Analysis
-
max time kernel
148s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:17
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe
Resource
win10v2004-20240426-en
General
-
Target
SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe
-
Size
6.9MB
-
MD5
d92271097f5895c5a7904f521f38f28d
-
SHA1
21e778f6f8ee3816a44259fc0dda09e760813242
-
SHA256
6c190cc4962e5e749492247c7545d0f8a01a3b3141397a2fa64c2924ea710acc
-
SHA512
987d5cce3242fca829b7589e03218a66d8737f49771421900bb6fc5194e0fd3fc086d2bfd420bb6a300091cc3328215f05d90053cb811bc6b8f9d6f36423feb1
-
SSDEEP
196608:tlA/QPZ7lENinvtMmGDXuLyRGCVoCpEldP/wU2:tlz5lRnvymCXusGCVoTP/T2
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 3 IoCs
pid Process 1868 icacls.exe 644 icacls.exe 1896 icacls.exe -
Executes dropped EXE 22 IoCs
pid Process 896 unpack200.exe 2128 unpack200.exe 3060 unpack200.exe 2132 unpack200.exe 488 unpack200.exe 1132 unpack200.exe 2064 unpack200.exe 1348 unpack200.exe 1980 unpack200.exe 2376 unpack200.exe 1700 unpack200.exe 1820 unpack200.exe 1004 windowslauncher.exe 3060 Remote SupportECompatibility.exe 968 Remote Support.exe 2708 elev_win.exe 2716 elev_win.exe 2860 SimpleService.exe 2576 SimpleService.exe 2512 session_win.exe 2796 SimpleService.exe 2332 Session Elevation Helper -
Loads dropped DLL 64 IoCs
pid Process 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 896 unpack200.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2128 unpack200.exe 3060 unpack200.exe 2132 unpack200.exe 488 unpack200.exe 1132 unpack200.exe 2064 unpack200.exe 1348 unpack200.exe 1980 unpack200.exe 2376 unpack200.exe 1700 unpack200.exe 1820 unpack200.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 3060 Remote SupportECompatibility.exe 3060 Remote SupportECompatibility.exe 3060 Remote SupportECompatibility.exe 3060 Remote SupportECompatibility.exe 3060 Remote SupportECompatibility.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 2708 elev_win.exe 2716 elev_win.exe 2716 elev_win.exe 2716 elev_win.exe 2716 elev_win.exe 2860 SimpleService.exe 2860 SimpleService.exe 2860 SimpleService.exe 2576 SimpleService.exe 2576 SimpleService.exe 2576 SimpleService.exe 2576 SimpleService.exe 2576 SimpleService.exe 2576 SimpleService.exe 2512 session_win.exe 2512 session_win.exe 2512 session_win.exe 2796 SimpleService.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 4 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication windowslauncher.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name = "windowslauncher.exe" windowslauncher.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication Session Elevation Helper Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name = "Session Elevation Helper" Session Elevation Helper -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2512 session_win.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 968 Remote Support.exe 2052 windowslauncher.exe 2332 Session Elevation Helper -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2696 wrote to memory of 896 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 29 PID 2696 wrote to memory of 896 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 29 PID 2696 wrote to memory of 896 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 29 PID 2696 wrote to memory of 896 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 29 PID 2696 wrote to memory of 2128 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 30 PID 2696 wrote to memory of 2128 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 30 PID 2696 wrote to memory of 2128 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 30 PID 2696 wrote to memory of 2128 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 30 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 31 