422e5
SHA2565841902f54e4c56ba013feab8e088633b8f75d434395fc5d9a17408456797d9d
SHA51211a51c72dd08003276b4f298c718be89c2dad69122dcae53b415d42de2b64cdd3e89193430fd95179d128be43f1c43391f78cf18ef6f4f664020d1d306a49b3f
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\jwrapper_utils.jar
Filesize1.9MB
MD51d0ee0ff999519e682d2561693b3ab84
SHA1990152b83c7cda71e73517939dae2de64c459bb5
SHA2565b2eb08213f8918642d0ac858afac6c9990a57f2b46abddc28034470d4eaef25
SHA5125afea79f7d2aa5333750acb2302ad2fca7a9cf7a46a74190c7821e290b1583ac4f1be468318ac6fbd5aacb3df8ca4d331163ac90fe2b5c872a5e99c128260fd8
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\jwrapper_utils.jar.p2
Filesize689KB
MD51f6d62b17efc8116649ca0f8d025e62a
SHA148a6674491f368a89e44b3534882b709c00ad68d
SHA25697643ac3ceccb47da7e0a279acebb5face088daaf2a295c458cf573a450116f8
SHA512f2e6acc5ff10df7debab8e747bf81ae9e65670547be58740f4a14756609b6b891afdbe66cd195d13658fc2a04813c899273560e4a16a473d4d86e0918a65cc54
-
Filesize
308KB
MD54493e756bc5c08363172cf745707e52b
SHA1178445f2dc6a709a73457c003735d63897f8f3f6
SHA256f8e345a075f71d333650f4da54cd30140d0da69ab424c9c79cebd40080251692
SHA5122bc58a91c690d181c64014aa5428e52c4eaa30d2b888975fbe7cf19f3228203cde0570419151bfcbf95ef3058ce7b37b3ebb46e80c3b052c1a8dc6fadd085ade
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\liquidlnf.jar.p2
Filesize244KB
MD5c602c315cf0a159b92a5f08fed2b8810
SHA1463c17b2d0b5f59c13792f0c008777580036c9ee
SHA2562a303d52186eb88bdce7580fe0e7fc8ca081ed7efeef590f9ccb2416cb72b33a
SHA512b29c09fa59d615f68e2e4cd0c4fd07b210a00c020469e5e735a69d648336f995090d4d6648203289b244e7ea2df02b44060ba8fd88e53f6052d237d550ee6b3c
-
Filesize
71KB
MD5e59aa0e52e93c781dcdab8ad7cc4054c
SHA11be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e
SHA256410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f
SHA512d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050
-
Filesize
71KB
MD5e59aa0e52e93c781dcdab8ad7cc4054c
SHA11be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e
SHA256410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f
SHA512d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050
-
Filesize
86KB
MD5c5bc3425841e5ed7dacdc2062c81eb74
SHA10f266d76c0f2aeca84357c60915682296a098ac5
SHA256e68d57f58696b79bcf1026d2c6a64d2cc0ae0161c89727a01fe2a1d493319880
SHA512c4627358b3d2c877d5dd76fe414521676a24c4fcbea6eb2b1fde3427906b2540c18dd7666a5b4e817dd41ff06528a65988661d7df22d0a5cb48e1673c0cb7960
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842215-0-app\sevenzip.jar.p2
Filesize33KB
MD5174062907a22d1ba036955bd8d92c2d5
SHA126eecbe9ed73c736883f1a1925e7214b46d2673f
SHA256c395aed91c8b5f541c1cdcc42644afd5cdad4cae9d1253394a9f407e053cbd0b
