Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	fc39d09d187739e5_splash_11@2x-lic.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\splash_11@2x-lic.gif
Size	12.0KB
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 640 x 278
MD5	`3fe2013854a5bdaa488a6d7208d5ddd3`
SHA1	`d2bff9bbf7920ca743b81a0ee23b0719b4d057ca`
SHA256	`fc39d09d187739e580e47569556de0d19af28b53df5372c7e0538fd26edb7988`
CRC32	`64F01900`
ssdeep	`192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu`
Yara	None matched
VirusTotal	Search for analysis

Name	27fec24f695ca7df_jsoundds.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jsoundds.dll
Size	27.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`53dc37728b766b09d522ce52d1fb6474`
SHA1	`0ca2894a6bec781138710a3801d2e3322ee59fdd`
SHA256	`27fec24f695ca7df46f9e8ae0698d83e50d43580cc25553ca5bdbe402317db15`
CRC32	`3B515B39`
ssdeep	`768:CWeFz9Yu22rM0Z6uHB72ZWreX06OMi423nDIN5sgvYWWOMtPQqdhm2QdLrbC7O:CWItI4hm24rWO`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	55374d39da507ac2_unpack.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\unpack.dll
Size	64.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ba27348330031a722eb6e7df0b39e95e`
SHA1	`1acfe47910d5f240d75dbc5c669412ebf2777c5f`
SHA256	`55374d39da507ac2e48e15c2f811f13e53eaa468aa450f8761c8f5d85f32b3ad`
CRC32	`5BBEF669`
ssdeep	`1536:ZlDaHwMW2YUJYOZ4y37DAuZYeQ8sIdDAZTwdQUx8:PDiwMAXOJ37Dw8sIdDAZTwdv8`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9183d20b98ef040f_awt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\awt.dll
Size	1.1MB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d1fcf3dd6746a29238bfca90e7d0ba88`
SHA1	`00b136a787fc4c46aec72f83ec36e9b88fec1429`
SHA256	`9183d20b98ef040f9e185c70e1f6e9e73ddd81b3f59a195d34f9d1631a955a33`
CRC32	`DEEB3CE0`
ssdeep	`12288:/csdAfHscvoDvZdTnkU+CSypISkpVSAGNXD229SBZIJmKNczL8vQj3pos2A:/h2fHxvoDvDLzFSlzVSAGVD29ZIozlx`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0f2265f0113a757c_fontconfig.bfc Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fontconfig.bfc
Size	3.7KB
Processes	2708 (xcopy.exe)
Type	raw G3 (Group 3) FAX
MD5	`827f00e05f3c5272aef3bf456cf52bf5`
SHA1	`280ef454a4644d1e17c7afac3b94249ed6bbdcbe`
SHA256	`0f2265f0113a757c15d51fa53409d630478378fd0856ef547780b40ac6c87156`
CRC32	`B0679612`
ssdeep	`96:i7WgWWWW81dp83p3D7WOk4BxciETBT5BLrws+LW/Be6Ji:iBWWWW8/e53vNxci8juWC`
Yara	None matched
VirusTotal	Search for analysis

Name	23f9a5c12fa83965_license Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\LICENSE
Size	40.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`98f46ab6481d87c4d77e0e91a6dbc15f`
SHA1	`3e86865deec0814c958bcf7fb87f790bccc0e8bd`
SHA256	`23f9a5c12fa839650595a32872b7360b9e030c7213580fb27dd9185538a5828c`
CRC32	`EE974348`
ssdeep	`3:c3AXFshzhRSjn:c9hzhgj`
Yara	None matched
VirusTotal	Search for analysis

Name	fa2796a7c52e07a6_kinit.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\kinit.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d4c8cd70d6431f71737732a41ebb5706`
SHA1	`bd0eef3cf690449f3ca052fc3822e4d67335082a`
SHA256	`fa2796a7c52e07a6a861d9a298df24d1c501ca417512db5bffb2fa2be7c4d199`
CRC32	`93B87DA6`
ssdeep	`384:GpsV75cn57lmSHhV8CBSeek4SzSqBnYPLr7EAd:GpsVmnOS/8AfekhC7EAd`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9dd5ccd6bdfdaad3_splash@2x.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\splash@2x.gif
Size	14.9KB
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 640 x 278
MD5	`cb81fed291361d1dd745202659857b1b`
SHA1	`0ae4a5bda2a6d628fac51462390b503c99509fdc`
SHA256	`9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435`
CRC32	`6E35946E`
ssdeep	`192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI`
Yara	None matched
VirusTotal	Search for analysis

Name	0faaaca3c730857d_lucidabrightregular.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf
Size	336.8KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Reg
MD5	`630a6fa16c414f3de6110e46717aad53`
SHA1	`5d7ed564791c900a8786936930ba99385653139c`
SHA256	`0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923`
CRC32	`B0835905`
ssdeep	`6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82`
Yara	None matched
VirusTotal	Search for analysis

Name	c8f3ecc72533f0c2_net.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\net.dll
Size	79.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ac5eaf9161304413815af52d77afc3ab`
SHA1	`726f0c6516fdbfb72d22783b5fd7773dbbd0f6e0`
SHA256	`c8f3ecc72533f0c273e3e8e5b2b7c0b8e60800e9e38462af0d831742f3b6957a`
CRC32	`B61908C3`
ssdeep	`1536:dupUXU4GEUDNnp5G7gyoV9q5lrNBx47xrca0oDscSnZE:dupUkx7KEpV9q519oDsnE`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	90012f900cf749a0_us_export_policy.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\US_export_policy.jar
Size	3.0KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`ee4ed9c75a1aaa04dfd192382c57900c`
SHA1	`7d69ea3b385bc067738520f1b5c549e1084be285`
SHA256	`90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870`
CRC32	`1C0E73D1`
ssdeep	`48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ`
Yara	None matched
VirusTotal	Search for analysis

Name	d9c95c31b4c1092f_messages_ko.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties
Size	5.6KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`fed33982e349f696ef21e35ed0dbbde3`
SHA1	`bf9e055b5ab138ad6d49769e2b7630b7938848d6`
SHA256	`d9c95c31b4c1092f32bdcf40d5232b31cc09fb5b68564067c1c2a5f59d3869fa`
CRC32	`9922B0D7`
ssdeep	`96:fiX7fdokXLqlz9yx3f7yhJxpmG32i0HkZr+ywc8b8+/moD7yct070DL70Dj:g7ucLoINAYGbT/44i4`
Yara	None matched
VirusTotal	Search for analysis