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 31 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 31 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 31 PID 2696 wrote to memory of 2132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 32 PID 2696 wrote to memory of 2132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 32 PID 2696 wrote to memory of 2132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 32 PID 2696 wrote to memory of 2132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 32 PID 2696 wrote to memory of 488 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 33 PID 2696 wrote to memory of 488 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 33 PID 2696 wrote to memory of 488 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 33 PID 2696 wrote to memory of 488 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 33 PID 2696 wrote to memory of 1132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 34 PID 2696 wrote to memory of 1132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 34 PID 2696 wrote to memory of 1132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 34 PID 2696 wrote to memory of 1132 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 34 PID 2696 wrote to memory of 2064 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 35 PID 2696 wrote to memory of 2064 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 35 PID 2696 wrote to memory of 2064 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 35 PID 2696 wrote to memory of 2064 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 35 PID 2696 wrote to memory of 1348 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 36 PID 2696 wrote to memory of 1348 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 36 PID 2696 wrote to memory of 1348 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 36 PID 2696 wrote to memory of 1348 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 36 PID 2696 wrote to memory of 1980 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 37 PID 2696 wrote to memory of 1980 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 37 PID 2696 wrote to memory of 1980 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 37 PID 2696 wrote to memory of 1980 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 37 PID 2696 wrote to memory of 2376 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 38 PID 2696 wrote to memory of 2376 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 38 PID 2696 wrote to memory of 2376 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 38 PID 2696 wrote to memory of 2376 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 38 PID 2696 wrote to memory of 1700 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 39 PID 2696 wrote to memory of 1700 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 39 PID 2696 wrote to memory of 1700 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 39 PID 2696 wrote to memory of 1700 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 39 PID 2696 wrote to memory of 1820 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 40 PID 2696 wrote to memory of 1820 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 40 PID 2696 wrote to memory of 1820 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 40 PID 2696 wrote to memory of 1820 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 40 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 1004 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 41 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 42 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 42 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 42 PID 2696 wrote to memory of 3060 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 42 PID 2696 wrote to memory of 968 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 43 PID 2696 wrote to memory of 968 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 43 PID 2696 wrote to memory of 968 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 43 PID 2696 wrote to memory of 968 2696 SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe 43 PID 968 wrote to memory of 1868 968 Remote Support.exe 45
