Malware Analysis Report

2024-09-22 16:40

Sample ID 231224-h1stbaadan
Target malware_sample_1.bin
SHA256 f651132897ef5dacc40ea8f34d3427003e119685b6bed93ed4a411f84f4795d0
Tags
arkei babadeda default crypter loader stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f651132897ef5dacc40ea8f34d3427003e119685b6bed93ed4a411f84f4795d0

Threat Level: Known bad

The file malware_sample_1.bin was found to be: Known bad.

Malicious Activity Summary

arkei babadeda default crypter loader stealer

Arkei

Babadeda Crypter

Babadeda

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-12-24 07:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-24 07:12

Reported

2023-12-24 07:15

Platform

win7-20231215-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe"

Signatures

Arkei

stealer arkei

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76672c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6C10.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6DD6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6F4F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI77D8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76672f.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76672c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D58.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6EA2.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76672f.ipi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2844 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 1700 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe C:\Windows\SysWOW64\msiexec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2264 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2760 wrote to memory of 2116 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe
PID 2760 wrote to memory of 2116 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe
PID 2760 wrote to memory of 2116 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe
PID 2760 wrote to memory of 2116 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe

Processes

C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe

"C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D0039FE920748E15D9C3CE3324C285DC C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1703142551 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 57533276D4F3ADFC1543AA045D17ADD7

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe

"C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe"

Network

Files

\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\adv.msi

MD5 919a835b8e81091002c2ad83bf92c1b8
SHA1 296ea4111479c6eafa6d37d61c113269c210ab78
SHA256 0722015f9db6e41d8aba1cec9c6d24b10ac82e2d89af63e31fddcb180ef09282
SHA512 966eca3372ef5dab6d6b735bbbe834ae269d6fbab47d4ded49ab39fe083a95768439ed4fe2717696c2ae4f6daefcfcd936125c3ee730a0e9870242dba021830f

C:\Users\Admin\AppData\Local\Temp\Cab5CF1.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar5D71.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\MSI60D0.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Users\Admin\AppData\Local\Temp\MSI6247.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3b79de4c2851adfef02ea14cc9d6afc
SHA1 ae7c9f8848b8634483544c68da8125d6fa784222
SHA256 5bc1b003b0158b2ae654a8ceee985bd77b8b6db6812f0c51fa400f90eff26612
SHA512 55b8fe47377f87ecdb4a0b053b3b81635ffa38d4af08a90e9a16cf96b0119acc1cd4301a921d87470b4c57d04242d252069a3654f025628c4c29658da14e3bbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1867b2737cb5af6bc216039b9b9c8fcb
SHA1 7344e24bc8034e55aba09f71b82a5b27dac0e0fb
SHA256 033bd92dd54e4ccd9dd0b42c118e2c755b9cfbfc583d7d15c5a9be9e9488430b
SHA512 cf2172fad0aad939b3d3f816b6dc9139191d5311230175dd3d11c54afebdd10cd4e6deea805bb23f009c9c0b29ef7be0d685330462505f480ea0f56136bbf3de

C:\Windows\Installer\MSI6DD6.tmp

MD5 7eb12c6ebdcf90b6e8f7829d01ca18e2
SHA1 39fc8569c1c75e170e3d337807eba4a2377756ca
SHA256 2ab2a9782fe6429083a28194242af99fbafc296024e6c007d940b3e45516bfa7
SHA512 e0cd8e3547845253f6800f26de39894a9cd370fc7dd0ac74426f300f8499d07d27ce7f3d5d61e25a8dd49d93975278abd1dd8112273994dd195b64d3191700c4

\Windows\Installer\MSI6DD6.tmp

MD5 0edc4ea5202445e7dd63b26c8bb95b6b
SHA1 3d709c27ed4c4d26a6dc3f2f8a186578ae81ee4d
SHA256 15634dbb2b2aa4f6514a81dbfa2afab1d9cbb779e285662f9e269a758c3840e1
SHA512 a3cef345084730e4f01ddeebff23048fdfa06b65fc78edb4ce170409805587104da8742f977d56ae10d84504c900d8c67bab9801190dd1fa51be76e1ff64e665

\Windows\Installer\MSI6F4F.tmp

MD5 0be7cdee6c5103c740539d18a94acbd0
SHA1 a364c342ff150f69b471b922c0d065630a0989bb
SHA256 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14
SHA512 f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\swresample-1.dll

MD5 38f7e266e562225c39da79b77b93feeb
SHA1 0a2834039ecfbdb2744a49b3526284ade545b8a0
SHA256 1b51d1c0879382499ab97f5da1fe84c703ccee6d60d1629bfcf52b1abbb7d166
SHA512 0a532f07b78a513e76a3708b0b6958b5cd1fa96b7ee5d3345961e573d8923e980fba72cb71638bb0ef5dcca359a892b65bd1b4f2b2b8b291a989d2f8769f02bb

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\evreporter.exe

MD5 8a63a7d64cb5d3ce994b1b17acd61920
SHA1 54604ca37104d4e3d07ff7e218577b31fc6d9788
SHA256 1236296ffea3ee626dae909885aeb60d5925ce1a93408beee124715aa91b434d
SHA512 155bf61313333eeb8a7d187173860422461174570d820181dfc93bba5da60d4f3e55b042f5a1215eeea15088e1de45a293e96bc0c0e1c67412298ddd614957c4