Name	fc71398beb4f5b0b_jaas_nt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jaas_nt.dll
Size	19.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`85ac6ae1283b0236f1bc2e9c765319d6`
SHA1	`59215fdacedfadc6b9d1c5f170723bf0ae782858`
SHA256	`fc71398beb4f5b0b26a20ef879a65becd4117e24e914f31c27cf111241b49d6e`
CRC32	`72FF1040`
ssdeep	`384:43kF/QP8xkI6T7WIE0PVlLmSZCnYPLr7tMqf:4UqP7I6GkdRbcC71f`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bc824165cb453551_dt_shmem.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\dt_shmem.dll
Size	24.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`dcaca3a32df5c0ed313c54363a240590`
SHA1	`80a698c279806bb45d399204f05b02c860c97657`
SHA256	`bc824165cb453551ddaa1d35ec23ff223d688aba1a26359f7104b8b65460e5f6`
CRC32	`DFBA672D`
ssdeep	`384:StmgNWEfK0RiC4qxJo8q6ZEPG5WvcEsnYPLr7cb:S46WmK0RiSxJnq6W+7xC7W`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9bb7c69635ee5890_javafx_font.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javafx_font.dll
Size	56.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2c36750049395b941658e5523dfc4302`
SHA1	`cc4f46c2cc1ee5161a07f0d31d2064bd7837bebe`
SHA256	`9bb7c69635ee589052db18e8979bab188ad79fa75e60620719f61398d483afbb`
CRC32	`B7210F0D`
ssdeep	`768:Sg/KC7qdFarGYmLP8FnqsdlxkJavvo8N+hwBBwaa3rpe8ZmI6aSTcBqwiw8E2ISR:Z6arRmcnq2lxm+Na6C7HITET8E2pA9nU`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	289627decebe61c1_javafx_iio.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javafx_iio.dll
Size	123.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c25e9ec35c29e80dd23b4fea49e4e617`
SHA1	`f7845cef2b5fa1ce6b3216dc353ff4df6c609907`
SHA256	`289627decebe61c1d02b73c6bb98e99344fbf19c30354224b59e46595c703964`
CRC32	`9FA2D43C`
ssdeep	`3072:MOxjjADzd+aeaPB9JhjxkM2wzGdXJbD//0Xra:McKzeaPB9JhjxknwzG5JbDXce`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c5578ac349105de5_splash_11-lic.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\splash_11-lic.gif
Size	7.6KB
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 320 x 139
MD5	`9e8f541e6ceba93c12d272840cc555f8`
SHA1	`8def364e07f40142822df84b5bb4f50846cb5e4e`
SHA256	`c5578ac349105de51c1e9109d22c7843aab525c951e312700c73d5fd427281b9`
CRC32	`BBD4230B`
ssdeep	`96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU`
Yara	None matched
VirusTotal	Search for analysis

Name	91020b724212fd02_tzdb.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\tzdb.dat
Size	103.0KB
Processes	2708 (xcopy.exe)
Type	data
MD5	`81af1c59dbf6f4b1b9984d7a391d068e`
SHA1	`78e4770726d075861da20f4bf6a822e677e8dc13`
SHA256	`91020b724212fd02a552534c5b8a9af52258293d4027be2a1e27c56298bc557b`
CRC32	`FAA056D5`
ssdeep	`1536:/0UKmE9UPOLn+hkpoVjTMB0q/////0l7asH3RX9rUVsuqmot09gDtz:/Cr+iaVfqsH3RNr6suql+9gD1`
Yara	None matched
VirusTotal	Search for analysis

Name	8d499c1cb14d58e9_messages_ja.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties
Size	6.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`b7279f1c3ba0b63806f37f6b9d33c314`
SHA1	`751170a7cdefcb1226604ac3f8196e06a04fd7ac`
SHA256	`8d499c1cb14d58e968a823e11d5b114408c010b053b3b38cfef7ebf9fb49096f`
CRC32	`0884FA53`
ssdeep	`96:Ltk1ZccBD8M25jCTDrk9/RoaG7THG9o7f6tEflA44CAmIbIC3j5pN/o8woJb:W1xBY1CG6OlG2r`
Yara	None matched
VirusTotal	Search for analysis

Name	44bcf8043bfc163d_jp2launcher.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jp2launcher.exe
Size	81.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ee3f5fa62fc6faa7d130c26e03e148e2`
SHA1	`2cb94e75ccfe258718784be9f5b9f8b271b38dca`
SHA256	`44bcf8043bfc163d4ecd92d88a69fa29179e84ab0862f2333b6de39f7d3ed1d5`
CRC32	`94D7162E`
ssdeep	`1536:aUV1TXKvcwKOuFqlgOt6s07VahQrOy7DeSOzMMC+Cj274X+sB9:VV1DxwCggOwDVaIOy7DeSOoGC674X+sL`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	72e326d21e1ca856_plugin.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\plugin.jar
Size	1.8MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`a94d3c865d2481139f24edb69f6b1e1d`
SHA1	`d48c31ce711b4d23b7d5406773a2c5951ffb1c8c`
SHA256	`72e326d21e1ca8569eb14a61594653934238e53b291f1d27b55fa67f5917fa72`
CRC32	`6424B4F2`
ssdeep	`12288:eBb8NwuKlMSJQ8ekrObISF18dIPecYHOOxkrsV:eB8NSlBJbrOUI12HOXre`
Yara	None matched
VirusTotal	Search for analysis

Name	72cee3e6df72ad57_lucidabrightdemibold.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf
Size	73.4KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright De
MD5	`af0c5c24ef340aea5ccac002177e5c09`
SHA1	`b5c97f985639e19a3b712193ee48b55dda581fd1`
SHA256	`72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244`
CRC32	`79B2090E`
ssdeep	`768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD`
Yara	None matched
VirusTotal	Search for analysis