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen19.3578.16500.31425.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:896
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2128
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3060
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2132
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:488
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1132
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2064
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1348
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1980
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2376
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1700
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\rt.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\rt.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1820
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe" "-Xshare:dump"2⤵
- Executes dropped EXE
PID:1004
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote SupportECompatibility.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693450833-5\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693450833-5\unrestricted\JWLaunchProperties-1716693460317-0"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3060
-
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 jwrapper.JWrapper "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\JWLaunchProperties-1716693461132-3"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Windows\SysWOW64\icacls.exeicacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F3⤵
- Modifies file permissions
PID:1868
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F3⤵
- Modifies file permissions
PID:644
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F3⤵
- Modifies file permissions
PID:1896
-
-
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeC:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2708 -
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe"C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2716 -
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5037789518799811657.service"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2860
-
-
-
-
-
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2576 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\session_win.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49856" "127.0.0.1" "49857" "elevated"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2512 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49856" "127.0.0.1" "49857" "elevated"3⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2052 -
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper"C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49937 127.0.0.1 49938 elevated_backup4⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2332
-
-
-
-
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService619553892⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2796
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
113KB
MD5871f2ae119ac463e75bbeabc1e925aa9
SHA1694d8b456abc255da9ec0e9b270116163cb5d132
SHA256313000b647e07fe9c08d538d160b5adb4849a7e2e19c16e5e0f188b176470229
SHA512cd1e7eda3b0591b20587990bcacaadc2424d2f9f72d071c3c4efac4bbb16665c7b267ae332f95cadf1ca3501f3d7b9cbc9fbbd3cff07e1fc69bf3c9f805f1ce3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\JWrapper-Windows32JRE-version[1].txt
