110fc287b499bea670dc2060d8a828727f350e9be446879ecfc7f71732ee15ed

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe55aa33d7e0b4ef1cb72e61a0a7e581_JaffaCakes118.msi
Size

3.9MB
MD5

fe55aa33d7e0b4ef1cb72e61a0a7e581
SHA1

7b2f0e87f283d1ec4a756b380666a21e303579b0
SHA256

110fc287b499bea670dc2060d8a828727f350e9be446879ecfc7f71732ee15ed
SHA512

6b60973f47eddd07a556de3b573902c077830ebbda6e7c4f83f6baa66a0414a6998f3a570b7e559ed9cfd399e9febd7c93cf4454b7cfd59ab4863849f4c5123b
SSDEEP

98304:l5nFFK+GEWJRgsnAWE05y4faRXsYA+tiQDnIjlBzpA7iQTWKKhgblOv:LFFKZEWJtni7XpA+MSIjl5pQnTWtrv

Score

6^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exemsiexec.exe

flow pid process

3 1136 msiexec.exe
5 1136 msiexec.exe
6 2472 msiexec.exe

flow	pid	process
3	1136	msiexec.exe
5	1136	msiexec.exe
6	2472	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 27 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\Register.exe	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-file-l2-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-processthreads-l1-1-1.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-convert-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-stdio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-string-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-math-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-private-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-process-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-time-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\patch_service.exe	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\setup.bat	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-synch-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-timezone-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-file-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\SyncMonitor.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-conio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\vcruntime140.dll	msiexec.exe
File created	C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\vcruntime140_1.dll	msiexec.exe

Drops file in Windows directory 12 IoCs

Processes:

msiexec.exeMsiExec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\{5E1365FD-D1C2-4924-8047-C3F942C8D3CE}\Logo.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c707.msi	msiexec.exe
File created	C:\Windows\Installer\f76c708.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICDD6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICE64.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID27B.tmp	msiexec.exe
File created	C:\Windows\Installer\f76c70a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c708.ipi	msiexec.exe
File created	C:\Windows\Installer\f76c707.msi	msiexec.exe
File created	C:\Windows\Installer\wix{5E1365FD-D1C2-4924-8047-C3F942C8D3CE}.SchedServiceConfig.rmi	MsiExec.exe
File created	C:\Windows\Installer\{5E1365FD-D1C2-4924-8047-C3F942C8D3CE}\Logo.ico	msiexec.exe

Executes dropped EXE 1 IoCs

Processes:

Register.exe

pid process

2672 Register.exe

pid	process
2672	Register.exe

Loads dropped DLL 20 IoCs

Processes:

MsiExec.exeMsiExec.exeRegister.exe

pid	process
2216	MsiExec.exe
1616	MsiExec.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe
2672	Register.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 23 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\ProductIcon = "C:\\Windows\\Installer\\{5E1365FD-D1C2-4924-8047-C3F942C8D3CE}\\Logo.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\Version = "134349182"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\PackageName = "fe55aa33d7e0b4ef1cb72e61a0a7e581_JaffaCakes118.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DF5631E52C1D429408743C9F248C3DEC	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\PackageCode = "9D60AB34E1F9AF540951EAB0CA4EB4A5"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DF5631E52C1D429408743C9F248C3DEC\ProductFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\ProductName = "Java SE"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF5631E52C1D429408743C9F248C3DEC\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FBCC74C87B72DBB4D9341F2781E101FD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FBCC74C87B72DBB4D9341F2781E101FD\DF5631E52C1D429408743C9F248C3DEC	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

2472 msiexec.exe
2472 msiexec.exe

pid	process
2472	msiexec.exe
2472	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exeMsiExec.exe

