Analysis Overview
SHA256
273fe2b92f8c123f28340660bf9a7dee6f3bf2c88f4299c31c302f9c674d921d
Threat Level: Known bad
The file jre-8u321-windows-x64.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Bazarbackdoor family
Bazar/Team9 Backdoor payload
Registers COM server for autorun
Executes dropped EXE
UPX packed file
Blocklisted process makes network request
Loads dropped DLL
Installs/modifies Browser Helper Object
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies system certificate store
Checks processor information in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-12-30 08:02
Signatures
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Bazarbackdoor family
Analysis: behavioral1
Detonation Overview
Submitted
2022-12-30 08:01
Reported
2022-12-30 08:05
Platform
win7-20220901-en
Max time kernel
67s
Max time network
128s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| N/A | N/A | C:\Windows\system32\conhost.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_321\bin\javaw.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\ssv.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\wsdetect.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\jp2ssv.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\dom.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\ext\sunmscapi.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\fxplugins.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\prism_d3d.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\verify.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\Welcome.html | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\java.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\security\trusted.libraries | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\deploy\messages_ko.properties | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-console-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-runtime-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\javafx\webkit.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\resources.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\pkcs11cryptotoken.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\xmlresolver.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\cmm\LINEAR_RGB.pf | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\security\policy\unlimited\local_policy.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\deploy.jar | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-timezone-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\javaws.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\jli.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\javafx\libffi.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\sunmscapi.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\relaxngcc.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\security\java.policy | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-file-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\java.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\JAWTAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-profile-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\security\java.security | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\release | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\security\policy\limited\local_policy.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\pkcs11wrapper.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\deploy\[email protected] | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\ext\dnsns.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\management.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\pack200.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\jfxswt.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-stdio-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\glass.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\hprof.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\ext\localedata.jar | C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-string-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\javafx\gstreamer.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\jpeg.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\ext\cldrdata.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\fontconfig.properties.src | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\installer.