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Microsoft.ReportViewer.ProcessingObjectModel.dll

MD5 253bc53169ad46b1eafb92982ba7268e
SHA1 3f2f8c6324480b1f39c7bc06b8503feedfe5def4
SHA256 ca513f09b64f8e3dc8ee09663854adf7e4e84544133d07a3a2ef55701abfad4c
SHA512 ab6847f2b7e07e85d555b313d63f74d4e74e50ea09ef32fe427822a25eca12264a49347428d32f42ed65c669c28dac426310bbd401a21c03177bd9729cfb5e08

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\License.txt

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgthread-2.0-0.dll

MD5 cf2571c125fa1d2ec55b9977054f380a
SHA1 91014dd50f0eeb0d3d1faed77541c76a05b712b8
SHA256 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3
SHA512 a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\icuin30.dll

MD5 29996eb0439c502823efb816d9e07cd3
SHA1 0af216ecb75ba7bfb781be66963a2638da6d0ad7
SHA256 d75236a76475944659a0c96debf19358ab032856e662959cdbf40e2a3509e5e6
SHA512 05e1f0115aee05da6542ba1a372cb15618a9fe813a8ac74204de6c7ec4952706843d680a68f5dedae44703743eeb2faf7c4942ad246fdae880f8779ac100f64b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\FileHelpers.DLL

MD5 c4fd9a7da22a25848bd93dce9ff86d27
SHA1 72a18b181f44eb3efee01a2d29f993b560b17727
SHA256 29e02874cc24bfb987d733710dfc97c1692529a98cfe2b32fcb1589de991eb14
SHA512 165b543a2d02fba5ba815faebf031b6c108ec834fb5568eca3ce64874df06aa0b9c480bf038e519170741989de0308ae4668c5b187f7d602bf7c18b914b74c46

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\abs

MD5 fb1c3813f0f4da26d0237979837569ab
SHA1 ba79adce4d3ddd7c87588851a100880addac43f2
SHA256 15ba8dee761da296d10207697dc8bd8a2295d38aec4770c3c1b68b676c552f4a
SHA512 191a2fbb2a3dea11dd2eedaf61cb1d3d5ee7a9db0a670baa90737ad6c8a369c4db0ad7f534a8c16d356fe13a3637f4183e12b0fb54f964a2d33f6d1ba27a7836

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\buryall

MD5 bd9bf87ec8d6d4aa9ab9f9d535a34f4c
SHA1 2cf492ce42c91e82680700de727ed27da762cac2
SHA256 a6f83189bdd0e12df48b49bc910fd717a6ad5da7360dbe12920a12c061b99a07
SHA512 75356ecc85f5245ee163ce9aa03279c6591fb5129f6a45cc4e3d78b70bc0836439b8dda82a4124c4e5c1a358f98dca7cfc8ab21ef6362b7b710b9327ac966b12

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\ask

MD5 fd6d3b7675dfdef2b722453da8247b2f
SHA1 287fc35d34db3fbcba4b35f383feab5277434b9c
SHA256 9391b74f28b60795ce5836b33df7b2d5f81f66656bd3129ea4c1c23adfb03e71
SHA512 852b01d855cdf845d891a2af3fce0714fb347371a3b7ee489d2b00970acae97dc5c6ca21e1c299aa2404d3578a3514bcd269cc70971fda5737ecdca397ecfe74

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\dequeue

MD5 275536365e2afc69af66b8f56e96375d
SHA1 d9a938679abd36796962937f05d5e6a0b5a2bd15
SHA256 7b9b26a02d04f8c7e7f5e67e8c50f83e9b896ca211053f9e01ada4b7d0c01136
SHA512 94ef304aa1e678f783b73d4623f8d6f551c9c5a533ff372c4a0965eb4c5b82530702f159ab208d0f9caa9340ce4e72ba8b335a9acc664593f4ff1c5102329c8a

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\edall

MD5 06e477a348b6a5a29287918fa241a600
SHA1 e0d0957283268bc9cf9681aa4e61120ca79b82ea
SHA256 ee7c1d5304e7165638079b546e43961852aa43b8a7f266e354c3099e103dc6c7
SHA512 5c4c5546a09d3da9d8ef997b134baa6882335541d1f845c9a9f435d153ae099719b7934086bb27b71523d0654b527851b0ccc3021255e10c7203d7bcc7a2f261

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\do.while

MD5 5fd4682fbd067a35adb742ec4a093d6b
SHA1 7aaa9e963581a5ed19c5827e4f38d2fc7b6e588f
SHA256 72fd7c608dd7d3d4e0263c2130f92ccf42071a039ddd3e41dd5a546dab3635f8
SHA512 58678574899cb282d03bee41634d9ee71365ccf307c62527ab69044adc97ac3af0913b0dba4cb2604568adc4ceab171a446773edb2cc06323c662a0f5bca7e63

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\do.until

MD5 7ab5b0d1529b0c40e448632b307deb36
SHA1 39ebec1a0f2e4a8221dbe48fb0dbbb592be2844a
SHA256 2cdaa81ce9cf2ba392967da387e18553bc742bb2c58f365f2e284a4839724177
SHA512 e2d83fbcf80d4e35c54a2cc6efe1456fa760fb5b14ce6e4c4da01389a26ac2d4160ba261cfb123ad707208093931daf6ab39aa65d851891806fb58efe2b72e65