Name	a5ecfc852bce3cf9_jfxwebkit.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jfxwebkit.dll
Size	33.7MB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`7d1ad8d3d449c30d609f8ff9ed0d5f17`
SHA1	`cd4ff19c67aeb9a0c94a3c469891ba166296c961`
SHA256	`a5ecfc852bce3cf9b4bddcfa4b8e349e49841fcd27e257842c40cd5b40513f8c`
CRC32	`41E5C25E`
ssdeep	`393216:6v9U6aHS0ATuwSrZTujVrQP3l9f1xDKRlDsqXCagQZhzvilh2Wlq7OncC:gBayHufR10va`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b1022e1023459cef_glib-lite.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\glib-lite.dll
Size	391.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ea0f9f1a8b8abde2e1b88d66c3aeec9a`
SHA1	`80b5fcba473de1c30336f222e4a0df5742ecba0e`
SHA256	`b1022e1023459cefe5c58d2cfecd58d5de1941db7e58eb3663acb5d99a6c516f`
CRC32	`0C1A7D2E`
ssdeep	`12288:2nIS5PeQTBQUw1ivWQd6swIp5WhkRk08i:2nIsWQtidQdmImR08i`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b4552f62e1238bb2_java-rmi.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\java-rmi.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`0df51e59d0b03ecedb1b28ed07f12f92`
SHA1	`8db1cc9f03c7a8aba7241a6c88726911d15c349f`
SHA256	`b4552f62e1238bb2679d44fd9d863ba505133d804d03e08f5882a9abda7d8b72`
CRC32	`A160A027`
ssdeep	`384:GpsVoHnDiQ7nejmSHhV8fkees72nYPLr7wQ:GpsVoHnhHS/8fBesiC7j`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8deeec35ed29348f_messages_fr.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties
Size	3.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`c11ab66fede3042ee75dfd19032c8a72`
SHA1	`69bd2d03c2064f8679de5b4e430ea61b567c69c5`
SHA256	`8deeec35ed29348f5755801f42675e3bf3fa7ad4b1e414acca283c4da40e4d77`
CRC32	`2DB0A909`
ssdeep	`48:pcj7LwORE+DNaQCJhSNiZGBk9zghSqvS//oTnvDHt65NA3gBne8p6KF/uoYuh1Lq:pc3LwqiJhSNiZNQSov0U4t1S4x8X/`
Yara	None matched
VirusTotal	Search for analysis

Name	f0af778eb77be0cd_keytool.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\keytool.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1299790a3177d133b4cda7e6496105e7`
SHA1	`4ace12f558d4e286a14d45f6c7bb5830ca2670f9`
SHA256	`f0af778eb77be0cdc4d480fa8b4fa095e725d26efac9bb6660be788a64dac605`
CRC32	`E85E331E`
ssdeep	`384:Gpsh5cnQ7/mSHhV8QueeU4SzisnYPLr7D:GpssnNS/8QzeUVC7D`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f1dc97da5a5d220e_snmp.acl.template Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\management\snmp.acl.template
Size	3.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`71a7de7dbe2977f6ece75c904d430b62`
SHA1	`2e9f9ac287274532eb1f0d1afcefd7f3e97cc794`
SHA256	`f1dc97da5a5d220ed5d5b71110ce8200b16cac50622b33790bb03e329c751ced`
CRC32	`4476404A`
ssdeep	`48:MkX7W6+IX6XXZAHAvuAn97+onkFOqRCjEhd//SVBteM8hq/unuxsIsxuEAJw2n:MU6bpjvuAnEokSIU/uuxJn`
Yara	None matched
VirusTotal	Search for analysis

Name	299c2360b6155eb2_sound.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\sound.properties
Size	1.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`4f95242740bfb7b133b879597947a41e`
SHA1	`9afceb218059d981d0fa9f07aad3c5097cf41b0c`
SHA256	`299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66`
CRC32	`ACBE030F`
ssdeep	`24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy`
Yara	None matched
VirusTotal	Search for analysis

Name	22458853da2415f7_currency.data Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\currency.data
Size	4.0KB
Processes	2708 (xcopy.exe)
Type	data
MD5	`f6258230b51220609a60aa6ba70d68f3`
SHA1	`b5b95dd1ddcd3a433db14976e3b7f92664043536`
SHA256	`22458853da2415f7775652a7f57bb6665f83a9ae9fb8bd3cf05e29aac24c8441`
CRC32	`1456763A`
ssdeep	`48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr`
Yara	None matched
VirusTotal	Search for analysis

Name	98028fdf5370e067_jfxswt.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jfxswt.jar
Size	33.1KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`50a0e8a1ef2aa36a2d12691de584df7c`
SHA1	`aabdfc47c6a235b44f54040d8cd09b4defe3f28d`
SHA256	`98028fdf5370e0672cc5184a5a5fa503a5ebcba23d0e4f160164d3b009933914`
CRC32	`6971686E`
ssdeep	`768:mYknZGzk86VBjSe/SAivN9kqizjlhojQxQYuWq8:mYWZUk//nENIzROjQxYr8`
Yara	None matched
VirusTotal	Search for analysis

Name	5ccee63720fcac2a_messages_sv.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties
Size	3.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`a6005be45c88900a15bc80d461b60c30`
SHA1	`ca3e18b5aea928a8465656c86970d9584d85ef7f`
SHA256	`5ccee63720fcac2a136cf1fa90cbac05040f89ffe8c082c2d067247bfcd76b87`
CRC32	`1C53FDD0`
ssdeep	`96:pB+L1Q6sQcqRo/hM7M4ogqxwvpvykU/2/7JCh91XlK7Q/vm2QAfr:vM1TsGk1CzJA1KGm2QIr`
Yara	None matched
VirusTotal	Search for analysis

Name	485cbe5c5144cfcd_win32_linkdrop32x32.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif
Size	168.0B
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 31 x 32
MD5	`694a59efde0648f49fa448a46c4d8948`
SHA1	`4b3843cbd4f112a90d112a37957684c843d68e83`
SHA256	`485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198`
CRC32	`36C5ECF2`
ssdeep	`3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn`
Yara	None matched
VirusTotal	Search for analysis