Filesize11B
MD5271563b96fbbff5dc3e04656f3f18923
SHA17f6800a9d6112bf5c360d56f3b0c5c616260fee8
SHA256b482d2aace7286c78a565879c3ac49b772e9bd9d003bed856542c2cee1049b22
SHA512fc211920ee469a34e10444d65e9a909c934cfa1c6d332700d33c2aff9aa2201434dbb810ff03188904c9500638444435cbecc25e2b7598356236c8475b02763c
-
Filesize
255KB
MD58bbdd39d01df58d2e28f7f632b783030
SHA14d710aeae589844963f3b249a2a26f886bed1229
SHA256b1784c0cdaca08d5d16d62a11cb73c0cc28fe0fdad54520ea0c9d5e047071a69
SHA5125ce20419e172d06d7b898e1bd5df75d90b559e37b67c74e5a67d2330d4805d6f41a6230467be4864496792b9d0c666f25172cface63b808e3a8f9cb9d43e89e7
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\54U173U51U254G80\applet_splash.png
Filesize81KB
MD5908f0b4427cb290cf05dfb75eedc4798
SHA112d8e39d44b9554aec02f10c0662fc054d81a17e
SHA256338e09591dd92e6e0e334c4cc3550b9a944b2f399a8acc0caaab91c54dc387a2
SHA51299f0aa0588d69a714b525f5ee701861c2fec1dec44ceaa39311187f9b3ffc2701ccd443b1f5e0e83389728c101cb2bd90c51e06b2c24fbc6bb3153f216375761
-
Filesize
13B
MD58fb5138ee86360cde03895fbcd12494d
SHA1182872da6ad9990fbfdee722097047764f4a596c
SHA256cfccf59f10da9d264a641125c710a6d57e457a1081f23e899bfa3d06e3be2d41
SHA512f315c3ea8519b935daf10a526303731aefd95de0535f871ef0927e92b86cdf5a1d967647e2af7fe54afd014e670db3f4d183ac00e0b81a4f757b703066030049
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\unrestricted\JWrapper-Remote Support-splash.png
Filesize22KB
MD50905b33d2e42db16dea325e538085f1c
SHA1c9aea4726f051096c590ecc3e8a466ba0eb1f186
SHA25682aefb52771e20875893ae177bffba49838332de4124a48b9f3285af537bbed1
SHA5125bc999a2fa812daaacdc4cb891deb63f84925096e03241f57599fd140a348be0be2e8c316b166e4fb54def17dabfa1c1bb84ce5cdb7b8a6ed17dd14206142327
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00094739813-complete\unrestricted\jwLastRun
Filesize13B
MD51cd8f0f2bb608440bcec2b3cfb56f2bb
SHA1a3ae3ca22a82af547d5c0119c2b5a5f2a9a9ec7c
SHA2567f126711846bda43d49c4463b50a7afe3363f5d871577e3c168222e351ceb036
SHA512b59cd0071dfbcb991e109925f244a42045161d6e8b154b2dff7c4e86544dc07d9b263372977cd17a764dcada2a0874a9c557676776152b8234b44faed01cdee4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\MSVCR100.dll
Filesize755KB
MD50e37fbfa79d349d672456923ec5fbbe3
SHA14e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA2568793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA5122bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar
Filesize2.9MB
MD5be77261e5ea68f8d654979506c60098f
SHA1d9f45a45c6d24fd51af87edf995f3f074f26b625
SHA2564c0cf9049c1c9ec958c66338cc4e1e3e8f6e6203fc23c4df1ee25a27db1c3e7e
SHA5129556424da462320a598d27b1e340fbacd2f34367767005d5b4dca03668b05b3e72ab8e5e95292823febceded3398ba1d6c7372b326a3d8da2d128e9d697c6c1b
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\charsets.jar.p2
Filesize1022KB
MD5c0b2c569c4c13afde2b4936c69899818
SHA127587b733c46b704468baac99d5369558e04433b
SHA256a11a18c31f07b640ce37c8c6913f28d5ae361043efed7c4b7748129a581c9b72
SHA51277d5b289e6ab8354075058e9467490eeaab3640f953e5d534b68fdb966cc35b0351b7734f61a8f0e05c02648b6a6c1f7625537a6206d8a7a7cfc8c0ffa998d99
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar
Filesize145KB
MD5d1f7a7fb0a46eda64b92d27bf48ff07c
SHA1e26e4f4b326e4e1e3a47a27b10f4f7335efecaf3
SHA2562ee219b2825d2174e5a03ff15a7bc3fa2a72d6322672abb2bc3be2ba7153f550
SHA5126034451481dcf2d4483e5edaae6c60197cb3a7f6c0ec726c7b0f8209632523d24ed7e4548df2942ed18e93c2cdd08a8d4be483d5329dd400aa97543de2b865e0
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\crs-agent.jar.p2
Filesize83KB
MD57618098477e433a3297beec060e38554
SHA1e57585e7f78f8290a534bae6bbe85e89bf59b671
SHA25675e2fcd8e5db747c4f2619c67e9a6898b083318dbab0b4276052593a9ed22825
SHA512fc46a67c3c7e3bcb0f3e8e2611a749692fe4c2cdf1ac89b9e5013ddc6f58bbab4d012e58cd85901f0d171c8ff5e9e5ca3c08811abac38d89776f67dd1b72b56e