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-heap-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\jsoundds.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\dynalink.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\cmm\GRAY.pf | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\deploy\messages_zh_HK.properties | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\zip.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\bcel.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\jabswitch.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\ktab.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\bin\unpack.dll | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\legal\jdk\thaidict.md | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\deploy\splash_11-lic.gif | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_321\lib\ext\access-bridge-64.jar | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\6c8853.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\6c8853.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA194.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI96E8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6c8855.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9E0A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA202.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6c8857.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_321\\bin" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Environment | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\EUDC | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "0ca6f7v" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Printers | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Java VM | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Java VM\EnableJavaConsole = "0" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Keyboard Layout | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SYSTEM | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\TypeLib | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\EditFlags = "65536" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\ssv.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\ProductName = "Java 8 Update 321 (64-bit)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_321_x64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus\1 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\PROGRAMMABLE | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell\Open | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JavaWebStart.isInstalled.1.8.0.0 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell\Open\Command | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_321_x64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jnlps\ = "URL:jnlps Protocol" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Applications\java.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\jarfile\shell\open\command | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "jarfile" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\TypeLib\ = "{5852F5E0-8BF4-11D4-A245-0080C6F74284}" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130120F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\PROGID | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_321\\bin\\wsdetect.dll" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InProcServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\TYPELIB | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jnlps\Shell\Open | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\APPLICATION/X-JAVA-JNLP-FILE | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus\ = "0" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ = "Java(tm) Plug-In SSV Helper" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\ProductIcon = "C:\\Program Files\\Java\\jre1.8.0_321\\\\bin\\javaws.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\ = "Executable Jar File" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer\ = "JavaWebStart.isInstalled.1.8.0.0" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.jnlp\Content Type = "application/x-java-jnlp-file" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet\CLSID = "{8AD9C840-044E-11D1-B3E9-00805F499D93}" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130120F\jrecore | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JavaWebStart.isInstalled\CLSID\ = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\Implemented Categories | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\jarfile | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Applications\javaw.exe | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640} | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ = "Java(tm) Plug-In 2 SSV Helper" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus\1\ = "384" | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_321\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\Version = "134220938" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130120F\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 8C859FDBA35EAD81B7424915538115DB