description	pid	process
Token: SeShutdownPrivilege	1136	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1136	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeSecurityPrivilege	2472	msiexec.exe
Token: SeCreateTokenPrivilege	1136	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1136	msiexec.exe
Token: SeLockMemoryPrivilege	1136	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1136	msiexec.exe
Token: SeMachineAccountPrivilege	1136	msiexec.exe
Token: SeTcbPrivilege	1136	msiexec.exe
Token: SeSecurityPrivilege	1136	msiexec.exe
Token: SeTakeOwnershipPrivilege	1136	msiexec.exe
Token: SeLoadDriverPrivilege	1136	msiexec.exe
Token: SeSystemProfilePrivilege	1136	msiexec.exe
Token: SeSystemtimePrivilege	1136	msiexec.exe
Token: SeProfSingleProcessPrivilege	1136	msiexec.exe
Token: SeIncBasePriorityPrivilege	1136	msiexec.exe
Token: SeCreatePagefilePrivilege	1136	msiexec.exe
Token: SeCreatePermanentPrivilege	1136	msiexec.exe
Token: SeBackupPrivilege	1136	msiexec.exe
Token: SeRestorePrivilege	1136	msiexec.exe
Token: SeShutdownPrivilege	1136	msiexec.exe
Token: SeDebugPrivilege	1136	msiexec.exe
Token: SeAuditPrivilege	1136	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1136	msiexec.exe
Token: SeChangeNotifyPrivilege	1136	msiexec.exe
Token: SeRemoteShutdownPrivilege	1136	msiexec.exe
Token: SeUndockPrivilege	1136	msiexec.exe
Token: SeSyncAgentPrivilege	1136	msiexec.exe
Token: SeEnableDelegationPrivilege	1136	msiexec.exe
Token: SeManageVolumePrivilege	1136	msiexec.exe
Token: SeImpersonatePrivilege	1136	msiexec.exe
Token: SeCreateGlobalPrivilege	1136	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeShutdownPrivilege	1616	MsiExec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe
Token: SeTakeOwnershipPrivilege	2472	msiexec.exe
Token: SeRestorePrivilege	2472	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

1136 msiexec.exe
1136 msiexec.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Register.exe

pid process

2672 Register.exe
2672 Register.exe

pid	process
1136	msiexec.exe
1136	msiexec.exe

pid	process
2672	Register.exe
2672	Register.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2216	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 1616	2472	msiexec.exe	MsiExec.exe
PID 2472 wrote to memory of 2672	2472	msiexec.exe	Register.exe
PID 2472 wrote to memory of 2672	2472	msiexec.exe	Register.exe
PID 2472 wrote to memory of 2672	2472	msiexec.exe	Register.exe
PID 2472 wrote to memory of 2672	2472	msiexec.exe	Register.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\fe55aa33d7e0b4ef1cb72e61a0a7e581_JaffaCakes118.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1136

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2472

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1CDF8184248CB2E9001799D0D0719F63
2⤵
- Loads dropped DLL
PID:2216

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7DFC0315C2B2425E4730A7470E203C96 M Global\MSI0000
2⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1616

C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\Register.exe
"C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\Register.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76c709.rbs
Filesize
223KB

MD5
7f0e073fc3394feed86c581cebd2d413

SHA1
b857af8404242da80b3349fbf92b3aa992b3b0af

SHA256
1ff87721197b34da52e51d6bd9923d7ae6d59dd5ca885c2a4d85a36397e15712

SHA512
66d13379ca951ee96b658a0045cd3a4efa16b86e0e228807eaec19457a7984f62a0d06fc40466e9de1c40903487a996fcd8d8a7ab8ec43c283d3f54417e8f681

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\Register.exe
Filesize
4.3MB

MD5
96b62cfb83cf0e9790a3ef939173ee31

SHA1
23ecaefa21524e9446ea16e1f532f8bf9c5a56f1

SHA256
6fe23163ea43ab8d9e84fed45b8590fe643d599c7f218ea05d505e3aeea86f23

SHA512
d018997c50702fe035bd3974180f274ffa34605bd19a3ce8fbabf96633794afe8f1ee4a2ee731a9ff3c73163e45ad26f8d7bac30b9ae55d1d47c8a333b657b6b

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-file-l1-2-0.dll
Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-file-l2-1-0.dll
Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
6e704280d632c2f8f2cadefcae25ad85

SHA1
699c5a1c553d64d7ff3cf4fe57da72bb151caede

SHA256
758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893

SHA512
ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-convert-l1-1-0.dll
Filesize
21KB

MD5
9ddea3cc96e0fdd3443cc60d649931b3

SHA1
af3cb7036318a8427f20b8561079e279119dca0e

SHA256
b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5

SHA512
1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-environment-l1-1-0.dll
Filesize
18KB