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar
Filesize191KB
MD5f2e03d50317928d981b77d1b01ad2f6e
SHA13f82255ba557b64664e3dbf9d8f2b6e4d611e9b2
SHA25633d0959c1d4f31a23b62c6c406f04acca9626b3f72963c88a6d407820cb58ad5
SHA5126de0e03130f1ed9d236f300b932e2a5d83d58a0841fe5cd7fd6e569384a2034ae37150ddb0d41a2af3b3b8c9432ef5d5427c5f36cd854ddd9df987a89f96276c
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge-32.jar.p2
Filesize68KB
MD565ff11c770d16063ae896517d60ea900
SHA1c759cff5e6a08ae5c232b79ff95c58fce545f24e
SHA2566707457e8d1aa16b08a77e6e44a69984ef5c784dbc8b65796d5df80ab0c4182c
SHA512d40cb1b633916aff909255293d1b567ee353ffbbda3517bd80d723b7fba1225f660b20599963c83bf28036b853280a9246ed1ca23633b805357651ec64046982
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar
Filesize191KB
MD5f31be727c15312bb50baa9a60003594b
SHA11dc4bcbe28572e8d72d1afed9731d32a7985ae99
SHA2562868caaffcf13ae3d6d22831668e19d4200593190a1b88b714b62b3e47ac537d
SHA512387b314f64f5ba5c72be7f1e834a62b8b72a984a36ee9dd53aa538fc26e2c343cba6e2485d15f517bd403e285455108d303b88d2db1d246f5990422a461fa1b0
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\access-bridge.jar.p2
Filesize68KB
MD5085cab8b3c0d6ae59b3fdc2b09ca7b2c
SHA1c9d1aa28415e4fc44c8935e2af8dac6b950f7c23
SHA256352f6c64c4742c49194ea23e75867c97dd445ca0ed3c29747a1b3149e05b8238
SHA512158f06e74faec63406fc8a968a0cf23a34013877c2f44c94ab1fb2bf0f9e928741cafeea658a104bd87d4cf68bac2b812486f8d73e163d4469b4bb6099d69125
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar
Filesize3.7MB
MD5464e8a959d39d16b0e62f177f77eb7a3
SHA1cc8fedb29aa80ea30f144ec6f1fd5594fac83622
SHA25670dda4e2247e7a7d8e78501679ac89ca3214d8a98ec8f332b9fbbd043fe88857
SHA512515872addf16a1ea2facf5c7ab70b987669d8cfa102705149528084375064ba9ca272b0d48eb7ae3774581524cca4c517c6be092ce1912bade9a36355662e05d
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\cldrdata.jar.p2
Filesize3.9MB
MD5fb3b52a77cd7d5c06ab18417b880cf85
SHA116b32390dd4b20f215e9bd4652451ae110408dbc
SHA256d316bc002fa5a15622c5d4076f74a8f97fec63d4efbb9446e9cea101c66c051f
SHA5126a1adb2b9d6969840277588c93f299c22ad167ac9cb3d4c4ae2b94d49a2e3301502ea54e2eb62b74b97d0324028e9bb6455ec078824d1ec9b5d6c02b3e2d9ca9
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar
Filesize42KB
MD578e7e96c457dacd63ff8b91b18a18d94
SHA17deeb6b1bb9cd5dd8e88e89b104036fb11a3a6e7
SHA256cef2ccb8962a6d995e98df38c0370b0685a20dba56d492789535f075837664fe
SHA51249278b823990c58a66513f09a2dcad30ba512a48f7529eedee1147e4cfbd9961908063f08c8b1cd51871f5d6d22d1450a32df1d762ca99895fb879aa2e1089e5
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\jaccess.jar.p2
Filesize35KB
MD5266b3cd165141350c4e97f70de125b8f
SHA138fb1ca72f034b4bdad5aff7d8f4a100fb4c6924
SHA2566e6e99bd2d0f532f3c297ecc2e14cc5379e4f86de78bdf8cc6615ec63992ccb2
SHA512e1cc802757ff4d3a3deb64992188f60ff5841bed1d5351dbf39833a686b218b9be93f73d3c656601150ebdd60337eba84c2f98ced46a8190f1c62b4b7678a080
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar
Filesize418KB
MD580558729bb2edfc3b03b8dee73d527b4
SHA1521d59e97a3e254ecd9dd06b213ac0fda4c2983a
SHA256f17139ecb92b94a2a3909a5a2f2c8a5feee9afaf25e8cd2b5a8ab0fd3dd73c9e
SHA51280e5785beb2de61ea8cc9882e94e3abf99917556467ebf935297a9e0f7376b313850cdb0ffea2d98ada9db8c6b3a6104572399667e8cfde0cd537775e445b0ad
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\legacy8ujsse.jar.p2
Filesize271KB
MD53b997068ed80236ba82703b7c8275621
SHA163d2bbca29231220d5beb285c9cf263b4c93acb9
SHA25640799e64da3944f75ddb8e9a378c7d37fe8c94183f173717b2f08dad865cf89d
SHA512c67ca18a538ea12e0032728e575f25b11da6b847ec3eccceb59c53d18eddbc4d711d4684e8f60ed0da6e7149ab31a9f8c04ef45f5c5792ceb749c3f7e5b7ddb4
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar
Filesize1.3MB
