Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 08:22

General

  • Target

    6ddeeb36a6569a8a145e7a85a152a5d2_JaffaCakes118.exe

  • Size

    155KB

  • MD5

    6ddeeb36a6569a8a145e7a85a152a5d2

  • SHA1

    29f9bbf8b56429bbbb3ca3d34cbd0100ce2eff25

  • SHA256

    24c9154acd3eb56367df51d49ded984f64b312a048c6c72da24d28577e538116

  • SHA512

    56f20d9457d64e7242f6c26ae0fc880665804853f7ab246e7f2100cfdc9a9863679165e46c7ba184c0033f900fbe3657bf13819299245fd7964d53d720d3c114

  • SSDEEP

    3072:veAiXfLb9Dw86q4VRrV5tidHTY4dvoSGxsfcARUFxZJY11qQNIYK2QnmX0qoutCg:2AiH9xIRHtcokchFxLY11tHKDnooSCs5

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 23 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ddeeb36a6569a8a145e7a85a152a5d2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6ddeeb36a6569a8a145e7a85a152a5d2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:2688
      • C:\Users\Admin\AppData\Local\Temp\6ddeeb36a6569a8a145e7a85a152a5d2_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\6ddeeb36a6569a8a145e7a85a152a5d2_JaffaCakes118.exe" /asService
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2412
        • C:\Users\Admin\AppData\Local\Temp\javaSetup.exe
          "C:\Users\Admin\AppData\Local\Temp\javaSetup.exe" /s REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of WriteProcessMemory
          PID:2920
          • C:\Windows\SysWOW64\msiexec.exe
            "C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi" REBOOT=Suppress JAVAUPDATE=0 WEBSTARTICON=0 /qn METHOD=joff
            4⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1936
          • C:\Windows\SysWOW64\msiexec.exe
            "C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\AU\au.msi" ALLUSERS=1 /qn
            4⤵
              PID:908
            • C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
              "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.7.0_80-b15
              4⤵
              • Executes dropped EXE
              PID:1676
          • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
            "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\Zona.7z" "C:\PROGRA~2\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_core_1716539024671.log"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:1196
          • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
            "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" org.sevenzip.decoder.SevenZipFolderDecoder "C:\Users\Admin\AppData\Roaming\Zona\tmp\appdata.7z" "C:\Users\Admin\AppData\Roaming\Zona" "C:\Users\Admin\AppData\Local\Temp\zonaErr_plugin_1716539025903.log"
            3⤵
            • Executes dropped EXE
            PID:2828
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:1580
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:1508
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:2380
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:1464
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:2240
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\utils.jar" ru.megamakc.core.JavaArch
          2⤵
          • Executes dropped EXE
          PID:1600
        • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
          "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\PROGRA~2\Zona\Zona.jar" org.gudy.azureus2.core3.util.Constants
          2⤵
          • Executes dropped EXE
          PID:1972
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Adds Run key to start application
        • Blocklisted process makes network request
        • Enumerates connected drives
        • Drops file in Windows directory
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 86F105B132C90E1C99817D241B713F03
          2⤵
          • Loads dropped DLL
          PID:1056
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding C78EAAD07BDF3103125124915E96BC71 M Global\MSI0000
          2⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Installs/modifies Browser Helper Object
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2324
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\rt.pack" "C:\Program Files (x86)\Java\jre7\lib\rt.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1804
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\charsets.pack" "C:\Program Files (x86)\Java\jre7\lib\charsets.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2076
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\deploy.pack" "C:\Program Files (x86)\Java\jre7\lib\deploy.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            PID:1972
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\javaws.pack" "C:\Program Files (x86)\Java\jre7\lib\javaws.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2128
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\plugin.pack" "C:\Program Files (x86)\Java\jre7\lib\plugin.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2496
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jsse.pack" "C:\Program Files (x86)\Java\jre7\lib\jsse.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1512
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre7\lib\ext\localedata.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2516
          • C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
            "C:\Program Files (x86)\Java\jre7\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack" "C:\Program Files (x86)\Java\jre7\lib\jfxrt.jar"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2000
          • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
            "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -Xshare:dump
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1620
          • C:\Program Files (x86)\Java\jre7\bin\javaws.exe
            "C:\Program Files (x86)\Java\jre7\bin\javaws.exe" -fix -permissions -silent
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1480
            • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
              "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre7\lib\deploy.jar" com.sun.deploy.panel.JreLocator
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2940
            • C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
              "C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre7" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTdcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmU3XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlN1xiaW5camF2YXcuZXhl -ma LWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              PID:2792
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding ADC0D9E9D343545CDFD0B227B22763DE
          2⤵
          • Loads dropped DLL
          PID:2536

