fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
Size

28.6MB
MD5

fa4039cebb06666bc73ef733762e63c5
SHA1

9cd57c22805f9d0aeb7e91440cef3a94926a8f1b
SHA256

fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae
SHA512

7cac94dd88cb023fc5f3abbc76e9af179a5380556c1ced492c4eec4ab7e02f67cb60822c1916b97b8ece70ce13fb7d557841607df73e6b631a97f83e95d81ba3
SSDEEP

786432:KCfHjIF5ZySaSYUNFXk269g+1yRNLwBlFS:tcHZySlX0242NLYS

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 8 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1336	icacls.exe
1704	icacls.exe
1980	icacls.exe
2216	icacls.exe
1636	icacls.exe
328	icacls.exe
2772	icacls.exe
1340	icacls.exe

Executes dropped EXE 14 IoCs

pid	Process
1432	unpack200.exe
1640	unpack200.exe
2748	unpack200.exe
300	unpack200.exe
1332	unpack200.exe
2244	unpack200.exe
2424	unpack200.exe
2632	unpack200.exe
712	unpack200.exe
1856	unpack200.exe
2412	unpack200.exe
1776	windowslauncher.exe
3044	Remote AccessLauncher.exe
884	Remote Access.exe

Loads dropped DLL 48 IoCs

pid	Process
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1432	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1640	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
2748	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
300	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1332	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
2244	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
2424	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
2632	unpack200.exe
712	unpack200.exe
1856	unpack200.exe
2412	unpack200.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
3044	Remote AccessLauncher.exe
3044	Remote AccessLauncher.exe
3044	Remote AccessLauncher.exe
3044	Remote AccessLauncher.exe
3044	Remote AccessLauncher.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe
884	Remote Access.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
884	Remote Access.exe
884	Remote Access.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1432	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	28
PID 1732 wrote to memory of 1432	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	28
PID 1732 wrote to memory of 1432	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	28
PID 1732 wrote to memory of 1640	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	29
PID 1732 wrote to memory of 1640	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	29
PID 1732 wrote to memory of 1640	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	29
PID 1732 wrote to memory of 2748	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	30
PID 1732 wrote to memory of 2748	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	30
PID 1732 wrote to memory of 2748	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	30
PID 1732 wrote to memory of 300	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	31
PID 1732 wrote to memory of 300	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	31
PID 1732 wrote to memory of 300	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	31
PID 1732 wrote to memory of 1332	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	32
PID 1732 wrote to memory of 1332	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	32
PID 1732 wrote to memory of 1332	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	32
PID 1732 wrote to memory of 2244	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	33
PID 1732 wrote to memory of 2244	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	33
PID 1732 wrote to memory of 2244	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	33
PID 1732 wrote to memory of 2424	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	34
PID 1732 wrote to memory of 2424	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	34
PID 1732 wrote to memory of 2424	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	34
PID 1732 wrote to memory of 2632	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	35
PID 1732 wrote to memory of 2632	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	35
PID 1732 wrote to memory of 2632	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	35
PID 1732 wrote to memory of 712	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	36
PID 1732 wrote to memory of 712	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	36
PID 1732 wrote to memory of 712	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	36
PID 1732 wrote to memory of 1856	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	37
PID 1732 wrote to memory of 1856	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	37
PID 1732 wrote to memory of 1856	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	37
PID 1732 wrote to memory of 2412	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	38
PID 1732 wrote to memory of 2412	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	38
PID 1732 wrote to memory of 2412	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	38
PID 1732 wrote to memory of 1776	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	40
PID 1732 wrote to memory of 1776	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	40
PID 1732 wrote to memory of 1776	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	40
PID 1732 wrote to memory of 1368	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	41
PID 1732 wrote to memory of 1368	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	41
PID 1732 wrote to memory of 1368	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	41
PID 1732 wrote to memory of 1336	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	42
PID 1732 wrote to memory of 1336	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	42
PID 1732 wrote to memory of 1336	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	42
PID 1732 wrote to memory of 1704	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	44
PID 1732 wrote to memory of 1704	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	44
PID 1732 wrote to memory of 1704	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	44
PID 1732 wrote to memory of 1980	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	45
PID 1732 wrote to memory of 1980	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	45
PID 1732 wrote to memory of 1980	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	45
PID 1732 wrote to memory of 2216	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	48
PID 1732 wrote to memory of 2216	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	48
PID 1732 wrote to memory of 2216	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	48
PID 1732 wrote to memory of 3044	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	50
PID 1732 wrote to memory of 3044	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	50
PID 1732 wrote to memory of 3044	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	50
PID 1732 wrote to memory of 1636	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	51
PID 1732 wrote to memory of 1636	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	51
PID 1732 wrote to memory of 1636	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	51
PID 1732 wrote to memory of 328	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	53
PID 1732 wrote to memory of 328	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	53
PID 1732 wrote to memory of 328	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	53
PID 1732 wrote to memory of 884	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	55
PID 1732 wrote to memory of 884	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	55
PID 1732 wrote to memory of 884	1732	fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe	55
PID 884 wrote to memory of 2772	884	Remote Access.exe	56