MD5a2dd6baced76fe17ef8db6d6a6dca1ec
SHA126e46d9fb59464f895da1474ed0c545831311bd0
SHA25647545a341a3e7b99164150d000607e10b7b3a16caf3320090fc1e5c6128c13e1
SHA512a9472630786ca3369c3e1d9303b5430eb744c962d7287b95d75caaf00d15ef735c985e5093cc2d36dabfccaab2782210f71eec1be3cd1cc05886eaa969ddc947
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\openjsse.jar.p2
Filesize580KB
MD5558a800e89bc6c647e2909a0c91dd9f8
SHA18fcfec1b4e704661ff0c7599e0ee2ec60c69088c
SHA256ec51166a6f4796de2283de2a59e9143d953fe37bf9abbc71873a3978dbec85db
SHA51219e585b8d1c13ab511ee66615442fb2bce3bb529225b623271a8f27a58d76d541434ac02b619d55bbca03f1f9adae94745bc1f2504eadc7f00220b49ba6c13bf
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar
Filesize42KB
MD5e862f2417b9e605077b14bd40870f81b
SHA1b1af847865894e4aca999cf15254950a3adbc66a
SHA256c5a5dced73b692eaa10278c1798ab5703871d4813781239f3ab6155783d947e2
SHA5120164cfa331d7b0c469a9cc0876ae9722380dd63f19e08f12a1bb8e1c9c989e704d76c12a226cb4a90d09a57b0ab7c6bdb3f7cf4549f99a5f8df6ef104e490864
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunmscapi.jar.p2
Filesize21KB
MD5ee900003bb298d82c1c1ab65bf0d1038
SHA1ce744e382e9327f49527e4753bd9a316668bb836
SHA2569d37087d57531c4c8438c3fa64a506b08f71b5cb5462bff59d653d06d1170b22
SHA512845968c8192de9ca2a78c9da05041138eac5f80252b3cb1680b3ce2f0fdca99f68fab65f7fbefe71b8f0f953dc3bec4ad23708b1dde8e387525911dfaa16b5b3
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar
Filesize263KB
MD53b484d613b13097df94fc02830625fe3
SHA12ae78e428005a2aa4c1c186e13b015ed8f626d98
SHA2560370bfd5c5b93a86d4ab384bd1954833b663037f922dffdd145b0c4708848f15
SHA5122696a1673c62b9e0b87f417b441babbae55dcfa36f631fee0907e8ab61e4d004a0a273668fe15474a7adb0d48a7009b58783e8173eb8bd73481f75f5b1293a1a
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\ext\sunpkcs11.jar.p2
Filesize164KB
MD5f70f2e791c4bc4f97e0cfd293efdfb00
SHA1a5f9f5590777cfc7de8b7808f88fda67dcb3808a
SHA256dab578370c83bb0f88da5446c17c45ca2f173483ae7849cf1e1078651c5b3ae8
SHA512e501635bb7b1a1cb9f61241a14f3ef0e7aaef20c93cea91167b1c7dca2d872fbb0d03990976598d06dc4f7bee9fc1dace90a404ca5bcaece92e99e6b7f7a0cf4
-
Filesize
1.8MB
MD5aba762047180d748d13038c79a297273
SHA12149fdcac374a7571fe5f838decd9f78159a8b8e
SHA256452bed925863a3686bc9ec5caedf73668bb3b6347f13c6c5c48a93b33c76e6e2
SHA5128cc67b7bfdd045c040e560b3a0d07c9d8e5510cf18a9aaf59bd468614004e16389cbe06e4d5ddd689cf26aa4fe6939bd474cecd6ec7f630e109185c3b6b89770
-
C:\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\lib\jsse.jar.p2
Filesize365KB
MD5d0b67b9950cc7c430f718b97d1fa5e9e
SHA1570611a0cdcfeb970154f06efc39900b09a25e5d
SHA256f98ddeff204be7f6ff1b302476c0cb2d798ae6dff177cf3785f7a783671e184e
SHA512154d86ba9963b64b298e544a836f9266637c04dcd9da947404aa3ba5b47d50fe6031709173f16afafcd909644865b0711018e8facb428a68608294d3d92ad74d
-
Filesize
15.7MB
MD5a7ddd38de7a6d515978bd3786db5f475
SHA1ae8b0b7204fc02113dc5b40cb2d6ee7dc7554ab8
SHA256a7138824d761e3f2586f05226630c13fb538d405d095e5167c62b21390546daa
SHA51246cae11274e4aea0ac75b069e4e9325386a3f82fd5aa00efd3e719ac4054c984f7b35760c99e7dc1b7b4ba09abcbf13e049c3b37fc51372fdf89faa2cc70a600
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00094739807-complete\jwutils_win32.dll
Filesize215KB
MD56c81694e80a30afdcb1fd52abe69c17a
SHA1bc5b890a25aaf397b386091ed38591386f5a7730
SHA25615efd7fbc433648e95450ece65ea27b2eb0c9142a8aab011660e0287eab366b2
SHA5122e8c095c2cd338057fef8b693e10f93eaf669111e67bd9a235b0903f25b016a9a2ce966a5f5086c415964d7b1eb3d35f1e45da592111c9722b1b6c2b0f5a3033
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\awt.dll
Filesize1.1MB
MD5f8e52c9bb7928d2e4bfdbccdd0f20264
SHA11df5a1a00fc862c42c1d5e1c89762c43af788a45
SHA256efa39b2953c4646bf23bf36353f3e46e5252a62afb04db7eb9bcdec7c08cacfd