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\f76960c.rbs

        Filesize

        9KB

        MD5

        6f7290f82b6e118d07ecba84ae870671

        SHA1

        f8d7eeeb03205834f9a58addb90eec3a91410a7a

        SHA256

        f2560369f1ad5733a4a206c9258b44c7914256df6c317f40fa673c53d4371748

        SHA512

        73b588ee7d79b44e8d85f17ad2f505d08d99624874cc294721538ab2f0438eb9ce7c0975508be927c49b4a51922c80e4a012cc893300e8ad8d18b0c0de8f291b

      • C:\Config.Msi\f769612.rbs

        Filesize

        8KB

        MD5

        8f98a4732e74a82e75cf1711ee2994df

        SHA1

        94d69b9d241c8ce0bdc2af1a9bc12955f9505955

        SHA256

        9c19e580d3b472263b4484e26d09f966d2be2fb1b5a017b5d04591ab83a27a79

        SHA512

        cdd158b2bba7ef995b737dce7511456b784beb8330a7ce307a4f9f995db6a3f1e64c777c0b7e2089deda159dc5aba6c4adef3a5df7ce53a7883a2d2ff0f4a140

      • C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

        Filesize

        864KB

        MD5

        bc3a575dfb1a58d35e8617f2966bf1ea

        SHA1

        6353630f62e246d7f462134e8d10a7a42935e20f

        SHA256

        c029fd3c6ffd2158d0633fc122786838a6f5d3cc7ef78bbe934697015c8c63dd

        SHA512

        c976da30d343f8e104bec72300dc0c17e582e380f0a3ae85b242dbf2d5b40459feb4a3b7789fb8d755b21cbaa0940038d20dbbf1296a48e77b461092abbbe514

      • C:\Program Files (x86)\Java\jre7\bin\javaw.exe

        Filesize

        171KB

        MD5

        64e2bb67ea740860510dcc5c2b6ffa2d

        SHA1

        6c5996358264624cdb4a075acc4f0b46177cd259

        SHA256

        844ab2231f45fad60d81770ea36d9937da9aa72cd905ce06e7471ddf9d69263b

        SHA512

        ed24331883ada44d8b034f5c8bc458e53234109d5cd02a27989972033f5b3305d23365106ce80be81caa16e472c14c103e457a1e0d138eb0d95036e58d877462

      • C:\Program Files (x86)\Java\jre7\bin\javaws.exe

        Filesize

        266KB

        MD5

        2b4493bb1f94580c41def972ea9a887e

        SHA1

        880ca8b20c6df9a6a176b91cc50304cb0fe66d06

        SHA256

        841339373958786d9c93a7dad5de8fd213ed6b5ad69623f5a5762a453c48e0a5

        SHA512

        b43e54f2c1f3e0a3c3d2fcee518e47d17476bb735606351e41b49e97e10af758ea9a539ac370a2d12cffa93e3e752e829db969968664c59386f65b732c29e40e

      • C:\Program Files (x86)\Java\jre7\bin\verify.dll

        Filesize

        38KB

        MD5

        cb89b1d71061f5ec52468528ecc0b1fc

        SHA1

        6feb23a8b5719c8997de92c7da644807fcba8819

        SHA256

        87d8d59972e73700507c07cee8750b0053c6a0899410338722a00c2803d39ee6

        SHA512

        2ff0ed38c7f28eb7ea16f24a0841dfb3306c4fec48ded5fddec8c3140f1a425433a444fe6b6cc4c17b3a39841c8ab0c23d7c9525c119c1b9d6daac2c17a4e4b0