C:\Users\Admin\AppData\Local\Temp\fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe
"C:\Users\Admin\AppData\Local\Temp\fb64281df1cd259149fd9e7eaf2d68a6aa62f405a7214c789c64775babbd24ae.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\crs-agent.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\crs-agent.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1432
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\charsets.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\charsets.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1640
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\jsse.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\jsse.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2748
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\jaccess.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\jaccess.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:300
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunpkcs11.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunpkcs11.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1332
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\openjsse.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\openjsse.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2244
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\legacy8ujsse.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2424
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\cldrdata.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\cldrdata.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2632
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\access-bridge-64.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\access-bridge-64.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:712
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunmscapi.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunmscapi.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1856
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\rt.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\rt.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2412
- C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\windowslauncher.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\windowslauncher.exe" "-Xshare:dump"
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684102-5-app\remoteaccess-jar-with-dependencies.jar.p2" "C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684102-5-app\remoteaccess-jar-with-dependencies.jar"
  2⤵
  PID:1368
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\Remote_Access_ConfigureICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:1336
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\Remote_Access_ConfigureICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:1704
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\JWrapper-Remote Access-UninstallerICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:1980
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\JWrapper-Remote Access-UninstallerICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:2216
- C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\Remote AccessLauncher.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\Remote AccessLauncher.exe" -cp "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\remoteaccess-jar-with-dependencies.jar" -Xmx256m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -XX:MaxGCPauseMillis=500 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dapple.awt.UIElement=true -Xrs -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\unrestricted\JWLaunchProperties-1717684113932-0"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3044
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\Remote_Access_ConfigureICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:1636
- C:\Windows\system32\icacls.exe
  icacls "C:\ProgramData\JWrapper-Remote Access\JWApps\JWrapper-Remote Access-UninstallerICO.ico" /c /grant *S-1-5-32-545:RX
  2⤵
  - Modifies file permissions
  PID:328
- C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Access.exe
  "C:\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Access.exe" -cp "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\remoteaccess-jar-with-dependencies.jar" -Xmx256m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -XX:MaxGCPauseMillis=500 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dapple.awt.UIElement=true -Xrs -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\unrestricted\JWLaunchProperties-1717684114356-1"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:884
- - C:\Windows\system32\icacls.exe
    icacls "C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\serviceconfig.xml" /c /grant *S-1-5-32-545:RX
    3⤵
    - Modifies file permissions
    PID:2772
- - C:\Windows\system32\icacls.exe
    icacls "C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\serviceconfig.xml" /c /grant *S-1-5-32-545:RX
    3⤵
    - Modifies file permissions
    PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\JWrapper-Remote Access\JWAppsSharedConfig\serviceconfig.xml

Filesize
395B

MD5
a946f6883966606308b8c583bc32bd2c

SHA1
491fa9d872f8cc34d1bd60102b05aad7370e1e74

SHA256
8cbee822069d7cda7d225c0752489bf282b6f770aa21f86d0e125f0651a8927a

SHA512
16cbc6bab4d4dee67eb54a95239cced28a47d035a829fe21786f3cfa741fc6ebd863db7797315c5cb79fcb734dc7c0021e5f62908da4dc0322e3edf4add5f8e2

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWApps\JreNameOverride.afos_complete

Filesize
13B

MD5
8199887131477d02232d372bc808cfd5

SHA1
c172ffd15c0fb02432429632272a066b8516e077

SHA256
e4c596fe101978f244b8f74be616d62bbaae083f881928da51255b0dba50d440

SHA512
8623a7e6bb4673572c47035280cecbf09d02a71de54f86a2a3376de080df33af8dbe0d2e5c460779a899ca3d51e5b4c7b1a264ed4089af40b05c187524606026