SHA5122acf1ae7d6602cab01ee5b5e383f499bf8abeabb59bb817acf26d71890d928289029bb6e6968239a207dc86245367518e8579074761addabd44122fbe6914e47
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\client\jvm.dll
Filesize3.8MB
MD5ad097eba9b877fef2770f0d7c6aa8b66
SHA17649970441014f1c7359e6602ce1c702eb6729a8
SHA2561bb778575301d60089b78705c59a895f4cbcde5f325445d40b2e14b9fb070d8b
SHA512722a8d16d87642f4d3d7cd955d9a55ea0eb2dd4225f3b194acf2ac37eba3580fc1cb2b51a8fc1f493d75d6d4805b2722662cdcfa1a04d871da46cdf7a0626b64
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\fontmanager.dll
Filesize229KB
MD586bfa090f82bc7b2dc351b06ce64c455
SHA1e9e0cdd695738d4cbb39eddc48d5b5b2649c56a6
SHA256924dc9a985b26ef19958d17d23e18d8b8e2a552d8a11d0018014d21e632342eb
SHA5121939d84a42aede06c76c9b8e6b5093ff60ecde7944b24e2c26cbe7b1c5e5223cac70f5779bbc5f21c6f97ee90728b084602d74f1ba011f875ba04a110c3d07df
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\freetype.dll
Filesize518KB
MD5a0e41d3e1c157c9892acb3a44abcf0fd
SHA108f39ced0a1c4c5607bf8c14c0bb6d2d620a3dd1
SHA25623a8e28fa460ab9252b7418cb5ba7dee5c63f661297433d3ffd3d569fe9bae5e
SHA5128502f989fdd615147f83912ba1327d4dd6c1f3ef9bdc43da62e766e951eff371e0371b2abc20f09eb4f86e6fa3f1118b52f00fc1db6099b11f10c10b36a8c047
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\java.dll
Filesize124KB
MD562460b9fb42e5a5bb36cbfc8eed6935c
SHA1fd9c9d7c9c808f341bdf5a65df6160d6e8ba7cce
SHA25620c9eed8ab86613bd6285756a7c20071ab0443ff62e4561c02527473e0dad658
SHA512c94ab9fd0a600e37661c420b3108f37a0210996f09a1685f0f7bedebeb43c9e52340c850d681dd6444e640d22d4ec63d0cc82f53337d31cb112e087c6be4ca6c
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\net.dll
Filesize80KB
MD5ef1722dc5c18d6416a3c45a39a473f6f
SHA174c59c536a80e0430c5fdfd7424224fe08a4c5f0
SHA256f892bd41cec077229c2b4a34fce9cc0c130dff2427f86f64cc4defb2a91a621f
SHA51252cc61b7fb7b6b21f2fd784bf4dec54d17e90cc098bbdbd4a7064e6c2feea61c9ece0ca3ce3b3b8d5b6ef3e55e6b1ea74e147c68347585795bea9078e96e6c3e
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\nio.dll
Filesize50KB
MD5823b2c4761bec0121adf70f8ab5ce638
SHA1220610227a74e22050c1326fb2148bc4f953306b
SHA2562c2a6fb722055d3385e481237399c6af1cc93abc77d9485276e8158d1715f168
SHA512842a0515ed1e4a81c3536032b7e3f1b0bb77922dd25eba8c38c70ccb2d8973424fa7cc001dffee03acf2681ef5fc3b7ec04dae3e6271a2a2d03c1dabe5a27771
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\verify.dll
Filesize39KB
MD5ed82ef325e016d1102a64f681010fff6
SHA185a6e150fcc33f21989ce7b755b3365ddfc22148
SHA2567290333fb8deaa13e4c90bc3b4ae3b7c40cc03f18dcc107ad0aa44d704f52858
SHA51256a08c8e404309fae4de809baf95b35a45ff383b716519aa353cf4ad71623697ef5f1e6f54156c03a6f496f3721908395ba63dc661672b28937ebcfb532c0a38
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\zip.dll
Filesize69KB
MD5a17752b09e0f94eedcc79697bd469d26
SHA1ee0ec9fa38eccd85e3aa9b89a955af4cfbc23ed3
SHA2565bfcb6a7bed3ac63a5ad0d9ee5e350e618a78e90cc4220e0028708604671c001
SHA512a88c17dd6ac9194db650df7a41475a1d01df3917a1bace3655f7abeb18d109ce1131fbadbcb4d58e73a5aab049f2db82116eb99715b08b95ffc5d78558f12a2e
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\unpack200.exe
Filesize156KB
MD514a39388617fc5b75646ec85fc9ff9fd
SHA1ff215fe0b48b7ff5a43b02f25521788328a64a7f
SHA256ed4f04090a5d543627d49ff3693e6ab1ea7ef163d34acbaf46b6ee4b76ad12e8
SHA51248eac09ca862c3dd35436c837fa2db9d31394323e8540b1678315e9fd54b45583ae3d4180d353d3903ff1305750548b5fbac5e7276ed0e0112b0ea2d2d1f2b4e
-
\Users\Admin\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1716693432-0-app\bin\windowslauncher.exe
Filesize148KB
MD5d56527919a78d6ac6cef8a9cb3d0b922
SHA1d4ea8c6ff865334fa56d19e435e58cca8cff7e36
SHA25614f684600450cdbcdba40a554da7f96e7756b5733b4854f5b30b9a35d26cba4b
SHA512cd3bd8e33df78fde76827cee0ca9eab921c4bbce31aaf7b38d41d6a8d473a30ee5f50f3620741f57fd54a86a75ad11cee6f9a67c4c4b30e9987e1445af37f2b4