Name	13c783acd580df27_win32_copydrop32x32.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif
Size	165.0B
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 31 x 32
MD5	`89cdf623e11aaf0407328fd3ada32c07`
SHA1	`ae813939f9a52e7b59927f531ce8757636ff8082`
SHA256	`13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d`
CRC32	`BBEB01DD`
ssdeep	`3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn`
Yara	None matched
VirusTotal	Search for analysis

Name	9da575dd2d5b7c1e_Retrive7608619414195445135.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Retrive7608619414195445135.vbs
Size	276.0B
Processes	2300 (java.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3bdfd33017806b85949b6faa7d4b98e4`
SHA1	`f92844fee69ef98db6e68931adfaa9a0a0f8ce66`
SHA256	`9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6`
CRC32	`4B6BC93B`
ssdeep	`6:jpxiFtqvAAT+geD5NaqZxLMTrLavbx3laDH6djsyn:vmtqvAndZFcrG9lpjsyn`
Yara	None matched
VirusTotal	Search for analysis

Name	15c40db7ab18423a_jce.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jce.jar
Size	113.7KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`70eb04d21d1639b5d92165cd9d3940ba`
SHA1	`d958adac5f1edefa22045a1409ccdeff154779c1`
SHA256	`15c40db7ab18423a7b653b64033d4639a8ba5f201c20232c6f5dce0102887231`
CRC32	`A3D58B0C`
ssdeep	`3072:v47Ovr7VDo5Zd5UVokTTNeMAgGHuyCTCK:A0DqZdWBo7DH7CX`
Yara	None matched
VirusTotal	Search for analysis

Name	113e04835ef9fa2e_release Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\release
Size	527.0B
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`a35f3f1092d58f68fa1a38be81dc8a7a`
SHA1	`403a9f0ef0dc99119e0622d0c9177efe82fdff83`
SHA256	`113e04835ef9fa2ee99b1b92c3dd6326240a2cda5ff0b74d9a0a072051b5ddc1`
CRC32	`9946A6A9`
ssdeep	`12:Grk18B1dZPVPonVLxQ8MPoSY2cLuFB7Tvnpb64niU3c0E:Grc8B1rVPCxQcL8/Nix0E`
Yara	None matched
VirusTotal	Search for analysis

Name	460107cb7599a35f_jvm.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\client\jvm.dll
Size	3.7MB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`02c71d808140922173c3afed8ba06581`
SHA1	`2e7da7e02987a0a65a4c4f8bda025c2b9553d171`
SHA256	`460107cb7599a35f2f5831f182d5eb7e8ab0d5e03955b1a5a4584ab29db78ba0`
CRC32	`C57250B9`
ssdeep	`49152:TfzrFiu0/9y81dbxq/sbBLtF9P/w94Ly0cnWVaGAKg6Bdwo3z4IWjx5NmFcv/G8N:TbMxy8Txksb9NyNkaeBBlKkcv/Gm`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	86e39b5995af0e04_msvcr120.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\msvcr120.dll
Size	948.2KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`034ccadc1c073e4216e9466b720f9849`
SHA1	`f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1`
SHA256	`86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f`
CRC32	`AE33CA0B`
ssdeep	`12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	dba2da4d3363b57a_management-agent.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\management-agent.jar
Size	381.0B
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`61fad97241640feb37c028d56b5109e3`
SHA1	`1e5d7d928ced1f8f21c97a32290ee1d6b1704351`
SHA256	`dba2da4d3363b57a3f3f6e6b6883fd92e54bfdadc69ede29e29a19f01f4de25e`
CRC32	`92A225C7`
ssdeep	`6:5jjaB4r/RjjGzbdy/oocj+sqX2K5YZ5/CUMQxxjkm4xW6gxmzbdGh/4:5juGJjaq1cCvXPA/CUMQxO4Lx2K/4`
Yara	None matched
VirusTotal	Search for analysis

Name	d9d0aab0354c3856_lucidatypewriterregular.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf
Size	237.0KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter
MD5	`c1397e8d6e6abcd727c71fca2132e218`
SHA1	`c144dcafe4faf2e79cfd74d8134a631f30234db1`
SHA256	`d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff`
CRC32	`D9674FEC`
ssdeep	`3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9`
Yara	None matched
VirusTotal	Search for analysis

Name	37cf4e6cdc4357ce_xusage.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\client\Xusage.txt
Size	1.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`b3174769a9e9e654812315468ae9c5fa`
SHA1	`238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8`
SHA256	`37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08`
CRC32	`764A249C`
ssdeep	`24:N3ZYKm8fuW6psByGJjR0X46kA2SsGFhD+GbpGCOhLRr3n:mOLUskGJjyltsGFV+GbpGCOTr`
Yara	None matched
VirusTotal	Search for analysis

Name	d93fb6d3451d1b82_calendars.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\calendars.properties
Size	1.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`40a6f317d17705b4d0241f4ebb45962d`
SHA1	`42ebb0988124433b8f2a6e5d9a74ed41240bcfc6`
SHA256	`d93fb6d3451d1b82256b0e31aae7850152fa5df76f116a9d669aa4ace6bb68b4`
CRC32	`33A66474`
ssdeep	`24:QVDBgkwOVul8DbeQd3s5MCmCkcJF+DK+Obv:KwOVu2HXy5MCmCkcJFvRL`
Yara	None matched
VirusTotal	Search for analysis