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapper-JWrapper-00102236230-complete\unrestricted\JWrapper-Remote Access-splash.png

Filesize
9KB

MD5
519e771bd88ed6412d06cbf9dc0b03bb

SHA1
8dc16c70266d8ac763706dede48309b9cbece1e0

SHA256
a3a7f0dfbb7a487756a77493cffa4d1451274c1ec7efc1e4aef37938656e31c9

SHA512
3d7f6263812dfe6da4bbd468e6999e7b305a08497ff25639d6274e6120e3da53ba1e7dee7e50bc752342a654bdabfba157e42b1774699ef13263467a9382cbd3

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\jwBuildVersion

Filesize
11B

MD5
2a63324b3049e610efe09d2168c150c5

SHA1
0721afd49db4edfc68c9356a1b46a8dc9f3c38ee

SHA256
1ed7f01050bff23c74d9cf214c6b535de0e8d913a96d7270c902bc96c7e8ca59

SHA512
57fe0de7b79b7fb10c89b26edc070e4363b52e5522e696a5f962d76f2af60070625e78c688249574bdbe5c5289f5617804f9cd4b775da00452a0754613068b57

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapper-Remote Access-00102236242-complete\unrestricted\jwLastRun

Filesize
13B

MD5
8ef6e42c684536c1b4e40d8d776b063e

SHA1
8f2df4eef5230255965f30b2d57f52491374df2e

SHA256
2de8702ed8f38699cc0308dfd8f1435fbde2bd348df38316f4a8ee3405ce7a13

SHA512
da17f724f805c239c4abbed6f00c5f0931bf0a886acd3c01c625fbf8f7982cb0ae290c29c93260387835e09ddf93a2de0fabf22ffd335b04bc78dfb7e4253a4c

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684102-5-app\JWAuxiliaryArchive-Remote Access_linutils32

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684102-5-app\remoteaccess-jar-with-dependencies.jar

Filesize
20.6MB

MD5
b37dcf579f99510eea0c422fb41c0d10

SHA1
7a950eaa09e53c70bd865fd8c203876adf61085e

SHA256
9f5c71749dcead72a3eb4554c32f84428bc708ff39d605ba00a9510e49210648

SHA512
7593b32dd028d8ab0f67e7d58a2fc60657854de139293197eb28989aa23ccb16d09fb3b055fe2b921a4e76560296af53e01bca7053126ca9607ff44de40e4a63

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684102-5-app\remoteaccess-jar-with-dependencies.jar.p2

Filesize
16.5MB

MD5
10978f35923c5289803866ea500a9738

SHA1
d3f0b12b4c8df0303454e061b5228d649f2a1e46

SHA256
7720c9ca4db8524abcf17705b9751ecfa435c6a059d62ad6654226f9c11adc36

SHA512
a016c64118b32cab917014add3e4723c3c5653a141b0e5c972ef407328a6799f6c3a6aeb3f2d348688a49fc54fc8ced0f6d1f13e1cd9f1a742d32490931525ed

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\MSVCR100.dll

Filesize
809KB

MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\charsets.jar

Filesize
2.9MB

MD5
95c96b758db5b270c574027da01826e7

SHA1
9546a1e1817847d185fda77ed807ef5c93beb5e1

SHA256
a5054fc62377f0eb99fe75e17f3c08ed5fb64f120e0797e6722f51db176aa87f

SHA512
b973fe482d769078a24417c840287292634a38e6f049ba4a8d1f91a9e0d246f42f18a2e869f211bb2a9f7f079d060a59bc7b258cd01761cafd70df09d8877b6a

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\charsets.jar.p2

Filesize
1022KB

MD5
18c2b0d47a25b263c555edc4305b3a62

SHA1
8a76193e200e5cefe782c617966282157a535087

SHA256
62bcb3385c37e914be0ed0eb4e4c41f4b01a4a6123c784a8838aef53f35674fd

SHA512
f805973fc99d46cd485806d9e4b5a4acf6462d9e900245a3e0208cbded18f78f8e1afb9ca29ed82876ecede79342932c1a4e2645a719ff1408f213f0c4c4b50a