      • C:\Program Files (x86)\Java\jre7\lib\charsets.pack

        Filesize

        1.3MB

        MD5

        549bbcd204914b543dafee670f110834

        SHA1

        012461935191a55482e8c3d453d245e965a10a2a

        SHA256

        8ea5af036ec067a0abcf87b8f5921e2281ff9d259e1d4c3bbe7fa9037cd87d02

        SHA512

        b0346a2ec52ce47351286f27f347f5fea99e160aedde52bcf74e1629739704bd975c9c99d8db6be3b6bd45e7fa933616fa081eda49e9b911efcc031c7241400e

      • C:\Program Files (x86)\Java\jre7\lib\deploy.pack

        Filesize

        1.7MB

        MD5

        b2a448112b7c886ccce9b6a3d5efd8a0

        SHA1

        660bc9efe960015b208a421b1a63443e7151024f

        SHA256

        928f6b847f94b920c462a08c43f0dfd3f7c40076b1cd60545523a5c27a4870ca

        SHA512

        871da63f4eaf16d77ba6c19c10d8ddd8e94f744c20a70e24793f837023d20e56698d85f67498bc06ec37b73a8f376c220afbe7f3884b00536b710ff49c339b3f

      • C:\Program Files (x86)\Java\jre7\lib\ext\localedata.pack

        Filesize

        736KB

        MD5

        c8dc1cfeaf0fefc39ed0f1de4eaa175c

        SHA1

        11cacbb9e5724d37789455de37a225d8e0c648a1

        SHA256

        da2803a283d28882182e1e280b4f25ee1579a5805e73fcc9882e63968f102a8f

        SHA512

        6b419ba94ae90f8caa3a57690f2ec7e249c9fb8ab86819439621cde1243c7636ee76820622ce32ed483ce76976f7ced74778898fc2725b1a2407b039fb53508c

      • C:\Program Files (x86)\Java\jre7\lib\i386\jvm.cfg

        Filesize

        686B

        MD5

        5147cce789cd18ad6b2996eb89e5d866

        SHA1

        756f1fffe96ef581f0d4d47253523544c89a2622

        SHA256

        c471d622198461715f245d478484fc7c8de533313c56e922931a875460a5aa88

        SHA512

        55f53adb70b1cf741cdf0dee74d92d2bf4c96954a760afae289972a0ea9bb27bc5eb4df1bd41829c7c484211fcb294fe296a4d560d8a1cdbb8c707b3bf2a79a6

      • C:\Program Files (x86)\Java\jre7\lib\javaws.pack

        Filesize

        205KB

        MD5

        491bce42c6cd8af88a2e11f37711ed4f

        SHA1

        3de7c18fee44465a6afe34e068f2a64dea9fa324

        SHA256

        ee43869ee94eefe241d661101ff6a03cc276f8e558967b1b350ea088f1dad2e2

        SHA512

        1e5f99466b77b5a82c23449434272acf5746811ef96b98105f89b3339ccd86734d7713c94b773755219345d673a761a356fbe846a38e7893bd8894e43cf102e4

      • C:\Program Files (x86)\Java\jre7\lib\jfxrt.pack

        Filesize

        3.2MB

        MD5

        dfaa6429468d56ef77932cf26a495f75

        SHA1

        8a21a29225640f1829ae328a24ef9cb5e215a4e0

        SHA256

        8c481a549acfa58b1bac0385906febe33a928d004a529fec505b6a9228678fed

        SHA512

        6c19ed573b111315648de0646441486729b304452c15b2282938460a2339db0be4e1eb19cf6f2bf17f73037811ca2553a15957ea96b9d9af64a93045407c1148

      • C:\Program Files (x86)\Java\jre7\lib\jsse.pack

        Filesize

        141KB

        MD5

        31b4d9c29d29567b0ae3037fac9fbdc6

        SHA1

        8b5d1b1a309177466d71a742414d441f600ea38e

        SHA256

        9f031f2f1292bb311c400b0a93a11b78a08f013332b1263ea58617b6548862eb

        SHA512

        b4a8a3a1e837f98a3164e19a6fe939819eb336892335de975822890b52b5923d85fee4c4e5464ccb0d46c847f37f7da98a839aadbf4d20fca355f396a53836c0