Name	563d9f09933a2730_jli.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jli.dll
Size	155.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7f9f10653fefd454e63eaafe1e37ce97`
SHA1	`bf24a329594331b623cd19b7ef5cdbccf40579e3`
SHA256	`563d9f09933a2730d4c0eed77c208d67c8d0aad47e391aabd4ac4ea484916c09`
CRC32	`074A69BD`
ssdeep	`3072:J3tMFnoUz3DNK0EZiBRFVFH0M6TBfyiDDq:xtCpzRK8BRFVFUM6TBq`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c36d1dc215c52261_deploy.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy.jar
Size	4.8MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`815ae9039644659e81f5e50ae995ef03`
SHA1	`874377fb63b8d1ad59e95a615e523868a2677728`
SHA256	`c36d1dc215c52261fc4a0f4f7f3d64b3a4bc3bef7199336de9d878001847f890`
CRC32	`47A84D96`
ssdeep	`49152:yLl6Plmxnw37H8eieZmpGkaBI3+0CguR2pxRFpRMrsgQ1xW:TUrCKHRbRModxW`
Yara	Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	c77ba9f668fee7e9_thirdpartylicensereadme.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
Size	172.9KB
Processes	2708 (xcopy.exe)
Type	UTF-8 Unicode text
MD5	`745d6db5fc58c63f74ce6a7d4db7e695`
SHA1	`a816fb5dd09e32d80e1ecf47a458569e3868b975`
SHA256	`c77ba9f668fee7e9b810f1493e518adf87233ac8793e4b37c9b3d1ed7846f1c0`
CRC32	`2CFED77F`
ssdeep	`3072:Yj33DuJYSqN7amC35q6dNFiG8OH8eowpQcw+4oHHZZvc9HNhJhxe+p/U0UIdKJpi:3qN2p5Jmncw+4o0HMWEyHrNRj`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	0f919df42ff66be3_t2k.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\t2k.dll
Size	190.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f2b8b2fbcbbce78a44e6ae6ca7dc9f8a`
SHA1	`9d7c5a5eab682a4c01f9c1811d0d161bf29f10af`
SHA256	`0f919df42ff66be39d1268ae0759034e3afd89d12ce8eb7c536cdbb6810beddb`
CRC32	`64A7D7FF`
ssdeep	`3072:EwNBDgwyxckbzuUH7zO5SnEywfxEBX+CfZa7EzGGDLylsKJ2qIcWYEfQQxIYh5Bg:EMgwyxbrm5SEdE7IGIsD5YNfwI`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	58fb3c5a853fa494_management.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\management.dll
Size	32.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8d0a1f87c36520fa9738a317c4eed4a8`
SHA1	`a6de5f7e99ce4495aa597b8c621270c29fd84456`
SHA256	`58fb3c5a853fa4940ec03ce90f75791d0d0e29f46766606a73718bb00d0e5e89`
CRC32	`ADDDF131`
ssdeep	`384:uFlXkyiF8JCAOvVdVwp6BiusZ6cZtf2B2c8I9nLM6FuWPWPswhyEKPVE1MbXrvH0:mjSvVA60TZ6cZtf2DPVwhxKd70tdhC7O`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3ff88af93239b4b0_fontmanager.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\fontmanager.dll
Size	218.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`94bb31d37cf2a3143906099dbedbb526`
SHA1	`69e7e321a1bd59401247db0558370bf0fd4db6f8`
SHA256	`3ff88af93239b4b011dfe92863e67dccceefc0f00843c209592a9835bdf555d7`
CRC32	`0E06F710`
ssdeep	`6144:f4qiUabN6Lpg0hiBfDTu9avKd59uFGMReiD/Q7OBmR:f4qiUabN6Lpg0hiBfDTu9avKyGS4`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	12cfce05229dba93_win32_movedrop32x32.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif
Size	147.0B
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 31 x 32
MD5	`cc8dd9ab7ddf6efa2f3b8bcfa31115c0`
SHA1	`1333f489ac0506d7dc98656a515feeb6e87e27f9`
SHA256	`12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338`
CRC32	`9861BE64`
ssdeep	`3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p`
Yara	None matched
VirusTotal	Search for analysis

Name	52315e4fe3d57e55_jp2ssv.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jp2ssv.dll
Size	182.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`14f57fb1f3da1502e8d3e25ac67c9974`
SHA1	`6bd503be3d9aae670df5c03ece78093b3a2b51cf`
SHA256	`52315e4fe3d57e5542b392cd7c422d4687849a5f9e78baecf98fb8a39947dac0`
CRC32	`6CC2DEF9`
ssdeep	`3072:gsmDhDvT4TZin0OYv6RsFFP+vfWP6T7cjQ/KdsSOH/m3WB1yD:gsyZ8NOM6MP+XWPM7c8pSfGG`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	277af42a715037a1_lxgvotpuynr.dwjwxa Submit file
Filepath	C:\Users\test22\DfSJGumiMVk\lXgvOTPUynR.dWJwxa
Size	261.4KB
Processes	2300 (java.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`2a3426e77f270bf7d46e1f3599541271`
SHA1	`817c57aa7e04630022fc67ce517fdfef23d44a58`
SHA256	`277af42a715037a16c0455c792cca68491c2888d9acb6ecb1ebd8f56a76c6100`
CRC32	`AACD47E0`
ssdeep	`6144:LOoQtE9ASAWpCi4gBn8WVIogpVfqZoFU/meUgnc3:CoQtE/AWj408WVIvLqCFU/md2Q`
Yara	None matched
VirusTotal	Search for analysis

Name	7467b1bfbc604bcf_java_crw_demo.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\java_crw_demo.dll
Size	23.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`97c9b4379b75b4e4772af322f7553fa8`
SHA1	`ebb011c3adaa692f4363f620f7750576e8fa6781`
SHA256	`7467b1bfbc604bcfc021cb319265d0013b0c8677e55dae1de72cac6a7399c356`
CRC32	`58EAD1B1`
ssdeep	`384:ap2dG5pC/ujTc8ZrEnrZm8WXBjnPV5cZ+QHwnYPLr7g7I:QvCGjJ0QdndY++wC7g7I`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	963095cf8db76fb8_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\README.txt
Size	46.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`0f1123976b959ac5e8b89eb8c245c4bd`
SHA1	`f90331df1e5badeadc501d8dd70714c62a920204`
SHA256	`963095cf8db76fb8071fd19a3110718a42f2ab42b27a3adfd9ec58981c3e88d2`
CRC32	`E1893F0F`
ssdeep	`3:c3AXFshzhRSkU:c9hzhgkU`
Yara	None matched
VirusTotal	Search for analysis

Name	6f3f130aa22b3cbe_welcome.html Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\Welcome.html
Size	955.0B
Processes	2708 (xcopy.exe)
Type	HTML document, ASCII text
MD5	`7a329f25e9cc132c673cd134e8134b0d`
SHA1	`634d69fdd1e9b824a1e92da00fdb6201a6d302ac`
SHA256	`6f3f130aa22b3cbead959e5cf0f7f626b96539eeca56bed60768e91a77823363`
CRC32	`B2E8DC27`
ssdeep	`24:INMTdqcxtK4jXQ5VaJ2gjQo4pDW94mKDJn:TTdqIK4jXjJdso4V7B`
Yara	None matched
VirusTotal	Search for analysis