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\crs-agent.jar

Filesize
145KB

MD5
d1f7a7fb0a46eda64b92d27bf48ff07c

SHA1
e26e4f4b326e4e1e3a47a27b10f4f7335efecaf3

SHA256
2ee219b2825d2174e5a03ff15a7bc3fa2a72d6322672abb2bc3be2ba7153f550

SHA512
6034451481dcf2d4483e5edaae6c60197cb3a7f6c0ec726c7b0f8209632523d24ed7e4548df2942ed18e93c2cdd08a8d4be483d5329dd400aa97543de2b865e0

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\crs-agent.jar.p2

Filesize
83KB

MD5
7618098477e433a3297beec060e38554

SHA1
e57585e7f78f8290a534bae6bbe85e89bf59b671

SHA256
75e2fcd8e5db747c4f2619c67e9a6898b083318dbab0b4276052593a9ed22825

SHA512
fc46a67c3c7e3bcb0f3e8e2611a749692fe4c2cdf1ac89b9e5013ddc6f58bbab4d012e58cd85901f0d171c8ff5e9e5ca3c08811abac38d89776f67dd1b72b56e

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\access-bridge-64.jar

Filesize
191KB

MD5
4d15b4682bd758875cbdafeff2fe6bf7

SHA1
741e6dd1ed48fe2d60db86e55653f8c3a0ae94f8

SHA256
5eb097f8dafde9fde128f4551ecba725e8343b637a7564a7fe70b2eb35c9e983

SHA512
98758c04d675bf9712f1622d8fb4b04199980e0beda3aec5e81d8d41d3f7cd2f0de1e0e89c42d79235e02bc12b332e90912b4f843c35e9c5b8380c91cef7060f

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\access-bridge-64.jar.p2

Filesize
68KB

MD5
a9c19296cfff6730388171354874280e

SHA1
48db4034cd603d01603921f19bc623cb08e9c96c

SHA256
e752dca0e0913fa722aa507538976e66e5425db6b3ef36001013b4398066b2b9

SHA512
96517ff57b0328385b59a1f479e377e0563e316264fd6f9ca0c542c7c0b8669fe012e531ec4724fe85164dd950230c2bbbb1156408c67816832ea1163031231b

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\cldrdata.jar

Filesize
3.7MB

MD5
a2215ebc2eb45090237ab049407ff166

SHA1
fa8780bb08079fa5a068257809c538b0b58afebd

SHA256
b75092d771cee147d756f462e8b21dc846abc59199a3abda1ea2a04305e4117e

SHA512
543efc2f87d7469d72c01d748176cacdfe160956c28721a5255266af40856c752a05ac75e9bc1b46faeb785e7a6323744e882ac996a8f3eb8bca4248154f3e7f

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\cldrdata.jar.p2

Filesize
3.9MB

MD5
c70a80c9ac49fa51b2b77fc62a7b839d

SHA1
3e1a26f783c86fd60f03c7f3f2df7b739f621bc5

SHA256
4431aec1f1ab898589de8487b57de2598b4659ae671d02859c3900da509b0b26

SHA512
33f8fcb9192c4f08a7814e2af68b566c4695deef58feb5237d4f9e1daa315910c119102db19ab02e99adc8a7cd29def4a6440cf55c68717c994c6d6ac832fe9a

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\jaccess.jar

Filesize
42KB

MD5
bdb0f2c26bc783803269facb7d43ec0f

SHA1
73afc0c4510fe6394e9359c4a6b495ed9f7d692d

SHA256
4fde6b2f2c746db62ab5930b4abcecc966131535a83f2cc93067011d7071e6fd

SHA512
4714127ffa2ef2b4a1789e70d7ade04056f3547d36016b82c7a49881367428a9c664e8f1b32817781c12fd4965dca9320dc9762ac829dbe90164ca1bd5f80ccd

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\jaccess.jar.p2

Filesize
35KB

MD5
171c05d2fefe375032a6babc7dd11515

SHA1
dec20c83b6168dd5d3bb4935322e39e7c46ba3d8

SHA256
29977238c33d12c08aef17139daed8d7ecf97b4f502c40a791062915705ebe52

SHA512
9a84fb352224542453863c53f6dbf72829ea019b9d2a771420414daec27920a84e1ba3e6d3161d9b6b447b0ad6ff7088ca9bf1ba266be4757f113661efe03ce5