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\distancexyz

MD5 0dfecadc0150620af7758ae2d4c659d5
SHA1 db2289a521f4cd728d7968d568584e6ac70f5733
SHA256 3f68e28e2bc6b68297d1eb5b855b68ca187cd5539e65c14d549d6b0185cfeef4
SHA512 b8fde3c33d79b9f7b7127fff1feaac8d8d3d6c2988d158faba671f32a2b2b8a66864285e828ea76fca1431d9978a76a08eee1b0324520c111ca12c909a29f143

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\distance

MD5 b2a335aa68d9b0275e651dcd3a2bb41b
SHA1 53c52a7ffb42a1375e8a813cf694fd03910b1a68
SHA256 a202cd1a08e1eae5f0f9ace3dec41dbf74f98a1e17653501c63d31cc2c23fc48
SHA512 6c1fe5d30a84a4a0438366bd18529f750e5d0ef941023bf88392ca626166c250aaf518c4d16b0cf8748e26280078ea53ab8f8e7a7269cee97c6d2abf02e4d453

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\dir

MD5 a1c721b7815ce9bfd9f4298c5359ebcc
SHA1 524f6138863543633e488e2b6b4cb98b47376be4
SHA256 148218cdb67e89e2b3cd865385a42851dc2e9b0c0965061f9017da1f30a00ea5
SHA512 2b39085dc8a398b6f927f0ee034451c240a262e6c68f0e0b1885501e069b21513ccc56e631d222e9466773bf4b5eeba5c9588bf36286489983e08e8ddb5e23fb

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\demo

MD5 8d9a244c414e9b9ba1bfe71666f7ead8
SHA1 66a250b57064d290b0aa73e33e4e02acdd416b4e
SHA256 a17348301387f93f0b95f6adb5c38c44ffd46e57c82bab3aee08425bcf6b2e82
SHA512 001511a731a5997e50f9a847fef2a9a4ddd095a3872fb0f1aa66daaf546182e4f733377adeec421956d5378923570da016092a8cb3703c2c4e4953cacd02089e

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\crossmap

MD5 bf45b0e69b139eedebb3044475a2d672
SHA1 d9eb81474d99412cf3de762ccf3e6158a23c6f51
SHA256 f29aabeb6055e41e103c2a0c39bda14c0d592076de5d0822788d06c8ad4916aa
SHA512 380b1f4e744a0c0479c5fdcdf98ef19bb97a57cc556e298a2b515de4a1e4685fa58842848cec7e15be85e395d154c447f0b4e4675977627c89e2651e9128b3df

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\combine

MD5 f478f18a74102e2b2a593264b5bca68c
SHA1 a668f161b19f1d62103f33618015e2824448efa8
SHA256 557133617b218042d65fe907f26426a3bcb16cceb280d47a59a7bd2a79e89594
SHA512 ca8b645c0b4e5e0a640968153343744cd11c07ce4b11879e143855a5b48d948d8fe3e47348099d5ba512ef883817a612c5f99d90027bc3a3786e359066322708

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\circle2

MD5 2aad2e06bb97b8f992cc189c9aadb327
SHA1 91900c0b26a4bcb0388b962f30fd43c5a9ba8633
SHA256 12ed6bbb46c59691e96f4d30b2854f3cf23f80ce6b62a544820ed96d96884711
SHA512 b9260a379db29205f4bd7c051b130fea6ea001e03d2cc53a073c40029bf0bdc0ce00478f092f97271232c1546037f8726495af202c5bd8abd421452f600b96eb

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\circle

MD5 229d7f14c7d16ba67cdb8c2fb8604485
SHA1 ed2ac6c11c2eca1a1519fb79cdec24aee6a698f6
SHA256 97441322692b3625c444ca5e563c9937dae9bb8f277f10bcac1e896f1fef88af
SHA512 916c635373deccf08ef13e94d13c3e58298f878a5eb00dc63ad657e7b0cf3298ebf16438cf59c84b0525e5ebe15d580122a9358607a360294dc1bf76b4e5fea9

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\cascade.2

MD5 8142bd91be08da3714b93bb2b37fae4b
SHA1 9c23b285577eff559a57c48ef6375afc14013564
SHA256 ca4e0f03d63de19183ba794d8d35ecb65696405e7124ecefd5644dd4dbdc7c2e
SHA512 cb9c2df6dfab3af75cec57aefe392a1345d2a0f3b34deb8310c8679defccd88d1d22ae79d3bea4dab2615ceae2dc96a334e57d025692959044ccea8a1151b019

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\cascade

MD5 53e20f4ab9828908753dba465a72bd79
SHA1 52c91fd0296ae1d39c9325f02f475929c03ac6d8
SHA256 b5c0f94d0bf36b60d9fba313150abfa4487bc43ca134f64ace89c807dbe9bd82
SHA512 73e7c03168cc972baf50f6807ae01790de67752fb49fa1febce2a0c4cf59ac7b10b7fe27c11706b976078c45e0b5d11c00cbb1fdc2feef2661c70ac706d4ce2a