Name	8dc9dca1ff20bae4_prism_d3d.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\prism_d3d.dll
Size	113.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`67d0bed21483cc542d85a7ebd4b5bddb`
SHA1	`0a76ae9819cf64c917a304dc4014e8b7afe4a188`
SHA256	`8dc9dca1ff20bae447c2a728b899f2bb17eaf8e8ad3294e3ef91607c8ffcffa6`
CRC32	`0D109183`
ssdeep	`3072:rxOEeMCanoEDuJ5kqpWoa+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXT6:dOEeMCanHDC5ksWccxT`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	87c42ca155473e4e_msvcp120.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\msvcp120.dll
Size	444.7KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fd5cabbe52272bd76007b68186ebaf00`
SHA1	`efd1e306c1092c17f6944cc6bf9a1bfad4d14613`
SHA256	`87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608`
CRC32	`53C86B80`
ssdeep	`12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7d51936fa3fd5812_psfontj2d.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\psfontj2d.properties
Size	10.1KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`f8734590a1aec97f6b22f08d1ad1b4bb`
SHA1	`aa327a22a49967f4d74afeee6726f505f209692f`
SHA256	`7d51936fa3fd5812ae51f9f5657e0e70487dca810b985607b6c5d6603f5e6c98`
CRC32	`1946F0BF`
ssdeep	`192:hPwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39zPxq:5xzubEFOEscAW5VKsCfHz8RPxGt`
Yara	None matched
VirusTotal	Search for analysis

Name	a1752a0175f490f6_messages_zh_cn.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties
Size	4.0KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`e6f84c081895acdfd98da0f496e1dd3d`
SHA1	`1c2b96673dddd3596890ef4fc22017d484a1f652`
SHA256	`a1752a0175f490f61e0aad46dc6887c19711f078309062d5260e164ac844f61a`
CRC32	`B22ED65F`
ssdeep	`96:Ln7OVgLO4c5tgvDgEY4tnf7OgdbywfK0eSm91js:3OVTjqvIwPtK1js`
Yara	None matched
VirusTotal	Search for analysis

Name	c0d1c6139ccc1116_jaccess.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\jaccess.jar
Size	43.5KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`5d3127ae2959a77f82bf61697fc4e072`
SHA1	`3041db295c87da10976ce1466dbc07eaae3a2b57`
SHA256	`c0d1c6139ccc1116a466943ed2be5cc7cd05778c67aa650aad2d43f33f360028`
CRC32	`C910294C`
ssdeep	`768:GYVNnsqfgKbWnXuZtQvfFTJr4YbtkZQnWn109oq4rjE4E:GKNnsWgfnXuGf5yYOQnWn10aq23E`
Yara	None matched
VirusTotal	Search for analysis

Name	ddd297102146ac7f_blacklisted.certs Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\blacklisted.certs
Size	1.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`b9c358f9d668e86fda8048982e741acc`
SHA1	`8870bef548310b648ef044db40c5ec609f896f0b`
SHA256	`ddd297102146ac7f6607b35c0e0b565975739a7841da5e5a6207b6f4ebb2d822`
CRC32	`DDB659E1`
ssdeep	`24:NdwGDQ9VW0F1Ejh7Z9uiej4mCCXlCEQpkvJBn4vRU4CYb:NdrDQ94Z1bej4gXlCEo2G/b`
Yara	None matched
VirusTotal	Search for analysis

Name	c9399a33bb9c7534_messages_de.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_de.properties
Size	3.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`d77c3b5274b8161328ab5c78f66dd0d0`
SHA1	`d989fe1b8f7904888d5102294ebefd28d932ecdb`
SHA256	`c9399a33bb9c75345130b99d1d7ce886d9148f1936543587848c47b8540da640`
CRC32	`10854C14`
ssdeep	`96:MLHMLhMXQXTyf2IXOZza2uuFMir25pAvAv2ITOsdK:OHOh4QD+JJcFZY+ITOqK`
Yara	None matched
VirusTotal	Search for analysis

Name	b7a87d1f3f4b7ba1_javaws.policy Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\javaws.policy
Size	98.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`9107d028bd329dbfe4c1f19015ed6d80`
SHA1	`4384ca5e4d32f7dd86d8baddd1e690730d74e694`
SHA256	`b7a87d1f3f4b7ba1d19d0460fa4b63bd1093afc514d67fe3c356247236326425`
CRC32	`3D1B2196`
ssdeep	`3:FGIWgjM0ePFUN1/6IGNDAPVn7n:8c2PFUqIrR7`
Yara	None matched
VirusTotal	Search for analysis

Name	caa2d18f2776ab80_11e658b105eb7263.timestamp Submit file
Filepath	C:\ProgramData\Oracle\Java\.oracle_jre_usage\11e658b105eb7263.timestamp
Size	55.0B
Processes	552 (javaw.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c50c47d58387bd25b14d0e7f847df133`
SHA1	`b66c6ec6a41911facd50a3134226c7e82764dc5b`
SHA256	`caa2d18f2776ab8057687468947edead5ef4acae24ab491a4b2135cc55136b65`
CRC32	`FD998580`
ssdeep	`3:oNmWxpcL4EaKC5cOzTQWLg:oNmQpcLJaZ5NA`
Yara	None matched
VirusTotal	Search for analysis

Name	dd07463d5df8c5c2_wsdetect.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\wsdetect.dll
Size	160.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`23b055f2b25e2e3bc1324d6063fe7e63`
SHA1	`ed36dd77d5e3176e67e03258ff2c0f425f46f8f1`
SHA256	`dd07463d5df8c5c24caa9827d55bfebb7e190ea0455d20ee1ed2c2c38d34c0c5`
CRC32	`BC2AB9E3`
ssdeep	`3072:GjMInlK/uOrCfaEG+FMR4oAUJBDAaYowH7jfapaN6H:GjM4lK/uOrFEvFMR4oAU/DqBH7jfaV`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	068c9312e1688a4f_localedata.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\localedata.jar
Size	2.1MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`32d7d732a4d3fbff825eb5d3fc6a1ede`
SHA1	`6d1531ddc259b7c50f7423fe7b33f03ee8914b66`
SHA256	`068c9312e1688a4fdcb5701b3a2e2d2a245193f9b8035513d6707721c4ebc99c`
CRC32	`D45A46CD`
ssdeep	`24576:NLcbHUw4eh5iUAoTTevdqsn/5dhLIr2Ap2+fA3Tn:pcb0w4ejiUAo4dqGBdhLlAp2WA3b`
Yara	None matched
VirusTotal	Search for analysis