SHA51215315aa5d2c02d4475d9f951c52f1379933a3d5773541c20327ca4ac3b067b4e7e14a9b656f2d084e8b2377a3973d805832e301b5e4c81d4c724cb7ecc029885
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\JWrapper-Windows32JRE-00028603591-archive.p2
Filesize17.0MB
MD55fef40dac50c383c0450c3bad9e88526
SHA16d74345c8b22d310e9e7f632354fe8ca59ce5ac7
SHA256f621e8a75ba7f1a745bcb9e76a7741eca9502cb39435e763354392e5e2178e67
SHA512cfc7d0f90c40503910ac15fe51f60c335b59cb89ec66705aa467d8fef018e94ffd2186ab43ea0c0db9f2743e4b58eeedb4e73598dcc408a323071c10c3b4058d
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\JWrapper-Windows32JRE-00028603591-archive.p2.l2
Filesize5.9MB
MD546a5a20549c8750877ff4e0d36fcc2ea
SHA1be876202268b64ccf4e12897ba96c81ddf6edcd7
SHA2568362da08b29701d146a62fd0c2005512bad96fd7b95a2eb39338b4dbaec367e9
SHA5123ce39c852886b9375a8b7c7a047f6a37a5b3eaf28149371ec4697400f95230f3e0f34dbe3ba0051935b9a9434f25eef802dc89fd9a0c0bd8f6d07ed9b1c166e7
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\client\jvm.dll
Filesize1.6MB
MD5c9c4c710990b34b3c851e76a56360fc9
SHA1a1d7bbf2e6f198b2af725eb469b6d41d6ac979c1
SHA256b6ed5d2218569e924930dd2a84536001ef34f89698b6c65140f05b1873266434
SHA512d03f1827b5f3ad687a7f0664c537a8dfe090d97cce67f3d7970780777497b4fd1cbbfe893fbed1d3d4e39ed71a27b547c388685ea8d1c6fdbd673ecd87dad8b6
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\client\jvm.dll
Filesize1.6MB
MD5c9c4c710990b34b3c851e76a56360fc9
SHA1a1d7bbf2e6f198b2af725eb469b6d41d6ac979c1
SHA256b6ed5d2218569e924930dd2a84536001ef34f89698b6c65140f05b1873266434
SHA512d03f1827b5f3ad687a7f0664c537a8dfe090d97cce67f3d7970780777497b4fd1cbbfe893fbed1d3d4e39ed71a27b547c388685ea8d1c6fdbd673ecd87dad8b6
-
Filesize
32KB
MD57f4f5d189ec48566d9d8c2ebaed68c74
SHA18ba4ab69b6a453640708ba8337e53d01ce041834
SHA256ad9a3a3949742995b9b2b302e99b9a15a5c0211acccbdf4d6a9f86a69a3f305a
SHA51252b461a23c4377974494a1b57f49e8c32e072e933be59f36900290f518504f7d42189e22aab7a51dcda128d0606bcd9c0a85404340313ac322e39db36828da13
-
Filesize
32KB
MD57f4f5d189ec48566d9d8c2ebaed68c74
SHA18ba4ab69b6a453640708ba8337e53d01ce041834
SHA256ad9a3a3949742995b9b2b302e99b9a15a5c0211acccbdf4d6a9f86a69a3f305a
SHA51252b461a23c4377974494a1b57f49e8c32e072e933be59f36900290f518504f7d42189e22aab7a51dcda128d0606bcd9c0a85404340313ac322e39db36828da13
-
Filesize
116KB
MD53b3613ae9a31e5099ff803b8c858a86d
SHA15cc6c08550cd2f4ef6d37d521c7891051413f16d
SHA2565a5e216f287cbcaf7a4ba8ccb8fcb3dae0b05378d89ba6a70f1d50b394306796
SHA512ed360d73fcc2362129ff4e2c52f8fdf84970598f49be081740e7ed23d23fa8cdf7a01d13cbe2b8cff3fa0d2ecc7455487f98e827eabc2c0d76037e1d4afef365
-
Filesize
116KB
MD53b3613ae9a31e5099ff803b8c858a86d
SHA15cc6c08550cd2f4ef6d37d521c7891051413f16d