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\buryname

MD5 7f7a05a5f61e493345ab342840c9879d
SHA1 64ecf20add6004f311ed70b92418787185c33bf4
SHA256 e5b76fd54000feefb7be1ff3fdbe2c6f3490a6775f62b55760c7a2879db42b2b
SHA512 caddd9c9796cdf31e5301b38c82d5187cf01120a61e987e49137bea4ce131a817a505ca482c978e0dada9cb7c4414a14a6b315a887639a03301c446111617743

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\arraytolist

MD5 2018a8ad952f7d4b6ba64620923d72ac
SHA1 b7379963becaf5f6d569ef6e412c811d7285f552
SHA256 8690cfb18cc9d9fd3836d98c07f75edc896a717f43a45562141d0a731b8842a6
SHA512 67d48672047e4f97c2887c6004e71bc484158ff131517a4b84e2c5f90ab86670276e68f5373c785996edc1bda715ed9a60fa3d3f700d18e09dd114b4602d842c

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\arc2

MD5 39cfcdabb0e6b9f7f371eba4b5405889
SHA1 3fd820d9aad6067438e8d85341b867a3cbcc75d8
SHA256 51a3ce10433666626dd5627bf50ff39086f811da2d864ef5eef6ed524c3b6b44
SHA512 4c1d857d62801173f12e3d8771e0a761e94115819554f4d810a21caa27a0d0519c61de3ed099054de544a2a170b40239798bde9d8ed9962258562dadce2f3a4f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\arc

MD5 873b49db14f0f80e4ba9b5917f5a3653
SHA1 d1ba078edfed621ed837b7e4916417f9d30fb4ca
SHA256 1a77248f9397e3b45526cc47379d10a564447920a755fc1394bf64966969c31b
SHA512 20a6fada56bb3db5a1754bd5c00d2a8f4a3e11aea65db79146a1296c735af9ef79a7ffd088601387e0bbe3997eb79b45df70b19b993eb508460ff3efddcfd3bc

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\+rest

MD5 0b2941110ae4ca1fe0b526f29e939c56
SHA1 1abe6e5b101ed5416c4a0e0c3deb6fc116e63fd7
SHA256 535bb2947036fd7f97586b91cbe21365758a4f9aface538b19217ed19ad0b144
SHA512 17a7fcd9ce467c45ec64f27a0be4fc18f98bf6132ff25d3f689180931e447a3d380a0c8acedcd1332042839cd906f851ba052cdb3bb366d821f1e0032a83d1d5

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\#

MD5 f0a82f611f562197355d1d8b19de1fcb
SHA1 6cc0f96476fa9cf1f92e8d6dbdc3932d2c65c3f3
SHA256 ec9546682cb6e9f0cd51acf4e40a21d7e37cc5bf511718bf77857d82839eda5c
SHA512 fd4a2e5319ff95712bb663095d3989a21d2291aab1a80fe6edebe3178e6ad919fe3b42005a476f50d823c2224ecfbf5e3a569d360d5f9328cca5d61a999a0ef4

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\pthreadGC2.dll

MD5 928c9eea653311af8efc155da5a1d6a5
SHA1 27300fcd5c22245573f5595ecbd64fce89c53750
SHA256 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387
SHA512 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\mingwm10.dll

MD5 a5a239c980d6791086b7fe0e2ca38974
SHA1 dbd8e70db07ac78e007b13cc8ae80c9a3885a592
SHA256 fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7
SHA512 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7

C:\Config.Msi\f766730.rbs

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgmodule-2.0-0.dll

MD5 4d233a220f91de3b1510d017b5481942
SHA1 c59f449b0d09127d18268e7b07da3f7d749b2720
SHA256 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0
SHA512 a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923

memory/2116-598-0x0000000000400000-0x0000000000BBD000-memory.dmp

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libogg-0.dll

MD5 84e8e72572d53558d52403011fa0d388
SHA1 865160da7dbfaaea224541eb44e9430e1a7b7b20
SHA256 ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f
SHA512 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libbson-1.0.dll

MD5 e9644e54c403dd5c0ef89c85ada3e295
SHA1 a42708b2837dba534e4cb866266e4959b28da452
SHA256 72ecd276b372487af75c67877eccc0ed4d15f2c07ffa7f631d8056038d0e8122
SHA512 22411a9e8a9f7082b4cf90c3c906e414b62b4bd2b9b10ea1694ec5651e3dec8d2e4716354f5b09d6396f4c094555f5f08b26534647a98dfa7b3039d6c1e219f7

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libmongoc-1.0.dll

MD5 a80d629d6329dc31d5cb1157d853afab
SHA1 a2fa781452106cdf17a83e3e59c6fe50d557e62c
SHA256 500ee04865dbb7beb9474e0c2aebd6713df4407c849ec134457c7d0ca289faf0
SHA512 4e0253615d4c3c418b93547370f416edf5326bf66e3a5872c687b129e65e5967dc3d4ae97cf524ca5e77327b0ce07d93ba63470d541614a6685ebd26e0c7427b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\ui