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\legacy8ujsse.jar

Filesize
418KB

MD5
80558729bb2edfc3b03b8dee73d527b4

SHA1
521d59e97a3e254ecd9dd06b213ac0fda4c2983a

SHA256
f17139ecb92b94a2a3909a5a2f2c8a5feee9afaf25e8cd2b5a8ab0fd3dd73c9e

SHA512
80e5785beb2de61ea8cc9882e94e3abf99917556467ebf935297a9e0f7376b313850cdb0ffea2d98ada9db8c6b3a6104572399667e8cfde0cd537775e445b0ad

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\legacy8ujsse.jar.p2

Filesize
271KB

MD5
3b997068ed80236ba82703b7c8275621

SHA1
63d2bbca29231220d5beb285c9cf263b4c93acb9

SHA256
40799e64da3944f75ddb8e9a378c7d37fe8c94183f173717b2f08dad865cf89d

SHA512
c67ca18a538ea12e0032728e575f25b11da6b847ec3eccceb59c53d18eddbc4d711d4684e8f60ed0da6e7149ab31a9f8c04ef45f5c5792ceb749c3f7e5b7ddb4

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\openjsse.jar

Filesize
1.3MB

MD5
a2dd6baced76fe17ef8db6d6a6dca1ec

SHA1
26e46d9fb59464f895da1474ed0c545831311bd0

SHA256
47545a341a3e7b99164150d000607e10b7b3a16caf3320090fc1e5c6128c13e1

SHA512
a9472630786ca3369c3e1d9303b5430eb744c962d7287b95d75caaf00d15ef735c985e5093cc2d36dabfccaab2782210f71eec1be3cd1cc05886eaa969ddc947

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\openjsse.jar.p2

Filesize
580KB

MD5
558a800e89bc6c647e2909a0c91dd9f8

SHA1
8fcfec1b4e704661ff0c7599e0ee2ec60c69088c

SHA256
ec51166a6f4796de2283de2a59e9143d953fe37bf9abbc71873a3978dbec85db

SHA512
19e585b8d1c13ab511ee66615442fb2bce3bb529225b623271a8f27a58d76d541434ac02b619d55bbca03f1f9adae94745bc1f2504eadc7f00220b49ba6c13bf

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunmscapi.jar

Filesize
42KB

MD5
199a840d4c8163628bc069703282476f

SHA1
1cd2bea3fedc312a9b470871fe87c8f301f8ef32

SHA256
fd7de375f7cf8bb4edef258b73ec78966394318df262d4cb2a22bcbeb127f8e4

SHA512
01fda70b4d77c221dd63d2a4e9eab587c667e8af22e920a44b64eb6208c8e96d9044d96a407a05849c2357fc2a9aa3264495ac6559df6df1e2ddfadd088d5aef

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunmscapi.jar.p2

Filesize
21KB

MD5
4ea26f1be03d62f5170c551398913c5c

SHA1
b633de9990e519dd878b5eb20e4f4d0441f96aca

SHA256
9bf43b7dd1e1aa0270e6c250674a8c0d651ab85463ab0337bf09f04e574b6183

SHA512
e8a0604ff89f570b2291e2192e4e9853981c867f60d471829e7d286c1b9c51db9afc31b52ca5e0428a2bc1c44ff7d875e1fdb7d6efb413b92d979b6f49aedfb2

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunpkcs11.jar

Filesize
263KB

MD5
af127a77a8798a63de54967af500c655

SHA1
b4b82b535dd619607288fdfb739d1d56d6cc6c68

SHA256
911970a9929e5e8a16d17ecb2884f81d5f7963636d327846e58139cbfae04fa8

SHA512
b2a94cae4f434130ba579e3131abee5866b444ad7b1e7b51c1bec037c56324ee51e4fcd9ac4b2cbb9ebf17f0df414809a6c718250968921e789e6f45025abd4b

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\ext\sunpkcs11.jar.p2

Filesize
164KB

MD5
593de57a7abd58e4f31ac663254f85e0

SHA1
0684301a3b0433b51eba019c20560090d79eda15

SHA256
3490e4a3ce662daeccc19aee199e22833f60a5e0f3743ffc99a80ba9b7be169c

SHA512
2389ccc97199d64ac81d61c0de67ea25dadec0bc60b741de1247e1b718e5559a7348eb7e52e98e9ed7e20970495409fd8b075dc9d7f3ec1fd0f8733fcbacc19b