      • C:\Program Files (x86)\Java\jre7\lib\plugin.pack

        Filesize

        489KB

        MD5

        47d6cfa1b01a6d41885504bbc3b1919a

        SHA1

        3838060f9d530c972d65f36fa38b265120a218aa

        SHA256

        93defaaf7f82e2e9565b27dd31a41c89e02d1b7719d0da0b940a55dcc75b91e5

        SHA512

        b0df9b174624234aaeb2b50cf611f698377925a0ae5c5ee9da46c65fcecf4d28941d1bf2332316d9327981c1f8c6c4fecf750e013f04eef63f5df52d27593135

      • C:\Program Files (x86)\Java\jre7\lib\rt.pack

        Filesize

        13.1MB

        MD5

        b6d75e8c90c79af1579769f10b1e5c88

        SHA1

        146cb3f05fa161885e8faf079fa2bbd89b5c5b18

        SHA256

        82dc6806d9ec9eb16604f90a5c78d0d882b69a0e718d8f6c3c6b7c9719887b7e

        SHA512

        02cdd0c0d6e71bc09120db2cd3b9471c0176567d92bb74a08c13e82c1d23722eb4afac41583a11dee3fc531fd442754ee0f5cb964898ec036ddd432947996037

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

        Filesize

        68KB

        MD5

        29f65ba8e88c063813cc50a4ea544e93

        SHA1

        05a7040d5c127e68c25d81cc51271ffb8bef3568

        SHA256

        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

        SHA512

        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        344B

        MD5

        1cac3b2fb2f2c74e58f708d1af9bfcb9

        SHA1

        ec0432cac2ea6631b2e009ba23ce4e4ab6154489

        SHA256

        cfe001fbf970f33649adb675dd18a3fb0482e4e5a0c368f7aec8282737d1ad93

        SHA512

        d4e27eeff3bf4482a4afcd19d9eb9464e658154efad1f68e22b42b6727f76db391c39c3b663c95a9ad1f3c010552f3ef3cc5d45e2c2a58cecb95628371aa45f2

      • C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

        Filesize

        1KB

        MD5

        35717c778e9005b420388a22ecd1ab3e

        SHA1

        a9f11309700063bfa5d21ce36b38855bd1af1b52

        SHA256

        46b2c97da7b746338dfc351640a717a8e354f35f7f7451eff041eeb2b022e777

        SHA512

        bc7f2b340ec0a1d543fd227c88d32b76d8ccc4c3f123ce0e24720d449e020c4663d9a43de202e17e26eb4b91f746757ce4aa21eb7704d2b9e691bd304fc50cf0

      • C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\Data1.cab

        Filesize

        24.6MB

        MD5

        003a488a2139105704566b47eb29520d

        SHA1

        52d672a592cd52ad5e2e7239421f2659e0d17afa

        SHA256

        a84262dd486cf59049d0d2d9a1b00dfb5aa5271592edd8de0e052f12496dec67

        SHA512

        ab34061f8e04bb1d59f1b35e0e1848a176f2b119095e79015130da3a4384c70fa35ecbe1625e07c0eb0de49c67bcdbba59f10fa1dfbbb2066dcb6ee6825215de

      • C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.7.0_80\jre1.7.0_80.msi

        Filesize

        898KB

        MD5

        e24d9b483ce7a3a6a4406111883457f7

        SHA1

        0d5efff0d110c48f5e6f5d438967427f1e2dbf84

        SHA256

        dbf28e21d55dd662cccf4d422a1a645a6a3dbfd6914942dde417d20c4d2fe01c

        SHA512

        b614b023ce683e78ee685be028fa06d7df90f10360d55de2a8c1214200b0b85998683502f377b01584bf23b72b168c33ef560a78d7abdf68aa3af87beca59398

      • C:\Users\Admin\AppData\Local\Temp\Cab9618.tmp

        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      • C:\Users\Admin\AppData\Local\Temp\Tar9738.tmp