Name	be987d93e23ab731_messages_es.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_es.properties
Size	3.5KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`6d32848bd173b9444b71922616e0645e`
SHA1	`1b0334b79db481c3a59be6915d5118d760c97baa`
SHA256	`be987d93e23ab7318db095727dedd8461ba6d98b9409ef8fc7f5c79fa9666b84`
CRC32	`A24A7029`
ssdeep	`96:ovLS0y45dMsqf52i3nkrBpW/QiQdjY0CQ1G:oTSWw3foFNp71G`
Yara	None matched
VirusTotal	Search for analysis

Name	3471f5167a7ad07b_jsdt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jsdt.dll
Size	16.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9cd099e32634c5515bbc43162255f190`
SHA1	`a85071dbc4addabd2718a515b402b330f19d6d35`
SHA256	`3471f5167a7ad07b68a800a7017bc2877eb175443c99c5b3143f37af26629dd6`
CRC32	`543C1A5A`
ssdeep	`384:Np4uXFpfJYyy3hiqxyRoPV5sOrPnYPLr7M3:N9fJYeoducC7M3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f70e4c858a96603d_profile.jfc Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jfr\profile.jfc
Size	19.6KB
Processes	2708 (xcopy.exe)
Type	XML 1.0 document, ASCII text
MD5	`8b5c309810d64a8c62e7cdc6436f97a9`
SHA1	`5d7d08a595f76322c51ae43ea966fbba6b69eebe`
SHA256	`f70e4c858a96603de6c042ea796300c232953aab17579ff4e7a47fe9ffe17c26`
CRC32	`5E75DB3B`
ssdeep	`192:/fA1ypPOdhJt0ng3Ca66L0smztuxqHbHdHsHNG2iYzT95OAdzAMzVdWVqGKxtOyh:/f4ypy3aamd79Mbhh`
Yara	None matched
VirusTotal	Search for analysis

Name	138b751fe10edfa2_resource.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\resource.dll
Size	14.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`99c2ca3e968a48820dd6ddc1b5eadec1`
SHA1	`aa9b05f8aa0e5c61670ff1f1e74ada619d538b43`
SHA256	`138b751fe10edfa2b053aba9ba50014d5a4079a6ab36c74d68d7ce82a0392dad`
CRC32	`C7712B16`
ssdeep	`192:LEKoWhzSi7l13XLPVlD6G+N9F5o3WUWnYe+PjPriT0fwYf8n6m9dz:LEEfp7PVljWLnYPLr7r8l`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1aa21a957e1b66a1_npjp2.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll
Size	168.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`88cfa56c54d371806c62a8cce1b257ef`
SHA1	`d14bc607576ca9df5973329320632ebc90215b66`
SHA256	`1aa21a957e1b66a1429d0fedb96290a5cf343a601979f5f6f6efaffb5889ffde`
CRC32	`93229A3B`
ssdeep	`3072:wCJcY4goWLvjjsTnRnq61bPiXYmYMoCzObAUcODMM4cBqg8UyJNd5uGZzfYtRD+d:wCLN9jQnLBI6MzObAUcODMM4cBqg8Uy7`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5e4e15a0b5a9395e_nashorn.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\nashorn.jar
Size	1.9MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`11888d4bd93ec0f3a91f0bce2d46b4db`
SHA1	`23c23a8cd469decfc0c3edb4c551f064d213e56a`
SHA256	`5e4e15a0b5a9395ea818bd6f5a0f9ab6f596a33da13121f911babbce5b0555eb`
CRC32	`8B8FD62B`
ssdeep	`49152:RNc5DOE2jzFWTz2NmvMr3qlcZGRPl7FWxNUa:RNckDjw+Nmv+6l3R9FWb`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f6c7301cc282c675_jfr.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jfr.jar
Size	547.4KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`6d0ce2861785b6863a6b3935a1b6d523`
SHA1	`71f0ee76e5caa09b573e2f1ece927a9958064e2f`
SHA256	`f6c7301cc282c6758d4dbace5115f039b94aaa1f582357e0dc3982db8ab88069`
CRC32	`B9530255`
ssdeep	`12288:v5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cd:v5l+qU67FYWg+YWgYWeoXqgYSq8eh2fR`
Yara	None matched
VirusTotal	Search for analysis

Name	a7aa959a7693cd44_j2pcsc.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\j2pcsc.dll
Size	16.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4eeec8fc86472b8b3d99926858ca805b`
SHA1	`ef57587dbd6df815bfc1547df80c3b4d3a24e73c`
SHA256	`a7aa959a7693cd44404c5d388236bb4e7478e7f3c0bea5d19829503fdc02ecdf`
CRC32	`53E2528E`
ssdeep	`192:VLMJRa/RbY0pF8tSSPzDY3X3PVR6y7jzqp85bbU1nYe+PjPriT0fwW6T/:VLMJqfKSizDonPV57yi5bbUnYPLr7S`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b055bf25b07e5ac7_jvm.hprof.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jvm.hprof.txt
Size	4.1KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`c677ff69e70dc36a67c72a3d7ef84d28`
SHA1	`fbd61d52534cdd0c15df332114d469c65d001e33`
SHA256	`b055bf25b07e5ac70e99b897fb8152f288769065b5b84387362bb9cc2e6c9d38`
CRC32	`EB07A762`
ssdeep	`96:CYrYJDrYJ+RvJ3z3d9uGG7hPxTRnhTbraYfwE5DyK:CYrsDrsgvJ3z3buGG7LvSmhDz`
Yara	None matched
VirusTotal	Search for analysis