MD5 95518f5e98099572bede73302c79c7bd
SHA1 6168202123dca8fbc4a8e688561b5b18d51a462e
SHA256 115a380ecb81d1ddaa1c913c8ac6a1142400d22526ce979ed1a3d0a75ebf2e7a
SHA512 a0899e422b550498676b94aa9c9f59dfd5e0f6813e041f3e297698d5daa3501b186fc4a10e292f4ba445f7573d569f99a3916f4ee1f619df41492d4c2efee5e1

memory/2116-603-0x0000000000400000-0x0000000000BBD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-24 07:12

Reported

2023-12-24 07:15

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe"

Signatures

Arkei

stealer arkei

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55D5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55B4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{0B8F7D7F-D836-4583-BED9-135BBAC3E5AF} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5525.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5838.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e575498.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5574.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55A4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5604.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e575498.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe

"C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E989259D184D962F947498F7C9EA21CE C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\malware_sample_1.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1703161363 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8ECB46CA9E4D01F5F0381FF64F157E14

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe

"C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11\evreporter.exe"

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\adv.msi

MD5 919a835b8e81091002c2ad83bf92c1b8
SHA1 296ea4111479c6eafa6d37d61c113269c210ab78
SHA256 0722015f9db6e41d8aba1cec9c6d24b10ac82e2d89af63e31fddcb180ef09282
SHA512 966eca3372ef5dab6d6b735bbbe834ae269d6fbab47d4ded49ab39fe083a95768439ed4fe2717696c2ae4f6daefcfcd936125c3ee730a0e9870242dba021830f

C:\Users\Admin\AppData\Local\Temp\MSI52B5.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Users\Admin\AppData\Local\Temp\MSI5333.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Windows\Installer\MSI55D5.tmp

MD5 263d7beefffabacd8c7a6d2224a87f5e
SHA1 5b8a53f17f6929a52b768a11403a0f064b92d649
SHA256 3749ce06bc4852962e8b0b0f28ea30977dbe775a1d58a1d4e90932f03046413c
SHA512 c9b87ea698f2f687e9005dbe17341d587810f1638d074a4ad374006304901ce0351f5f93c39f5ff8bcc7313ce7776311a37dad56cd5eaa365c2f5285da2e5ab1

C:\Windows\Installer\MSI55B4.tmp

MD5 a3eadb438b72106fe97f4b72753b1ac6
SHA1 2fefa325b48349a412cb2d275982500d856b7cc5
SHA256 da68bb21a401dbe9f3106aa9c754bd3ecdade20dc69eaba709c03bc212c39747
SHA512 cb35f9479c4f23c45a04ad7f8afc304d7ff5a268b1ab2cb948919ca2cc992a10ff7db79de5cea2ea6f6f84b7e55d057179a970500bcbec4c1d2a2ca039b5ba1f

C:\Windows\Installer\MSI55B4.tmp

MD5 04675bb433183ccdb69e7b60563614c6
SHA1 7d51ee798ee38eff4e3fd71b11766e7ccea3115b
SHA256 32876dd32139a120080dc6cab6eadcbe46550fc991b903066f43bf48ebd90abb
SHA512 7ec2b1932ea4f9b8d6aa9905a95a23b9d1afcc9a391d87e9fa172c3038b9b732dd1362e06e85ce44d48ceb1b10479800bb2a48ed412f9d7a3c3ad4922884b930

C:\Windows\Installer\MSI55D5.tmp

MD5 191d98c5fad83340c08dbe4ab151630f
SHA1 f509acae8384416fa765f98db842b6f8b0262236
SHA256 a51ed02f8eaf6aa8056ea74396a9f29674c7b7a7fa081a9d94381f228658d4be
SHA512 9c30ee34b6972254147eb0202d11caf8eadccb0a00967d9f0d830d6656dd48249e00b560d900b14c6c00f3329d5d817f7068404d7e012c4c034533251e44966e

C:\Windows\Installer\MSI5604.tmp

MD5 736b029f165cdcd5ca804ded5a9eff49
SHA1 6ee95cc33fa3b613e8075f482255e516a79028db
SHA256 b7136f27a6268d903028df8fa63e4326c87a5bfb0665e0e97cecdc14ebbebf84
SHA512 9e8d77ef26a88ef8fb732c661b6beb9937960c04a2291b9376a199f147a2e861d18b3684da04a588f3c872ebf94f84049c8d3072aeeaf1d2869ff05b5a8a15c5

C:\Windows\Installer\MSI5604.tmp

MD5 2712ab55daf87b33d09d47fbb68a7e3a
SHA1 47a744d14093107d039b07f1c44ce9590c35cb80
SHA256 2268631ab6f0e83fda8db0c1de8f9b7a0db1d415d99f48313cd7d8900f244249
SHA512 4e378096a670d4d8a7b586dcc26c0e12c00c59afdec3af60236649e6b342a9ea429c1b64b0e446107baafda9562533ee751572fc86600ca25fab8bdebc490642

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\swresample-1.dll

MD5 d96127b89f47c6d41fb57386d6ab6fff
SHA1 3a15bfc7cb310503894c289c071ad811370df6fa
SHA256 270aab378b407fd6d0ba4dcd34e07c0c721f5fdae1039c1e4b17b0efecf31d5a
SHA512 3aa3c49c4ac9dfadff9e8e2d2a75841e3e93abea59d5b139a777307dbfbdf3dc71d3dacf9d656884c3532745c85287b7af651da87faacb9c68afddf7d085a3a4