        Filesize

        177KB

        MD5

        435a9ac180383f9fa094131b173a2f7b

        SHA1

        76944ea657a9db94f9a4bef38f88c46ed4166983

        SHA256

        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

        SHA512

        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

        Filesize

        4KB

        MD5

        a21622604abf7b519d55c10806872a05

        SHA1

        c45814fddf61503d1abc289b94417e59cfb64d57

        SHA256

        f7537e1397e941aac02e53d7271deef707b93d2f1e59548abbbcd9b52726eaed

        SHA512

        c4a313f22fe0d4e4a63868eac79efb88ce7341cd7d0a0579018924adaeb587bf6dc231bb8ba9e61afd3b5be2cf1567dfa491d7064fb93491b871475eaee98fdd

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

        Filesize

        4KB

        MD5

        647de502d25e3d165dcf6776d1c07358

        SHA1

        ee345d1f2bbdb5cc0b752ee946108691d548e2dd

        SHA256

        b3a9b47eac77dee7a58de5c35d2092cd06b9dc001351a6c6e84b67432daf5444

        SHA512

        acf018c09daab46cf96dc9b066793e5174c2a57be761e6dc9aad8e7b38fcac568380b48ba84bfd2b89212ef10013dfb7f6d64f3a68d533eac48ee270529dd9d7

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

        Filesize

        1KB

        MD5

        1325681eaf40afe81bb8187a6aa9074e

        SHA1

        9f5243e77b770986008d4f8418a9f9ec1dc71cda

        SHA256

        2d4bea66900319606cc666d03825db8a743452a14c99bf5a6f146960644f1130

        SHA512

        ae28bd2e572f713f8267237ffe07434dedcbc6c33849642649b8c66ecb567e6f88a4b38e78c78da4ef1e349a1a5201b8e9f4c6d070caef75d0ca8e1b64f579d7

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

        Filesize

        5KB

        MD5

        304ee7d6e767d10290b18ac1866373e5

        SHA1

        d52062d3778b41329f93e4066b995972df371902

        SHA256

        57b53c2dcfba36cce5be9f277a5789e3c2152c0f10f765ab89c7dbcbd02e219b

        SHA512

        e316580f3d324446aa311c78b17784d9366c1d1ef57931e6f76328061e84cfde5ebbc0f7f1f4b0be1df7d051e428fa534be2291811247d7049f120eaf6cc12ec

      • C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

        Filesize

        6KB

        MD5

        e7003b240e5be14db87f88ab93444c39

        SHA1

        7dc079aa0f9f0a17ee9de1a165b67cd08bce959c

        SHA256

        d568f54115162d1349f0ac3ba5fa887eabf9c5807126e68ce3e5e72287dc64f4

        SHA512

        2c91c5950149e7675314c224b1c0c0249728e87f715fb8f741f955ec084fee60ef69b8e87aaf43f975e5a16496931d112a7b1267648ed76dd3e1efd634ce5ad2

      • C:\Users\Admin\AppData\Local\Temp\hd.vbs

        Filesize

        245B

        MD5

        d8682d715a652f994dca50509fd09669

        SHA1

        bb03cf242964028b5d9183812ed8b04de9d55c6e

        SHA256

        4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

        SHA512

        eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

      • C:\Users\Admin\AppData\Local\Temp\javaSetup.exe

        Filesize

        28.1MB

        MD5

        f2fd417b6d5c7ffc501c7632cc811c3e

        SHA1

        305c1493fca53ab63ba1686c9afdfb65142e59d3

        SHA256

        a87adf22064e2f7fa6ef64b2513533bf02aa0bf5265670e95b301a79d7ca89d9

        SHA512

        289ee902156537e039636722ad5ac8b0592cf5cffda3d03cf22240003627b049382b95db1b24cf6a2f7134b0df93ede65a80a86381fc161b54c84a76ed04458b