SHA2565a5e216f287cbcaf7a4ba8ccb8fcb3dae0b05378d89ba6a70f1d50b394306796
SHA512ed360d73fcc2362129ff4e2c52f8fdf84970598f49be081740e7ed23d23fa8cdf7a01d13cbe2b8cff3fa0d2ecc7455487f98e827eabc2c0d76037e1d4afef365
-
Filesize
52KB
MD5141c0ddc4b7aa9287d1dea52c9525445
SHA1b01e93615748020869be5f7dc73be6803ac18619
SHA2569dee589ab11824cf051afbf5ba0d30e38a464571d23edb14f0ea9b6bdf9fc57c
SHA512c5d7c14e11ea613b1c4b2a796254142136112b5682fccb1ebafbbc014601e5b103f8ab7a5d3a9d4b319a379741fb0bbffa6a214a142931e4f17aecdd54112a54
-
Filesize
52KB
MD5141c0ddc4b7aa9287d1dea52c9525445
SHA1b01e93615748020869be5f7dc73be6803ac18619
SHA2569dee589ab11824cf051afbf5ba0d30e38a464571d23edb14f0ea9b6bdf9fc57c
SHA512c5d7c14e11ea613b1c4b2a796254142136112b5682fccb1ebafbbc014601e5b103f8ab7a5d3a9d4b319a379741fb0bbffa6a214a142931e4f17aecdd54112a54
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\bin\unpack200.exe
Filesize124KB
MD50ac355d4114bcd53ad9aa4a01055c44f
SHA13a7c3c936a73de1c414b08391b37fe9c106990da
SHA25680b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa
SHA512f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4
-
Filesize
48KB
MD595c10f3184ed7aa45709f7cd70b49589
SHA11096dc0c79d201b7bd77e0399c6b8d86bc1f8a6f
SHA256e6f4b6e25a2bc7fc03a73032c60138410b30ac528c7d10da87ea612e52a7b736
SHA512211c522ccdeee5145cf1cddc9806c79915d16ac1d2614c3bcf75d776d61c314c66ebef53f90aae5218ad472c15fba12f0ad0d19f0dfbb022fd36462e480de637
-
Filesize
48KB
MD595c10f3184ed7aa45709f7cd70b49589
SHA11096dc0c79d201b7bd77e0399c6b8d86bc1f8a6f
SHA256e6f4b6e25a2bc7fc03a73032c60138410b30ac528c7d10da87ea612e52a7b736
SHA512211c522ccdeee5145cf1cddc9806c79915d16ac1d2614c3bcf75d776d61c314c66ebef53f90aae5218ad472c15fba12f0ad0d19f0dfbb022fd36462e480de637
-
Filesize
60KB
MD519984073548bc33fc67c04aa277cdd44
SHA164189f2f71e40ae2794dcfb2df53056a82aa33c2
SHA256f450c1a55a143d35b8b330c7538c22b8781d729aa947e27cbc2afc4e19434686
SHA512b08ac43a0c6f12301339c30717908989ffe8bc3cf3889bcd347e83dbdc6fb21150d715da8525edd800015122c417da0870d08affbf35b5496410e36b913c5022
-
Filesize
60KB
MD519984073548bc33fc67c04aa277cdd44
SHA164189f2f71e40ae2794dcfb2df53056a82aa33c2
SHA256f450c1a55a143d35b8b330c7538c22b8781d729aa947e27cbc2afc4e19434686
SHA512b08ac43a0c6f12301339c30717908989ffe8bc3cf3889bcd347e83dbdc6fb21150d715da8525edd800015122c417da0870d08affbf35b5496410e36b913c5022
-
Filesize
76KB
MD5ef2f77d23cd37746737f2f34f953b27c
SHA1d3fc136fcf5421f31bf379a57f55fdb76450461d
SHA256c5f11846410444f7eba84742a71d0693f4e25439af58e1ce7db41e21b7806e77
SHA51266a1729bddc5a8dc8bc47c00c9a59f1d99f282c42dc177d58f11d283437209764e795168aaac03b2c00aff013d1329163faa6406cca8b08cfb6a8679a57e4bb5
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\ext\sunpkcs11.jar