C:\Program Files\Java\jre1.8.0_321\installer.exe
"C:\Program Files\Java\jre1.8.0_321\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_321\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180321F0}
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_321\lib/plugin.jar"
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_321\lib/javaws.jar"
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_321\lib/deploy.jar"
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_321\lib/rt.jar"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5315073229510475421130571330-893596216-14246614-469703009-9695576251855753633"
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_321\lib/charsets.jar"
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_321\lib/ext/localedata.jar"
C:\Program Files\Java\jre1.8.0_321\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_321\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_321\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_321\lib/jsse.jar"
C:\Program Files\Java\jre1.8.0_321\bin\ssvagent.exe
"C:\Program Files\Java\jre1.8.0_321\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre1.8.0_321\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_321\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre1.8.0_321\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_321\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_321" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzMyMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zMjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzMyMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre1.8.0_321\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_321\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_321" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzMyMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zMjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzMyMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzIxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre1.8.0_321\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_321\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding A6D9A496AA7DBA516EDEF303DDF4A527 M Global\MSI0000
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| N/A | 23.65.205.24:443 | javadl-esd-secure.oracle.com | tcp |
| N/A | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| N/A | 23.65.205.24:443 | rps-svcs.oracle.com | tcp |
| N/A | 8.8.8.8:53 | www.java.com | udp |
| N/A | 84.53.185.179:443 | www.java.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
memory/2036-55-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | de3aaa434c3e54fa6444c9f6110d5073 |
| SHA1 | fcedbe00229596d03cc8457f2bf0bd45f24c48cb |
| SHA256 | dbf8545602fdf415484bbd74a5a4782743d3252cd5eee850d090ef4b5032dbe2 |
| SHA512 | fccebfd5fa1ec176ecb8a20bc724a7addedaeafafba1f53d001cddf04e0c034ead607c149b9382524f68d8b249489ba28f1f2f6b89c5465ff8f1133ab515b8db |
memory/2036-57-0x000007FEFB771000-0x000007FEFB773000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
\Users\Admin\AppData\Local\Temp\jds7083786.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_321_x64\jre1.8.0_32164.msi
| MD5 | 39bf9b1c9177645cea379fcf282a4687 |
| SHA1 | 74e37738ddc512fe91296599951ef1d99ac93418 |
| SHA256 | 2381f3ca2c2f75b606e0049001d09c9c7b2df732d951c9253c3891347e941c10 |
| SHA512 | 4ac1fcfa37799c61c0acb451b079708ab295a5daf7f675125f0bb4808c44f58754856cae23ae1cc1142f483b9a40c203049f1446c53fba94c304fe0d68936769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c27b870fe713d61df4a2afe06547b19d |
| SHA1 | 09e6f7bebc231005efde4ab0a544a0d756c067db |
| SHA256 | ffa0c9f191391b9decd66e01298985ed2b4ef1e54a2c676346d8e815cc0e1d03 |
| SHA512 | af0a597aced28f210abf9275c659b408fe0f02693c580a094890ab7f43e5063f9ebe31675c9b16d81e547eba142cce4c40375b331603f23d8bdb6f8da0937fd7 |