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        193KB

        MD5

        6a86e8d216a77baa9084e18e231204a6

        SHA1

        6c1e488a58c0776519fb5eb4161d0f929aecb188

        SHA256

        49c96e06d4d875bd04d6dba41567347e0ca43f712b54dfcb240bbf8da12506d3

        SHA512

        6c4dddca4bcad858ff042a9f15da6226cf8c4a7c84215a1cba8b6625ef192d74451fb11a9ceb6c5a6450b71fec24c69d404505717c008c9009ca8e0a8a57c37e

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        193KB

        MD5

        5da1b3686b8239c4278b11288b0b441d

        SHA1

        fde3ebc5be1347693b9a66877f78d40929383ff8

        SHA256

        c2e1e432f32ceaef9be282ed1216275604f03a9fc514781161eaa89c32046f56

        SHA512

        a5a118bc340169f36c7b69a1d5e20b23be6132be6926664d67839357c40ac7a9337014a9aa570b72f3f3ce816a3b003915516effb764ac00f3959a75a9d05b1d

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        194KB

        MD5

        a4a7a1bb494c3808f6c61b7a016b0e1b

        SHA1

        78c93a6cb226ae9fec29eb5727737b88457c09ad

        SHA256

        415da94b6e737947ad017a683a71fa1ab41229ae062f46e18ad8b427dc63b6b9

        SHA512

        9cf5f993f137024edfe2c35186beaffd891cfc8122d527a95cc42eb098026766ae35f2c53625f50b4821f54b055f21dbe99e6da3dc4c08ffa49419b58553be93

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        195KB

        MD5

        a256804cf7979b72a2e05766cdc6e6a4

        SHA1

        7318c80b4ff40c397a27cd2fce6c157bea503be6

        SHA256

        0ce92642049b8d6cd1925f5697eb4fd699594fc329d590fb482f9430a449c4a5

        SHA512

        8c8fd367f8e990ae1d291b66ae34efd76dc547e53d3e80b334ce00fc05a703c9a4316025426363106f614ecf64567bb98b918ab019ed084ba47e06f634c397f8

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        195KB

        MD5

        95b6db47d83e1c43fe0a6dfa89b6cf4c

        SHA1

        ce67c5f379dca2775815dba04875bee40dcc8c14

        SHA256

        c3fccdfe60a45a816f9389a8ed5678862bb151d10d58d5ed7275a7d0e3714388

        SHA512

        4c9df5f9d618bb0d6827ff187b0f7ba1bc7b17fb34635a84a37353837b5afc6c0c4ff0c913608edb6ec478c540d79084fe2aaa15f45628ab4a53938a223dbbe6

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        196KB

        MD5

        b0949b14d1ae9196d12eaccaa0b62107

        SHA1

        4acd9a8d1411037d73667808f243572d2239c436

        SHA256

        295f8c8bb8e6a16f72874ca3bffdf21b7f4050cdab3bdc1bf055f6a86ce3ea95

        SHA512

        b25bcaa9dcb3491a98c799d3281fc88988fec2d6a50c2c127c89a5fea789ec657ab3da53ce54b3f1dd40d33c7f415935bc57b101c23b07d7298864c9047cc906

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        196KB

        MD5

        5b2120b15b094ab218e799bfff61dc14

        SHA1

        e28431d7b6e4b553a5d1d16ec3b8f97e4c99e3e9

        SHA256

        890825362b7fc3c0d04d28220a0448db13ed45caf20fb07e24cad7cfc89b8af5

        SHA512

        9e7938223631f324d5b7729f0957a9369d864df6d1ef8075419c626b5873e81a39775cb6a2e1a08d8da66b3f444f2eb6699c6b9dee076fdb2a8feacc590eb49b

      • C:\Users\Admin\AppData\Local\Temp\java_install.log

        Filesize

        197KB

        MD5

        2b86d39053fc6e56bd766e03b26a52c0

        SHA1

        ef3dc18b0959019ac4501feb955921fb0053907f

        SHA256

        a0c4e58373a32071c13ea9d822f62773b50746a310cd371e425a2156963e0548

        SHA512

        b156b87ba767de35d4be1738eebd393fc584c2294f529834f20d63d5179c6b198925c68b94af63243bc667fd5f87792886af2225c1f3d7933e311b75ad1bc173