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgmodule-2.0-0.dll

MD5 4d233a220f91de3b1510d017b5481942
SHA1 c59f449b0d09127d18268e7b07da3f7d749b2720
SHA256 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0
SHA512 a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\imageformats\qjpeg4.dll

MD5 a2fdf1cee5af65b10db38a4d3a40ec1c
SHA1 00e00b40a90e433e39c0d346872cfe4732250683
SHA256 985b6739fd95fa8b80b57742f0cf38a058f6113805f69446c93202e038ed6d5a
SHA512 d8d15e3da72de966af98c52957165bc0be3dc8720120d3c895fd0af1e683dd658cdb20d57f1920f7dfaaf386fbeff0018d8d26e1b5502a3ca57018d25729b93b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\License.txt

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Misc\CARMASK.BMP

MD5 afe2ac27f1ae91549f64971d1ba81e1c
SHA1 a717af1a26506bf440d8ade244e12b9283b2b7bc
SHA256 c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d
SHA512 15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\transfer

MD5 57bc71c46cff07809c466e2711fb64c8
SHA1 2fdc44a75531c8149d85278417f50c665f58ad03
SHA256 ddbe889c17584bab5e3d0392ccf1384283610856eae2ac2ecd0bc385c884ba89
SHA512 b562a3728c300b93ddbf3e7e6715c7177d395895972056e176b617db6819259b160c90fb7aa91b1170c96c5feb7a84a46a8e061b9f54d4bd5f44489112588aee

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Misc\CLOCK.LGO

MD5 c4acddb7dacd73b0a509fc54e9c607bb
SHA1 9f1e79be02b00a5eea5d615094eda6ffc4a45af0
SHA256 070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d
SHA512 e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\ellipsa2

MD5 34f47a7fd56f940516946907315f5808
SHA1 788c42a57d6fcb6c5c06e73be2d6fa7578c4dfa9
SHA256 360044f6c90285f09cd41eed5e430cfd323a75e951534cab945dac23b9766f97
SHA512 269bd327742bce9b33658075fe0babba6e7cc89992c064bec2e337a21aa5576584490254ac2b60662bf32a59f904d2fa115d6ea108e065a4195671f8dca9371e

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\erps

MD5 3a9773d3c628a26efb158de5db1ef67e
SHA1 61e7b83995bf00c0cb8a506f31be47f31b257ef7
SHA256 f19570aa8b73e09307ca290ae4c13d644ce3d2a64c72681b673901e189bd619f
SHA512 f2bd8130f987da979fafaa956cd4b42e62312014df8f363f7f1c229143f5e357b48e0798a8b592b506359f1c723ab37aa272a40debbe882c7741d96c5c12a6e1

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\edns

MD5 baa0e1d281a4bc9068f2b92d1f8e3254
SHA1 f8bc04613aa490fbee43b65ed140495e959802eb
SHA256 fb707cd2fd5a65ad9422711c3d4fceeefb309ab93b01a7a7c6b3969dab4bda73
SHA512 4ebc00dddfaf729b8a1093d5becacd6d7cc29e15a200f1d9cc922e9a5257ccbc0171451dee5911ad215b8bed4587c5ca2abac838e7c803832701a351488a163e

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\map.se

MD5 c14d3b4c2fb96b46dde38389d024b18e
SHA1 b6882e1e231ddb323b16e694347bdfe1dae0ca74
SHA256 dd160fd1183b7258eacd2b72262820da96fb14661391c1c580a890438619b2f4
SHA512 aca6c3869dc04423f0d6113cf327274b21c7e7e03d15d0eff8e33ec1fc913891d4281e259b1cbf4350c3960ccb3371ff86f85d64d8970a29783491eb20a59ceb

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\cascade.2

MD5 8142bd91be08da3714b93bb2b37fae4b
SHA1 9c23b285577eff559a57c48ef6375afc14013564
SHA256 ca4e0f03d63de19183ba794d8d35ecb65696405e7124ecefd5644dd4dbdc7c2e
SHA512 cb9c2df6dfab3af75cec57aefe392a1345d2a0f3b34deb8310c8679defccd88d1d22ae79d3bea4dab2615ceae2dc96a334e57d025692959044ccea8a1151b019

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\imageformats\qgif4.dll

MD5 b690fdd8fcd1c2700f35388e9b1e5974
SHA1 51669dd917b3f81b7d4526af36938dcf8c0aa7d9
SHA256 3d5a5623cdea823a14102a43cac78902a73840434ba0fe9447aa8f37f887af4a
SHA512 d8f63a1893211d958a47eddc9cfc5de7f8fdf7f530662722d2176c8caf4b8d0791f43bb59048fb075c7f820fb86bd8c79fe96696392a7e336860638a3cee6b9e

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Filters\License.rtf

MD5 8b1e3300d8671530e75c4ea201945457
SHA1 a7933ae925175f0cf6876506f56583cbbc18e966
SHA256 ab5e632345d9ced4f8bcb210bf6e0922a18479e0620943acd613d7b5c68f473d
SHA512 a58a7a2c473cf5e9d81664c30904c18a593c57a873ee9dfa20610594885be54fb92dec628dd3dc3d73c7d7f266b20c771447d9b1cd7d3fba7b66526ae6157184