memory/852-66-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | d157715725ea8240adb0431b413d6db9 |
| SHA1 | 196623319b2b595c4cddcdafd124d1e3ca4f89a3 |
| SHA256 | 09d56b84520f17382e6a0261a34c4c2d905092d7ce379acdfa807a80e1ea3793 |
| SHA512 | c33fbbcc4ed20b0cd4c596ef711a1a3dfc56702bc0307c8b4b60ebf98b1783cd689ebd74c9f8d513cb87a43abc7641a9c04f3277050bb125304b4b279fc40401 |
\Windows\Installer\MSI96E8.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
C:\Windows\Installer\MSI96E8.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
C:\Windows\Installer\MSI9E0A.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
\Windows\Installer\MSI9E0A.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
\Windows\Installer\MSIA202.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
C:\Windows\Installer\MSIA202.tmp
| MD5 | da4598360ae218325c6b96b91a90dd19 |
| SHA1 | d773cc0953aaad2069467ad1a51e0fd7aa75e5c4 |
| SHA256 | 4a8fb4e1fc0202da504de4259742943433040bf67d1f35397f428042b5dd4ef4 |
| SHA512 | 129ec79a7ad644d9dc0682f83740329bdf31d48a6a51160212fdbf236c1f9c98259b36e94755bc146756b472fbda8a727af66860c89a9bc53c61a03e30942ea4 |
\Program Files\Java\jre1.8.0_321\installer.exe
| MD5 | 5bae8b1ca4c01b42cc3cf4f97e848035 |
| SHA1 | 547eeb72683756379842575ddd03ea5f17568287 |
| SHA256 | 3d63f68fbad1a1be6fdef8d898f38c4981fba7150e390c514282c859d5b5b7da |
| SHA512 | cc062f747f8d0b3449ef3c196cf8bcc6546dc842e72ded5485ddd80b58b8c60b2aa99d3934a465294324b3ee8ea53f69c977e818f7ded2881506c25188e56e2a |
memory/1652-76-0x0000000000000000-mapping.dmp
C:\Program Files\Java\jre1.8.0_321\installer.exe
| MD5 | 5bae8b1ca4c01b42cc3cf4f97e848035 |
| SHA1 | 547eeb72683756379842575ddd03ea5f17568287 |
| SHA256 | 3d63f68fbad1a1be6fdef8d898f38c4981fba7150e390c514282c859d5b5b7da |
| SHA512 | cc062f747f8d0b3449ef3c196cf8bcc6546dc842e72ded5485ddd80b58b8c60b2aa99d3934a465294324b3ee8ea53f69c977e818f7ded2881506c25188e56e2a |
C:\Windows\Installer\6c8857.msi
| MD5 | 39bf9b1c9177645cea379fcf282a4687 |
| SHA1 | 74e37738ddc512fe91296599951ef1d99ac93418 |
| SHA256 | 2381f3ca2c2f75b606e0049001d09c9c7b2df732d951c9253c3891347e941c10 |
| SHA512 | 4ac1fcfa37799c61c0acb451b079708ab295a5daf7f675125f0bb4808c44f58754856cae23ae1cc1142f483b9a40c203049f1446c53fba94c304fe0d68936769 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 8e28767a82df7a6694e4392e56a6a1e1 |
| SHA1 | 20f302b48712075bf036535748b6591ca724777e |
| SHA256 | 769b690a91236df863f9d43c539dcba4e175746e0fad15750208697a3bde3b68 |
| SHA512 | d36a14eca7e6c103d0f1bbab5f8b250f467709ec8354a71d0ab4d89dd9e74cf9c20401d7a1973b987296a060298d728f4689513158df9f473f8f5d61ca53dcc1 |
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
memory/1696-80-0x0000000000000000-mapping.dmp
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
memory/1696-83-0x0000000074B51000-0x0000000074B53000-memory.dmp
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\baseimagefam8
| MD5 | 22646919b87d1a6dfc371464405b373b |
| SHA1 | 2296c69b12c3e0244fc59586f794457a4735e692 |
| SHA256 | 0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11 |
| SHA512 | b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0 |
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\diff
| MD5 | ae2916473f36200bdedab19e4a274246 |
| SHA1 | 680ae426e9aa93bf98b78263df11fdcea860fb98 |
| SHA256 | d703bc1d053a6042b24fbaec8f2a5712a7b71f925aea7740832fb3e4c12c94c3 |
| SHA512 | 3abc92e2dd3d6553d3d93d565fcf67d960643db21e4275db4420a9dc6809e9b79c0e016c61e4dc142652dbfb3958ca81e71393587dcacff6b701f02a15c34d23 |
\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
memory/1696-89-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1696-91-0x00000000003D0000-0x00000000003E7000-memory.dmp
memory/1696-90-0x00000000003D0000-0x00000000003E7000-memory.dmp
memory/1696-92-0x00000000003D0000-0x00000000003E7000-memory.dmp
C:\ProgramData\Oracle\Java\installcache_x64\7123426.tmp\newimage
| MD5 | 456e798b59a8f91f118fc9d8eda0f5f7 |
| SHA1 | c53cb8a7edd36d0254b6d02652eec3e929c05d38 |
| SHA256 | 77603f0bd6005a176ee1d7765e2640758bd6b92f9896c175d290e65514b445c4 |
| SHA512 | b88945b0662584790816aa4908260d0ba9dd209bfd0a02568f1daf3a8536fc205c1f82a7580765f8800ec19194d408d074a3106713b33115dec58af5d4e25004 |
memory/1696-93-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
| MD5 | 858aff6740ed09683163af9c753eeaf7 |
| SHA1 | ec877363b91129916883e89ff1c9a537c3fc66bd |
| SHA256 | d76ef9842647f1036a1a3b754fa2ca9e4428cc972b16384e4c4c9c7558431d0b |