      • C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

        Filesize

        4KB

        MD5

        b8fb107bd13db98220f268c8934f9966

        SHA1

        9ae449edd077dbe9fc765619a318359a03284b18

        SHA256

        54319cb0aa82dc67dffada8af6e5fdb235b0c27575f4c7ddfe7a6f834243d3eb

        SHA512

        af996421da8f6655c62693db73770777b981334e368c0a288b8e7ba5dc20577adc7605336cb0a1d65ae41f0e4cae09e572ccf657c9c35aed679b0ccf17e1941d

      • C:\Users\Admin\AppData\Local\Temp\jusched.log

        Filesize

        602B

        MD5

        920e66dfb079d1fc70d98823a10d84ef

        SHA1

        091631efbcea2eadd706fbd3e43ed197cdbc2aeb

        SHA256

        8d9c147a901dbc4e03da42472817a14409f8b87a35553277237f171319c9af05

        SHA512

        84c3c735e5c7ebc714322a9cfa2813097588eddc051fe8cb5015a5aaf112e389e335ca9e1042707ab19b2f8f5a522ddc84423b38c27a630ac95a753d447d7994

      • C:\Users\Admin\AppData\Local\Temp\jusched.log

        Filesize

        890B

        MD5

        f8cc766f45089fe76f6ae2f1dcf6f45f

        SHA1

        c75de5e89c8f8e7167e0ee0f40fdd39e6851fc80

        SHA256

        9b19396464603a56b09e46e67e99c6b38d68af8e2a4c491edc3d9f6a5870ccf4

        SHA512

        3c4d10678c7f52fffef55f1198cb981477ea990fbdfe87372868991708215a25f788cca2fe7eda40e6d754beac55db60b0d28718170d750482fd284a12ee58b6

      • C:\Windows\Installer\f76960e.msi

        Filesize

        155KB

        MD5

        55d7e66e49c3994eb5e1004a5efd22b1

        SHA1

        aa8a045dc0c161e95804f76efe27f1f572072fa8

        SHA256

        0a833d92b4d4aa068b0cb256b87c0d3495c3cc4a021be86c072095fee467b379

        SHA512

        2492ca442c4f6aab1f085a54bbbc1a95b836f033f1c8748fa6c3873997a397020baedfc1f661d751afe30ade3ab14b66a676a4731696b6c90c5c3adfa6c2bd2b

      • \Program Files (x86)\Java\jre7\bin\client\jvm.dll

        Filesize

        3.4MB

        MD5

        27147e1e3faf9b5ccda882cd96f2a85c

        SHA1

        7103f60121727917f812bfc7cdff5347fc17cc8e

        SHA256

        500d359211ece211cf672de328345876f016fb4a476b2a03cbc3b8b89023ae1f

        SHA512

        0866c604911e243687e7fe721142eb882b19691c902736b59ba304933463d8c9154ecc319b91c9771cee8139e151cc2a2e960bc7a93ed97352cf5232a0964194

      • \Program Files (x86)\Java\jre7\bin\java.dll

        Filesize

        117KB

        MD5

        a258a133f7d565600647a248ab95792c

        SHA1

        1c6a855ca1fc04413b906b0b17609eff38317161

        SHA256

        81ad5696a6fcad89127fc7a428636d431b446ff1ee0c37bf87e8d513a8bae7af

        SHA512

        bf9dd97947eb0c71243ae28255af54b06d9e17af7ade666538dd93f9fdf6d8fbc3855f48bfaf6522dbd9ce3c6cff655581f092709670606d033f2321b1f4a5e7

      • \Program Files (x86)\Java\jre7\bin\jpishare.dll

        Filesize

        138KB

        MD5

        4cf2dff54d2e12e3ab637fcafa7d4c9d

        SHA1

        dcbd0a027b8017ac396741698dfc3b3f4d1b4c39

        SHA256

        8ff2bc130db2f1fef2e6470adb58bcdba1d2133f9ad21ebd7d80fedd3e537e21

        SHA512

        a206001ceaed2df91428f1b7094246e4e7318bf4e7b19c475d4887b5eae49714ff7fa3cfab4133004a51280cf36549b73eecc87428b0b38294297545e9493e67