Filesize166KB
MD525edf09d6b9a5fd1fecce20e16cd955c
SHA1425cb995e9fbe57ee915ffd53a2457cde46f496d
SHA2560cd8fdfbab6d535c5caec7f70d5dd425d6a7ef6bf953b44e81db7220b8cfcffd
SHA51202b1f9a4e76257d913ce4280e28c3ef6677e118e329b08cd60c34f28dd57ee99f7a85ec0879ee0cdab36926447dd81771b7c142882fb650d5ed5a5cc407f2f3d
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\ext\sunpkcs11.jar.p2
Filesize120KB
MD51e3aae27c091733c0df95b1762ed5a92
SHA1d8d865d9c26ff76651cd81d2e253d50a67ff6718
SHA256dec4fac179d022add2f72f08286ea74687180e3b26f1c79e2c54aa3e815f4636
SHA512123d55ceb49d93312af5b28e04b9ba6ce24e635e230ca0e6798ab3048f883c58f03c4236d675a56e3163b06825063bd5a0affca35b620e69ba23db5a2c27ac6d
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\i386\jvm.cfg
Filesize695B
MD58d52e756ca8cbe07741e1640b38a0f87
SHA1bde0eca45c0d1b0be7250245eaa55487384c8bd3
SHA256db32e24f9ab72c2a30e2cd2f80300b3640b8f04d2cf7dcd86fb15261ba46983c
SHA512f1faa89f350da7d656d80aa8642e773af4cc5481719b627f3b2d313b03845a78b4700c77e25583e4157fda599745e2f4a06dd71adfb64d7294bfb9ef6e2865c6
-
Filesize
80KB
MD58bfb4f2b5a7db5c2f66029cebcda61af
SHA1544317c36b07e20b091ed1c276a1fba20719a696
SHA2568c18142a4f95801050b8bddb632fa46b6c77f8937733b1b352ae71fde0d5f0ea
SHA51206fc3734cfd6778b1f389fb111079ffd959798cfffcf799c563f228c70280373f7e412d2258f0abeeffe0979b3a4295ed123c0992e9fe724c5e6505e14db096b
-
Filesize
474KB
MD53902fa042a832f116c4bbdb8ac260396
SHA1bbf56369190cd403dffc6114121bc93ef1f8bd94
SHA25687d8858ed9ba36a65a71410816d041f878d61732be37c00a5521596d5d729b4d
SHA512f79c93b40d109525d65b008d495751aa85ca9b43e32697028979da597c9ea5d265fd7b23b4979d1e874555768e375e56ada9cdafce776a2acfcb934e94be9706
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1665842216-0-app\lib\jsse.jar.p2
Filesize115KB
MD541789f3bfea0465b6b5dfdbe133fe342
SHA10061d61370170afdc3984d2e0016c5b8d10b3946
SHA2563f1931393c34b8828c37668bb34891cabce89a4caad9d2a1e8ad07b0c2f205c6
SHA5122f6f8d579d9806d8b8a6c2e582e065a889c02347f8141e79c02ba238d100a11e2a491f1f915fc95bb297b0be498a2e3c2267bc78d10b9578c40c11f53f166735
-
Filesize
32.6MB
MD57dadc17907c9e2aeb4dc7a9faccfceec
SHA119ff33fb9bd10a53b201c2ea6c4e537838534880
SHA2561ea594712c7e982dc297e0da402473a8f9c0ed75bdb357594c7eab4857d568e1
SHA51214311a2fa97cf9b623ab9aaffbecd06aecf584d6b7312eef6b3b125d7e42e4eebe79a7b906903306a05c9ba9f6d0facf0ce94bcd69928f123989cf0ad7291037
-
Filesize
8.8MB
MD528b0cedfa214a6db37e63dedd60fe70b
SHA1f6ef31e6bab599eb0d83d4e7cb9cd906dda56137
SHA25669e611fffa7d26b950a2b53899f938730fa29ad0f30800260f62fa31c048097d
SHA512f5b0c967af2e324847da01c6c373ed13558988edea4d36f7167b744e3648e208c9b959cc24626c9d9b05cd8a37e8035d3ce01f27bba13903ddf56a94701f8b29