| SHA512 | 2e76715ac1d0a7dec0bdde319e0f34df85c7bdaf27fa23e995bbb162e1d65cf52f63b7561cdaaefecb8607fa5b8bd605f38c6d2deaca87daf5150f61bd1956ea |
memory/1148-96-0x0000000000000000-mapping.dmp
\Program Files\Java\jre1.8.0_321\bin\unpack200.exe
| MD5 | 858aff6740ed09683163af9c753eeaf7 |
| SHA1 | ec877363b91129916883e89ff1c9a537c3fc66bd |
| SHA256 | d76ef9842647f1036a1a3b754fa2ca9e4428cc972b16384e4c4c9c7558431d0b |
| SHA512 | 2e76715ac1d0a7dec0bdde319e0f34df85c7bdaf27fa23e995bbb162e1d65cf52f63b7561cdaaefecb8607fa5b8bd605f38c6d2deaca87daf5150f61bd1956ea |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 883120f9c25633b6c688577d024efd12 |
| SHA1 | e4fa6254623a2b4cdea61712cdfa9c91aa905f18 |
| SHA256 | 4390c389bbbf9ec7215d12d22723efd77beb4cd83311c75ffe215725ecfd55dc |
| SHA512 | f17d3b667cc8002f4b6e6b96b630913fa1cb4083d855db5b7269518f6ff6eebf835544fa3b737f4fc0eb46ccb368778c4ae8b11ebcf9274ce1e5a0ba331a0e2f |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 8acb83d102dabd9a5017a94239a2b0c6 |
| SHA1 | 9b43a40a7b498e02f96107e1524fe2f4112d36ae |
| SHA256 | 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413 |
| SHA512 | b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4 |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-string-l1-1-0.dll
| MD5 | f816666e3fc087cd24828943cb15f260 |
| SHA1 | eae814c9c41e3d333f43890ed7dafa3575e4c50e |
| SHA256 | 45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a |
| SHA512 | 6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581 |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 6f1a1dfb2761228ccc7d07b8b190054c |
| SHA1 | 117d66360c84a0088626e22d8b3b4b685cb70d56 |
| SHA256 | c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed |
| SHA512 | 480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2 |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-math-l1-1-0.dll
| MD5 | fb79420ec05aa715fe76d9b89111f3e2 |
| SHA1 | 15c6d65837c9979af7ec143e034923884c3b0dbd |
| SHA256 | f6a93fe6b57a54aac46229f2ed14a0a979bf60416adb2b2cfc672386ccb2b42e |
| SHA512 | c40884c80f7921addced37b1bf282bb5cb47608e53d4f4127ef1c6ce7e6bb9a4adc7401389bc8504bf24751c402342693b11cef8d06862677a63159a04da544e |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 143a735134cd8c889ec7d7b85298705b |
| SHA1 | 906ac1f3a933dd57798ae826bbefa3096c20d424 |
| SHA256 | b48310b0837027f756d62c37ea91af988baa403cbcbd01cb26b6fdae21ea96a2 |
| SHA512 | c9abe209508afae2d1776391f73b658c9a25628876724344023e0fc8a790ecb7dbce75fddae267158d08a8237f83336b1d2bd5b5ce0a8eed7dd41cbe0c031d48 |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 143a735134cd8c889ec7d7b85298705b |
| SHA1 | 906ac1f3a933dd57798ae826bbefa3096c20d424 |
| SHA256 | b48310b0837027f756d62c37ea91af988baa403cbcbd01cb26b6fdae21ea96a2 |
| SHA512 | c9abe209508afae2d1776391f73b658c9a25628876724344023e0fc8a790ecb7dbce75fddae267158d08a8237f83336b1d2bd5b5ce0a8eed7dd41cbe0c031d48 |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 6f1a1dfb2761228ccc7d07b8b190054c |
| SHA1 | 117d66360c84a0088626e22d8b3b4b685cb70d56 |
| SHA256 | c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed |
| SHA512 | 480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2 |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 5cce7a5ed4c2ebaf9243b324f6618c0e |
| SHA1 | fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3 |
| SHA256 | aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3 |
| SHA512 | fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 5cce7a5ed4c2ebaf9243b324f6618c0e |
| SHA1 | fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3 |
| SHA256 | aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3 |
| SHA512 | fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 41fbbb054af69f0141e8fc7480d7f122 |
| SHA1 | 3613a572b462845d6478a92a94769885da0843af |
| SHA256 | 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c |
| SHA512 | 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 41fbbb054af69f0141e8fc7480d7f122 |
| SHA1 | 3613a572b462845d6478a92a94769885da0843af |
| SHA256 | 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c |
| SHA512 | 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 285dcd72d73559678cfd3ed39f81ddad |
| SHA1 | df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a |
| SHA256 | 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44 |
| SHA512 | 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 285dcd72d73559678cfd3ed39f81ddad |