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\jsse.jar

Filesize
1.8MB

MD5
f6f84176ef383688b6c8eba60336a57c

SHA1
f2c7e6a66c7c34d4c0005c89a533454eecf9b007

SHA256
3dab1640802f083348c4ab929bfe2e4c8fe7757236b4550a81679d93cf0ed114

SHA512
aeaf0da0334882b80b28de29d5f2a0e40ba8ae8d1fcd67e67ab0a3ee8b2948d2e6df6c153ea860871d5cf2ec5b97484a6c3050b9446e6d2249c353dd488dd5b8

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\jsse.jar.p2

Filesize
365KB

MD5
048afc64953480883554a6b3135de599

SHA1
a7c088c61b0178661012f10802e2de4d3eaec762

SHA256
e935fa86aed1296e44c9b59aeee8d75fd8670d6ce23c1ed418e9af8cc862e9e2

SHA512
d6adba78de8fb253f350d1098c54d0824a01e212c6499d8a666a26ed450cea4a2f6413ac9f47717d7781f25d5ac4bac61e094ab1ba199d556ea8e789fdd48224

Download Submit
C:\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\lib\rt.jar.p2

Filesize
15.7MB

MD5
d538beef841a0bf0bd057e663fa74048

SHA1
3f1a1351b0e66357f7a2f9f9bc85c1a7606f2fa3

SHA256
d97e1a6356e7531e94c1a4457d9e3f41141408a397d4b06f5618d34cb50b423b

SHA512
3aefd51aea1c1274ac2cd5b9716d8b198b79fe39d5d4b218ed3a23d159a75c9c35f13a59f0d9bdbc41b3d72eab23454fc7478868df6831fcabf64727125508bb

Download Submit
C:\ProgramData\JWrapper-Remote Access\Remote AccessWinLauncher.exe

Filesize
631KB

MD5
4f901dd298645b5caad860c7dc40b867

SHA1
8c808f043689a0bc7dbad6054041ff1f1f73685b

SHA256
eef69dd45c9b023b80083869a4a6071ef7be38eb9fc70b07ff0044135485e1f2

SHA512
8e40c5b827d5ea7a4f38718bae7706b1f1468e3a78176151b339d370072e8bf44fb5854f3390c97da6f376205d289ca2866e9f6df3ea254cec2ccf7724d0b558

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-JWrapper-00102236230-complete\jwutils_win64.dll

Filesize
243KB

MD5
3bc9749f5118f7d5f8c652cb59a60787

SHA1
a570885b6085bb29ae31acf9b806ae7563ca2f56

SHA256
061e2aa6fe2e27b6f2595b4703486c9bfb603cb276b780bc43f63b1f1b844198

SHA512
fadfed1fc1ac700149bcce4343720465fc6fa5a96b4da48a7dfffcc0f3ccfc01593688f86d19a4da80bec8370130478fb6336110173d46282c38c443d723e661

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\java.dll

Filesize
156KB

MD5
c15b283310fcf536e39d816db8349990

SHA1
3db459debe6ebb1cd186e6b34687c62311367546

SHA256
12687c8b9bc286807d3bcff6c26465a483900b05aa0da6d15871ea5e9a1ed96e

SHA512
6c2193ad240a26fe12481057d9ce274c0bdd6e3f9491d9b7c611cff1fb5fb8aead309136076511c1e8037e2bbc5f930ea396f7ddfc1c08256f0356967b97228d

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\net.dll

Filesize
96KB

MD5
1c5ae3178f47607de9674521c4ee26f2

SHA1
f8991b430a2b8ded0982595e0ac50a2b9623d30d

SHA256
08f3a8c065d952fcc5cae7a912adc46fe4d02029207b170feaae5410784fc851

SHA512
b070cf3563025e6105acf04c872eb234b5891c99ed50db91050b329de55c9ee4339d3f2fdbac184901e6869c861d3cfe079d9eb88bd786183e3f7937b84c8cb8

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\server\jvm.dll

Filesize
8.6MB

MD5
2bd9330f2caff97fe12f4a330ae1f107

SHA1
3ab7e69839c584a16328d773a657245e19f32847

SHA256
f8473f869f6ce88126eabb6ae4b1b765caf2780faabfb734287f33fa9af9df1e

SHA512
aa3b99ac1ec80e4dc665ebcd5262cc6818f62734e9063ecf4b1bf6ec099c391d1eeb26108677a841b28ec2c558322dc3b114b75206d0aee196f659a263540c46