MD5
39325e5f023eb564c87d30f7e06dff23

SHA1
03dd79a7fbe3de1a29359b94ba2d554776bdd3fe

SHA256
56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a

SHA512
087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
19KB

MD5
228c6bbe1bce84315e4927392a3baee5

SHA1
ba274aa567ad1ec663a2f9284af2e3cb232698fb

SHA256
ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065

SHA512
37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-heap-l1-1-0.dll
Filesize
18KB

MD5
1776a2b85378b27825cf5e5a3a132d9a

SHA1
626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df

SHA256
675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee

SHA512
541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-locale-l1-1-0.dll
Filesize
18KB

MD5
034379bcea45eb99db8cdfeacbc5e281

SHA1
bbf93d82e7e306e827efeb9612e8eab2b760e2b7

SHA256
8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65

SHA512
7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-math-l1-1-0.dll
Filesize
28KB

MD5
8da414c3524a869e5679c0678d1640c1

SHA1
60cf28792c68e9894878c31b323e68feb4676865

SHA256
39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672

SHA512
6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
fb0ca6cbfff46be87ad729a1c4fde138

SHA1
2c302d1c535d5c40f31c3a75393118b40e1b2af9

SHA256
1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df

SHA512
99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
23KB

MD5
d5166ab3034f0e1aa679bfa1907e5844

SHA1
851dd640cb34177c43b5f47b218a686c09fa6b4c

SHA256
7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5

SHA512
8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

Download Submit
C:\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-utility-l1-1-0.dll
Filesize
18KB

MD5
70e9104e743069b573ca12a3cd87ec33

SHA1
4290755b6a49212b2e969200e7a088d1713b84a2

SHA256
7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

SHA512
e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
Filesize
192B

MD5
ef4efa4ccde44d0c1e4e62fa35a7b1da

SHA1
fd491053c41d75d540eef044bda3727e458712bd

SHA256
3f146e97d98446e8e651e4724989eb9854f5c873631de43919b55d886c9eec87

SHA512
f5c4f7d87c1905532f7e62618106def151e66e8a4b2c004eb1efb07d6bfcfa8b4239fcdd6a56133a71e2246954c633028bf18cd2cdffdbfcb98585961ad7b7e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cdcc1b5b2f3afd6c96a6305a4281ff60

SHA1
936b1bf2d56d7512fb9394bc9e87a906409d8e04

SHA256
a7a13401cce2f32b4339fddd04fff68b3a6de9c920dea9845870743d2c3b932a

SHA512
225b5aa42b83be56bda2ff4e0f085e6b6a5aacd111cb33bf1dd149094195eab9c42399de0add30922c1a3f24144c0526b187dd94d069da4ca7f45016ef24ab1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab93D9.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar98FA.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2C0.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Windows\Installer\MSICE64.tmp
Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\f76c707.msi
Filesize
3.9MB

MD5
fe55aa33d7e0b4ef1cb72e61a0a7e581

SHA1
7b2f0e87f283d1ec4a756b380666a21e303579b0

SHA256
110fc287b499bea670dc2060d8a828727f350e9be446879ecfc7f71732ee15ed

SHA512
6b60973f47eddd07a556de3b573902c077830ebbda6e7c4f83f6baa66a0414a6998f3a570b7e559ed9cfd399e9febd7c93cf4454b7cfd59ab4863849f4c5123b

Download Submit
\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-string-l1-1-0.dll
Filesize
23KB

MD5
ad99c2362f64cde7756b16f9a016a60f

SHA1
07c9a78ee658bfa81db61dab039cffc9145cc6cb

SHA256
73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

SHA512
9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

Download Submit
\Program Files (x86)\Sun Technology Network\Oracle Java SE\api-ms-win-crt-time-l1-1-0.dll
Filesize
20KB

MD5
9b79fda359a269c63dcac69b2c81caa4

SHA1
a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb

SHA256
4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138

SHA512
e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

Download Submit
\Program Files (x86)\Sun Technology Network\Oracle Java SE\vcruntime140.dll
Filesize
83KB

MD5
e008fbfdea1bf873f3d94d74c1cf7935

SHA1
2a2af5e9084e7b55cdd5d01df342b02c1917573c

SHA256
678f9d715220512a823ca45d7e8545a1288728d8d47243e072e17049441cdd2b

SHA512
145acb67ab06dc90e5c7ed89623a339f595998af683bf47d665ffa23b05f9b87016b3ae5777c2c45f53b91a757e510b0f5aa5a9b908d79df3d566b2307d9d3d0

Download Submit