| SHA1 | df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a |
| SHA256 | 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44 |
| SHA512 | 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 29680d7b1105171116a137450c8bb452 |
| SHA1 | 492bb8c231aae9d5f5af565abb208a706fb2b130 |
| SHA256 | 6f6f6e857b347f70ecc669b4df73c32e42199b834fe009641d7b41a0b1c210af |
| SHA512 | 87dcf131e21041b06ed84c3a510fe360048de46f1975155b4b12e4bbf120f2dd0cb74ccd2e8691a39eee0da7f82ad39bc65c81f530fc0572a726f0a6661524f5 |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 29680d7b1105171116a137450c8bb452 |
| SHA1 | 492bb8c231aae9d5f5af565abb208a706fb2b130 |
| SHA256 | 6f6f6e857b347f70ecc669b4df73c32e42199b834fe009641d7b41a0b1c210af |
| SHA512 | 87dcf131e21041b06ed84c3a510fe360048de46f1975155b4b12e4bbf120f2dd0cb74ccd2e8691a39eee0da7f82ad39bc65c81f530fc0572a726f0a6661524f5 |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-string-l1-1-0.dll
| MD5 | f816666e3fc087cd24828943cb15f260 |
| SHA1 | eae814c9c41e3d333f43890ed7dafa3575e4c50e |
| SHA256 | 45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a |
| SHA512 | 6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581 |
memory/1176-133-0x0000000000000000-mapping.dmp
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 212d58cefb2347bd694b214a27828c83 |
| SHA1 | f0e98e2d594054e8a836bd9c6f68c3fe5048f870 |
| SHA256 | 8166321f14d5804ce76f172f290a6f39ce81373257887d9897a6cf3925d47989 |
| SHA512 | 637c215ed3e781f824ae93a0e04a7b6c0a6b1694d489e9058203630dcfc0b8152f2eb452177ea9fd2872a8a1f29c539f85a2f2824cf50b1d7496fa3febe27dfe |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 212d58cefb2347bd694b214a27828c83 |
| SHA1 | f0e98e2d594054e8a836bd9c6f68c3fe5048f870 |
| SHA256 | 8166321f14d5804ce76f172f290a6f39ce81373257887d9897a6cf3925d47989 |
| SHA512 | 637c215ed3e781f824ae93a0e04a7b6c0a6b1694d489e9058203630dcfc0b8152f2eb452177ea9fd2872a8a1f29c539f85a2f2824cf50b1d7496fa3febe27dfe |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-synch-l1-2-0.dll
| MD5 | d175430eff058838cee2e334951f6c9c |
| SHA1 | 7f17fbdcef12042d215828c1d6675e483a4c62b1 |
| SHA256 | 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a |
| SHA512 | 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-synch-l1-2-0.dll
| MD5 | d175430eff058838cee2e334951f6c9c |
| SHA1 | 7f17fbdcef12042d215828c1d6675e483a4c62b1 |
| SHA256 | 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a |
| SHA512 | 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b |
memory/2028-134-0x0000000000000000-mapping.dmp
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-file-l2-1-0.dll
| MD5 | 3bf4406de02aa148f460e5d709f4f67d |
| SHA1 | 89b28107c39bb216da00507ffd8adb7838d883f6 |
| SHA256 | 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e |
| SHA512 | 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-file-l2-1-0.dll
| MD5 | 3bf4406de02aa148f460e5d709f4f67d |
| SHA1 | 89b28107c39bb216da00507ffd8adb7838d883f6 |
| SHA256 | 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e |
| SHA512 | 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-file-l1-2-0.dll
| MD5 | 35bc1f1c6fbccec7eb8819178ef67664 |
| SHA1 | bbcad0148ff008e984a75937aaddf1ef6fda5e0c |
| SHA256 | 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7 |
| SHA512 | 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 43e1ae2e432eb99aa4427bb68f8826bb |
| SHA1 | eee1747b3ade5a9b985467512215caf7e0d4cb9b |
| SHA256 | 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c |
| SHA512 | 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 43e1ae2e432eb99aa4427bb68f8826bb |
| SHA1 | eee1747b3ade5a9b985467512215caf7e0d4cb9b |
| SHA256 | 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c |
| SHA512 | 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-file-l1-2-0.dll
| MD5 | 35bc1f1c6fbccec7eb8819178ef67664 |
| SHA1 | bbcad0148ff008e984a75937aaddf1ef6fda5e0c |
| SHA256 | 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7 |
| SHA512 | 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 9c9b50b204fcb84265810ef1f3c5d70a |
| SHA1 | 0913ab720bd692abcdb18a2609df6a7f85d96db3 |
| SHA256 | 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40 |
| SHA512 | ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd |
memory/1896-135-0x0000000000000000-mapping.dmp
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 9c9b50b204fcb84265810ef1f3c5d70a |
| SHA1 | 0913ab720bd692abcdb18a2609df6a7f85d96db3 |