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\verify.dll

Filesize
48KB

MD5
38bdc89172aca98a8df57cc6b0e5e8db

SHA1
2448538975c6daf00f4014d166ebb014d2374e8f

SHA256
981dafa227a6ff4e1bf9a38d94800b28f1e39adc6fe5f76b9362206bd7346ebe

SHA512
9fc3d626948f0990a311e3710786f6028e66cf75d6926c3d433526a349c93492cf7b7b1bfe7499eb88970e5342fd0201b58b7f227bfc009057dea7517b67b29f

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapper-Windows64JRE-00084000053-complete\bin\zip.dll

Filesize
77KB

MD5
a9040ad98ad82934efbac3de57f9acc2

SHA1
904e1b26aa21b7e7c065706ac4065ec43310b2a0

SHA256
cf661a6d7172f64f3a7d9559eba32c3363ea26a913ae56420a0a184a42198320

SHA512
848678c637349d59b5947a50ae6736882b260f00b31ed6b39d205a28bd9d9415e43bc7499c8cc5b3f1dc2b6b476f964583aa3bdb8fffbc6f35f363bad3d694ae

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\unpack200.exe

Filesize
195KB

MD5
ffae954c09033df1ebcd4fe056b183f2

SHA1
ee369cf9a6d4ab2f91a05fe84bf790fdda873669

SHA256
2f5955b1d5bfd13f0c3b70c5a261df5d524a849a45c0d31f64478188cbe82665

SHA512
be00fc9c0242d27e0f8cca0a0af39bcee502683dd0246e7453b6b4aebccd81ea221a4b14ccef48244920a180bc268132f7ca4584efa46a648a7bec9c1a7da3d4

Download Submit
\ProgramData\JWrapper-Remote Access\JWrapperTemp-1717684106-6-app\bin\windowslauncher.exe

Filesize
169KB

MD5
a46bb5fba9e69463fb89039d19fea2b0

SHA1
a96561051f7cd1d10c87bfad290c5131191686d3

SHA256
214b6e8108349c7bb4944b4d20bbc44c8b2e55ed69dc28f8651e44bf72dd9dcf

SHA512
05a6fd898bd21a9714516def4b564cba252d633ddefa582ffb1920d5ba9fe551d8bc168dd78e4658524aee8e91b2e815d3f800b89357a61d133d90a65653cfcc

Download Submit
memory/884-705-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-610-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-725-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-739-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/884-708-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-740-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/884-657-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-597-0x0000000014650000-0x000000001468D000-memory.dmp

Filesize
244KB

Download
memory/884-634-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-615-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-613-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-719-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-578-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-606-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-608-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/884-607-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/884-602-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-598-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/884-588-0x0000000001D50000-0x0000000001D82000-memory.dmp

Filesize
200KB

Download
memory/1368-243-0x000000013FED0000-0x000000013FF03000-memory.dmp

Filesize
204KB

Download
memory/1368-244-0x00000000745A0000-0x0000000074672000-memory.dmp

Filesize
840KB

Download
memory/1732-409-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-451-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/1732-586-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/1732-585-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/1732-584-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/1732-583-0x0000000004D00000-0x0000000004F70000-memory.dmp

Filesize
2.4MB

Download
memory/1732-582-0x0000000073DB0000-0x0000000073E82000-memory.dmp

Filesize
840KB

Download
memory/1732-580-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-353-0x0000000004D00000-0x0000000004F70000-memory.dmp

Filesize
2.4MB

Download
memory/1732-365-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-509-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-380-0x0000000003580000-0x00000000035B2000-memory.dmp

Filesize
200KB

Download
memory/1732-494-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/1732-587-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/1732-449-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/1732-447-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/1732-444-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-435-0x0000000073DB0000-0x0000000073E82000-memory.dmp

Filesize
840KB

Download
memory/1732-437-0x0000000002630000-0x000000000263A000-memory.dmp

Filesize
40KB

Download
memory/1732-436-0x0000000002630000-0x000000000263A000-memory.dmp

Filesize
40KB

Download
memory/1732-404-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1732-397-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/3044-506-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3044-510-0x00000000003B0000-0x00000000003E2000-memory.dmp

Filesize
200KB

Download
memory/3044-518-0x0000000073DB0000-0x0000000073E82000-memory.dmp

Filesize
840KB

Download