      • \Program Files (x86)\Java\jre7\bin\msvcr100.dll

        Filesize

        755KB

        MD5

        bf38660a9125935658cfa3e53fdc7d65

        SHA1

        0b51fb415ec89848f339f8989d323bea722bfd70

        SHA256

        60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

        SHA512

        25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

      • \Program Files (x86)\Java\jre7\bin\unpack200.exe

        Filesize

        145KB

        MD5

        0d46182b6134aa9c7acd16133d67e4c3

        SHA1

        7b5be3d65e5e744723bf55a08f9dc1042585d5eb

        SHA256

        c89091f2a4de2fcf10b30e54a74ec5764e2dfc0577f4f1d879ac8816e3b08bcc

        SHA512

        735b6c6bd69b22a71c15ae44c6fa1693700321dc3b4b2367ce05d5c37df62e45d1d3836c2c0f5e44be1036aeb11a533c2a4dbec55163b4a15adfa1c8ef75673b

      • \Windows\Installer\MSI994D.tmp

        Filesize

        202KB

        MD5

        9f84d910602183954bed6d9660600783

        SHA1

        82e3b122dc63e0a333bca531dd16667d5fafbf23

        SHA256

        bf4e4c75d148cb412e28a0b4e665919fd5ac6b9aa6bc3fa75401394759218d5e

        SHA512

        09fb450e6c6f22a32d5e06f470070aab17d4973afe307b529093af7fa29ab96b61a89814e4964d005459f8ebb25716134a5e1c41f6ea7d260361b135306544b9

      • memory/1196-1282-0x00000000001C0000-0x00000000001C1000-memory.dmp

        Filesize

        4KB

      • memory/1464-1246-0x0000000000140000-0x0000000000141000-memory.dmp

        Filesize

        4KB

      • memory/1508-1162-0x0000000000150000-0x0000000000151000-memory.dmp

        Filesize

        4KB

      • memory/1580-1133-0x0000000000180000-0x0000000000181000-memory.dmp

        Filesize

        4KB

      • memory/1600-1384-0x0000000000190000-0x0000000000191000-memory.dmp

        Filesize

        4KB

      • memory/1620-939-0x0000000000180000-0x0000000000181000-memory.dmp

        Filesize

        4KB

      • memory/1972-1413-0x00000000001D0000-0x00000000001D1000-memory.dmp

        Filesize

        4KB

      • memory/2240-1312-0x0000000000190000-0x0000000000191000-memory.dmp

        Filesize

        4KB

      • memory/2412-75-0x0000000001380000-0x00000000013E0000-memory.dmp

        Filesize

        384KB

      • memory/2412-39-0x0000000001380000-0x00000000013E0000-memory.dmp

        Filesize

        384KB

      • memory/2792-1023-0x0000000000650000-0x000000000065A000-memory.dmp

        Filesize

        40KB

      • memory/2792-1064-0x00000000002A0000-0x00000000002A1000-memory.dmp

        Filesize

        4KB

      • memory/2792-1202-0x00000000002A0000-0x00000000002A1000-memory.dmp

        Filesize

        4KB

      • memory/2792-1024-0x0000000000650000-0x000000000065A000-memory.dmp

        Filesize

        40KB

      • memory/2828-1349-0x0000000000190000-0x0000000000191000-memory.dmp

        Filesize

        4KB

      • memory/2828-1354-0x0000000000190000-0x0000000000191000-memory.dmp

        Filesize

        4KB

      • memory/2940-985-0x00000000001B0000-0x00000000001B1000-memory.dmp

        Filesize

        4KB

      • memory/2940-963-0x000000003A400000-0x000000003A410000-memory.dmp

        Filesize

        64KB

      • memory/2952-38-0x0000000002D10000-0x0000000002D70000-memory.dmp

        Filesize

        384KB

      • memory/2952-74-0x0000000001380000-0x00000000013E0000-memory.dmp

        Filesize

        384KB

      • memory/2952-0-0x0000000001380000-0x00000000013E0000-memory.dmp

        Filesize

        384KB