| SHA256 | 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40 |
| SHA512 | ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd |
C:\Program Files\Java\jre1.8.0_321\bin\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 8acb83d102dabd9a5017a94239a2b0c6 |
| SHA1 | 9b43a40a7b498e02f96107e1524fe2f4112d36ae |
| SHA256 | 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413 |
| SHA512 | b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4 |
\Program Files\Java\jre1.8.0_321\bin\ucrtbase.dll
| MD5 | 61eb0ad4c285b60732353a0cb5c9b2ab |
| SHA1 | 21a1bea01f6ca7e9828a522c696853706d0a457b |
| SHA256 | 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd |
| SHA512 | 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d |
C:\Program Files\Java\jre1.8.0_321\bin\ucrtbase.DLL
| MD5 | 61eb0ad4c285b60732353a0cb5c9b2ab |
| SHA1 | 21a1bea01f6ca7e9828a522c696853706d0a457b |
| SHA256 | 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd |
| SHA512 | 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d |
\Program Files\Java\jre1.8.0_321\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 883120f9c25633b6c688577d024efd12 |
| SHA1 | e4fa6254623a2b4cdea61712cdfa9c91aa905f18 |
| SHA256 | 4390c389bbbf9ec7215d12d22723efd77beb4cd83311c75ffe215725ecfd55dc |
| SHA512 | f17d3b667cc8002f4b6e6b96b630913fa1cb4083d855db5b7269518f6ff6eebf835544fa3b737f4fc0eb46ccb368778c4ae8b11ebcf9274ce1e5a0ba331a0e2f |
\Program Files\Java\jre1.8.0_321\bin\vcruntime140.dll
| MD5 | 1453290db80241683288f33e6dd5e80e |
| SHA1 | 29fb9af50458df43ef40bfc8f0f516d0c0a106fd |
| SHA256 | 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c |
| SHA512 | 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91 |
C:\Program Files\Java\jre1.8.0_321\bin\VCRUNTIME140.dll
| MD5 | 1453290db80241683288f33e6dd5e80e |
| SHA1 | 29fb9af50458df43ef40bfc8f0f516d0c0a106fd |
| SHA256 | 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c |
| SHA512 | 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91 |
memory/1688-137-0x0000000000000000-mapping.dmp
memory/1356-138-0x0000000000000000-mapping.dmp
memory/1700-136-0x0000000000000000-mapping.dmp
memory/1648-139-0x0000000000000000-mapping.dmp
memory/1648-143-0x0000000002250000-0x0000000003250000-memory.dmp
memory/2044-145-0x0000000000000000-mapping.dmp
memory/1716-146-0x0000000000000000-mapping.dmp
memory/1716-154-0x00000000024F0000-0x00000000034F0000-memory.dmp
memory/1920-172-0x0000000000000000-mapping.dmp
memory/456-173-0x0000000000000000-mapping.dmp
memory/456-181-0x0000000002290000-0x0000000003290000-memory.dmp
memory/456-200-0x0000000002290000-0x0000000003290000-memory.dmp
memory/456-201-0x0000000002290000-0x0000000003290000-memory.dmp
memory/1548-202-0x0000000000000000-mapping.dmp
memory/456-204-0x0000000002290000-0x0000000003290000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-12-30 08:01
Reported
2022-12-30 08:05
Platform
win10v2004-20221111-en
Max time kernel
87s
Max time network
147s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2896 wrote to memory of 1320 | N/A | C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe | C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe |
| PID 2896 wrote to memory of 1320 | N/A | C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe | C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u321-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| N/A | 23.65.205.24:443 | javadl-esd-secure.oracle.com | tcp |
| N/A | 93.184.221.240:80 | tcp | |
| N/A | 93.184.221.240:80 | tcp | |
| N/A | 20.42.65.89:443 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 93.184.221.240:80 | tcp | |
| N/A | 93.184.221.240:80 | tcp |
Files
memory/1320-132-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
C:\Users\Admin\AppData\Local\Temp\jds240546828.tmp\jre-8u321-windows-x64.exe
| MD5 | 80afab5be48bacf44155212c817f4e31 |
| SHA1 | 5a8b12509bdecdb2024a8d00395ca5f24dec63dc |
| SHA256 | fb02ebdbbd9c7f27c49eef2d743293f100a614aa95151e2d28828db84baf6657 |
| SHA512 | a6602aacfc6334a9e1f05874cebe34519808d10cfcc7d3254e8639d1645758a680fe4dbcd30bcf41e9d90b47126259348e6a6cf83b5f3eeeb006110070b60304 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 92792f1514358343aabb4f37cb61dd91 |
| SHA1 | 42aa5dc87b260df9bf1e9ff7e95f5f43e813e49c |
| SHA256 | 30b6411b468e291e551dc0961c080e6797c99c794e06fa153b040c9d056d7eea |
| SHA512 | 2a11b4bd027796d4a33a162a2a4c62fc2394890e349cddf81a1d0f7b3876cb2fe71785c1c1cecc20f0ccce0cf41b8893e3d7f6b617d49eef0d7adf842d85dae0 |