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Filters\LC.dll

MD5 6316c4082cacf8f3f4f22daef56cb15c
SHA1 cea3de90b20396b092797ec8c7e241e822c8faed
SHA256 5594b08c79a4d188a674713011cd516618fa36d2f988f7d353fb3370939a4062
SHA512 e1e0a6440f91b208b61775e30d8fc1be299a298e00ed564ca7c74fa8728738af66e6c3c0805553abbc4a8d2838cd21bfde61ac2322fff4e62ac4d6796a0821bc

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Docs\Quick Start.pdf

MD5 1bddb792fec19750ccbbb8352b2b8ffe
SHA1 dd300cb011e0d9abd57f41503e31367167fddd68
SHA256 58045223424d936adcefc09c06f635c30a1aaba0335fc5d5954b43833b53fd72
SHA512 1438030735aa9549e13b2e275210a9c6bb825329acd568d8c38f8debe04474ce01be5e44ef6b76913d47b59d33c58954615754cffbce67de04f9ccbaa8341631

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\dat\enc.ico

MD5 e149094555dd89fe88d8836a51090de6
SHA1 eece6539c9fad65b0dac035aef6b9920866941b0
SHA256 7d6206d8f7da57bc2e4a69804cc5796a146af98c920bb6801bbebe4335b09e32
SHA512 58524dab052147ca5162f0992ed030fec1203726db1634fafb0b92802787374efcd0f5e4d2f20dd7a58c38f49d01a98e9c00fda03e6370ba73f83a922bb54f14

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Windows\CALC.LGO

MD5 038f7f7c01d85f43fb2db6e7fdd2f0aa
SHA1 96c34836eb5885f55808c52d4faf5c255d7d97a7
SHA256 4d5927b1336479d0c0fb6974e74574fc55fab91292d19ffe1ecc4fac490daf6d
SHA512 9b92d33e545f7a8d3e89b82483c8dd10c833e62bfd4c0986ce1542dd6376a3a1fa258863631d2921b80cbb955a596ced85c20fc838449961937a6638c9cffcac

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\UCBLogo\ALGS.LGO

MD5 6adc19d9f3ffdefd4853fcc2cb7a7b7d
SHA1 0f245efb8ba7286b63caccd559b602beda8957ae
SHA256 4299e80f6ad590041c422c0927200b3effd2bb0a1bd186b25c5277e93c5d1ca6
SHA512 fa941a5a93f34dacd4f624918041ccd9ee43f94ef51f4dc9d25b4165af33594e1fcd6dcd85426c207a8c97bf9916c5ff9976bf1f0988790c268cdb5ec221c7e4

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Pascal\CARDS.PAS

MD5 b5e99669b838116e212ff4cdc97550ad
SHA1 2642129e6ca9263e465908ad3f2164442a5ec3b4
SHA256 9df2836c574e5597fde9decf6e626f3dfab36cb8e286a67ccc269a085f2263df
SHA512 465f0a13ec509c018894e2b0ce02bfe04c7458d4a4b398da8899a96fd02a61a5703764eafa4148d06b99263bdc8fa190d5fbf30b333be2954d5ac821f26ad281

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Network\NETLOCAL.LGO

MD5 886a6ec4c437b9d71c061c0b95f4fd40
SHA1 9e601bb54017a9a24df60b6c5709b86321fbdd60
SHA256 04ebc67ede85c171148c4a41c19ddfaf64a8342c6d10aaf97a3b7dc8da08ae76
SHA512 b2ee5ac1a59e3003469435b1138e7d2b64f0cee50eb7c7f1e47daec9d6d222b5c38f8ee0e482865d2845ef3bddeb0b0c525121f5a7bd1386360363529190f023

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Multimed\CDROM.LGO

MD5 b7e032a03eca04ab9a57cd9378c2daea
SHA1 9819866aa84e9f69ac1cf244306e4055c20376c2
SHA256 4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082
SHA512 1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\Misc\CAR.BMP

MD5 5fc366b3371bde5c769a8c5b9d0ff966
SHA1 124f3a48111e1adba8cbee101655d6bf438c9129
SHA256 4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46
SHA512 e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\index.html

MD5 6e86736d64a4522b490c716cde97a8bc
SHA1 e48de1ddecfc842bbb8924c1023029ec21f838f6
SHA256 26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e
SHA512 67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

C:\Config.Msi\e57549b.rbs

MD5 92d07c5f7c7dac4d29e3c86c2cb77b1e
SHA1 b03550337bfa0d753f0363dd76587058fe627069
SHA256 8b60ae252fa4b1c0f9f90cb5e5ff0599be0d0a218f0e65e6ed2c8d701414927f
SHA512 2108a33eb8778ad15edda4bcbc34df434f572e9255fbb76602fe0cfb100760054024a6ce609f10b9fb256ce4da1126b452a1f360bb8cb23b6073f992a308644f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Examples\3d\3DBITMAP.LGO

MD5 c7eb72cbf51334c39e297403a6e00e5c
SHA1 eb8e6b0b81888da182730c055ad228907c0e49b1
SHA256 f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f
SHA512 f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

memory/2476-539-0x0000000000400000-0x0000000000BBD000-memory.dmp

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logolib\#

MD5 f0a82f611f562197355d1d8b19de1fcb
SHA1 6cc0f96476fa9cf1f92e8d6dbdc3932d2c65c3f3
SHA256 ec9546682cb6e9f0cd51acf4e40a21d7e37cc5bf511718bf77857d82839eda5c
SHA512 fd4a2e5319ff95712bb663095d3989a21d2291aab1a80fe6edebe3178e6ad919fe3b42005a476f50d823c2224ecfbf5e3a569d360d5f9328cca5d61a999a0ef4

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\icuin30.dll

MD5 af93ff82bdf4a4fb44dcbe701c0b5f13
SHA1 2dffdf9a0fdd15ee183afdaa2d7e685ff8aac7af
SHA256 61264a3d55e6c03e672b7ca4af2ec7505e43ebdf91bbc16f9c09cbfcd742bc5f
SHA512 429d5ef03c46b698b593a209d78cbee4fb149cd17db987585ac0e064b00b38c1c5e7154e600fc252637c003d5cef82f33c945511ec052ccc37351339e07dd9c5

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\FileHelpers.DLL

MD5 d817a6ec84cc47899f249b2c03b5f985
SHA1 5ebf96041a694c85bad7f71f0679f64700ee272e
SHA256 0a5dc4026bceeb4afdddd73e3e16cc7224b2640e86a379d9afe6e5a81ce1ecdc
SHA512 96d161c7844304d4466384f5a25e27e54f0a79fefc51e0656746837d31772eb84ab203e13686391b5fa0126f0f3c705876c1c1ae8eef4e4f0ec67c8c379918a2

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\pthreadGC2.dll

MD5 928c9eea653311af8efc155da5a1d6a5
SHA1 27300fcd5c22245573f5595ecbd64fce89c53750
SHA256 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387
SHA512 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\mingwm10.dll

MD5 a5a239c980d6791086b7fe0e2ca38974
SHA1 dbd8e70db07ac78e007b13cc8ae80c9a3885a592
SHA256 fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7
SHA512 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgthread-2.0-0.dll

MD5 cf2571c125fa1d2ec55b9977054f380a
SHA1 91014dd50f0eeb0d3d1faed77541c76a05b712b8
SHA256 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3
SHA512 a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libogg-0.dll

MD5 84e8e72572d53558d52403011fa0d388
SHA1 865160da7dbfaaea224541eb44e9430e1a7b7b20
SHA256 ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f
SHA512 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libbson-1.0.dll

MD5 e9644e54c403dd5c0ef89c85ada3e295
SHA1 a42708b2837dba534e4cb866266e4959b28da452
SHA256 72ecd276b372487af75c67877eccc0ed4d15f2c07ffa7f631d8056038d0e8122
SHA512 22411a9e8a9f7082b4cf90c3c906e414b62b4bd2b9b10ea1694ec5651e3dec8d2e4716354f5b09d6396f4c094555f5f08b26534647a98dfa7b3039d6c1e219f7

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libmongoc-1.0.dll

MD5 a80d629d6329dc31d5cb1157d853afab
SHA1 a2fa781452106cdf17a83e3e59c6fe50d557e62c
SHA256 500ee04865dbb7beb9474e0c2aebd6713df4407c849ec134457c7d0ca289faf0
SHA512 4e0253615d4c3c418b93547370f416edf5326bf66e3a5872c687b129e65e5967dc3d4ae97cf524ca5e77327b0ce07d93ba63470d541614a6685ebd26e0c7427b

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Microsoft.ReportViewer.ProcessingObjectModel.dll

MD5 253bc53169ad46b1eafb92982ba7268e
SHA1 3f2f8c6324480b1f39c7bc06b8503feedfe5def4
SHA256 ca513f09b64f8e3dc8ee09663854adf7e4e84544133d07a3a2ef55701abfad4c
SHA512 ab6847f2b7e07e85d555b313d63f74d4e74e50ea09ef32fe427822a25eca12264a49347428d32f42ed65c669c28dac426310bbd401a21c03177bd9729cfb5e08

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\ui

MD5 95518f5e98099572bede73302c79c7bd
SHA1 6168202123dca8fbc4a8e688561b5b18d51a462e
SHA256 115a380ecb81d1ddaa1c913c8ac6a1142400d22526ce979ed1a3d0a75ebf2e7a
SHA512 a0899e422b550498676b94aa9c9f59dfd5e0f6813e041f3e297698d5daa3501b186fc4a10e292f4ba445f7573d569f99a3916f4ee1f619df41492d4c2efee5e1

C:\Users\Admin\AppData\Roaming\AdoptOpenJDK\OpenJDK Security 11 0.0.1.7\install\AC3E5AF\evreporter.exe

MD5 d78abbd783aebfc1e6c7f6aa14440c4c
SHA1 46701586e19c0bf586d135cfff314144c77e5d6f
SHA256 c3748fee70322362eec5c1cf5200bafbbabb1d6e56d1e624d8602f31dc83ff0d
SHA512 f8b4356cdb4ed4015a7a5d2016bf117ea7d5f6debcf0c4c5d8ef9bd19c6a3b093631cd6eb68a18a66d00ac198e09965664b894c02665f43c520ed008dce791e0

memory/2476-542-0x0000000000400000-0x0000000000BBD000-memory.dmp