Name	f2e7594a948d89e4_ssvagent.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\ssvagent.exe
Size	51.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98eec12bb0342a0ab6dbc6cea436d4ad`
SHA1	`eaba6cc8daedbe8e59065d4d1f56ba64b8051d7f`
SHA256	`f2e7594a948d89e4cf89bd195fdf329c3d9955f110c10f68772b5ead83d23ced`
CRC32	`572FB1B5`
ssdeep	`768:dUD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dK6lkb/9/YMZ0c3D6QsTF:dIofovBbS9KMv8T0cz6QsTPOXR26J92b`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6f8ce6d9ae9ceb7c_orbd.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\orbd.exe
Size	16.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`f056ca055228686b2b4bb09c5c61707e`
SHA1	`4452c84a85f061174eb0af881fdde9beecf39c5a`
SHA256	`6f8ce6d9ae9ceb7c28b05731b6603c595ad1b72fe775f0d75eedc7765a3ea29b`
CRC32	`B47EC6B5`
ssdeep	`384:GpsBgvnvdd70mSHhV8WueencGmnYPLr7rD:GpsSn1fS/8Wze0C7rD`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0f9a88a366d12317_j2pkcs11.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\j2pkcs11.dll
Size	50.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`941d20400c5aeba6c438e91ad3afc9dc`
SHA1	`758072e89bae58ed954985fecf432e550a6dd75f`
SHA256	`0f9a88a366d123178654f6f2a9a65a294dc16f58cb753618dc49c253816d9db2`
CRC32	`3794BC64`
ssdeep	`1536:5rOHh9t7/GAzqHcGxAXRrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/Xudr:x+9t7/qHcGEyyo/i`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9e86b24ff2b19d81_jvm.cfg Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\i386\jvm.cfg
Size	623.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`9aef14a90600cd453c4e472ba83c441f`
SHA1	`10c53c9fe9970d41a84cb45c883ea6c386482199`
SHA256	`9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1`
CRC32	`7C0BAEEE`
ssdeep	`12:QcwmIzDhHlB725iwoXH3ExOvadDfI3xizh49g1n8OEDfI7yO7:QhDBfOoXHjifIBMB1XqfI77`
Yara	None matched
VirusTotal	Search for analysis

Name	e0bb47f2e6e630e3_prism_sw.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\prism_sw.dll
Size	84.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b1176b4aae6664162f976778bd181883`
SHA1	`1986a64f2594ec359e67debdce01f3003f3bdf83`
SHA256	`e0bb47f2e6e630e32515e144a128af6c768e709303457eb2d23643f613cf1b0f`
CRC32	`99E4088F`
ssdeep	`1536:avW2KEZd9lszF/QxZpsSpNGvpkenAe7C3xWxU+E/H:Z2b9lOojpNAweqWxU1/H`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	367a276c4954603c_jpeg.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jpeg.dll
Size	142.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5a2baf5c95b8ad859fe2d495cbb0c58f`
SHA1	`e10a35a6d2b98d3ca4bbe0da4ade15f9172865a7`
SHA256	`367a276c4954603cfd3d21932916df2080e2fc29ee34f7bc5f4af365bc1ca4e5`
CRC32	`BA11E1AD`
ssdeep	`3072:NVYfyvKuqr1XNbKL9Dj0rw0DsGQSl9uiKXe0v3HCiVO5jkZ:NVY6jGXhY9DjM/DLQcIe0v3H7VOt2`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	980e905f45812ed2_dcpr.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\dcpr.dll
Size	139.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5de368ffce1e0944018ae50018f13de9`
SHA1	`9a857124b9dc7e94552d90c3073eebb7e0d9d1bd`
SHA256	`980e905f45812ed27ac8cf428f3e9ada63b45b45b707eeb3b157ac29dc0c3efe`
CRC32	`B10D1FDA`
ssdeep	`3072:loGzTjLkRPQ9U9NuLqiCUcj5ojGylYCE2Iu2jGLF5A9bE8LUe/ApG:GGz/oRPGLfCzIGgYCE2L1F5A9bEGUer`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2b7af7de33f3d565_sunjce_provider.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar
Size	273.6KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`35301f5d8b9390a4f8d293856f2c5722`
SHA1	`3e03b24852bf437dfae6a779e270eee60af5b641`
SHA256	`2b7af7de33f3d565c79794ac7b1454cf5cbdb94bb098c58d1d24a171fe82cf96`
CRC32	`02647F17`
ssdeep	`3072:FGqFp1ARBxras5Ynoc9YZi1uXJzlt9jnEpeAa8bQkr16/mfGrcux2mjBETpv:FGC2RPQoFBl3bue98skp0mfwc8dETl`
Yara	None matched
VirusTotal	Search for analysis

Name	f8ada45e8a16976f_jsse.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jsse.jar
Size	569.9KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`e3d986ff7453399c04b71c9f604d8a12`
SHA1	`99c2ea2011602ca3e550287ad28065d21dd0c5f6`
SHA256	`f8ada45e8a16976fc2ddcb7adb8f3fbd65fc579e3cde917ed61208375c8622b4`
CRC32	`79C7DD5B`
ssdeep	`6144:vUkDJvIQLuYnE2EQ491JvMHl6IB7uH5YvoF749HvI:sCVEL9v+aHfUI`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	b8582889b0df3606_java.policy Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\java.policy
Size	2.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`11340cd598a8517a0fd315a319716a08`
SHA1	`c0112209a567b3b523cfed7041709f9440227968`
SHA256	`b8582889b0df36065093c642ed0f9fa2a94cc0dc6fde366980cfd818ec957250`
CRC32	`6E1C430C`
ssdeep	`24:hjrUah3ontU2H+h/ic1mo8vwwQcNpIjLSkLuodAZdgh1ykt0wS5:R4fc17wVNwltJU`
Yara	None matched
VirusTotal	Search for analysis

Name	9e61fdc21f980697_jfr.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jfr.dll
Size	22.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7d66ed6d5482b875c26316434b6ee6c8`
SHA1	`5c073a446ca478c5a642d928c92371ac3b715881`
SHA256	`9e61fdc21f9806972459f4a7ab9f03e2011f5098bcd1d778e94c4efc51d30551`
CRC32	`089A93CF`
ssdeep	`384:Yq4Z7lZRiY3PB6cGgOpwm1zq2oGtSnPV5dYxPgLfunYPLr7kX:54PZRiY3PB6cVAgbGMndQlgLWC7kX`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	621f7616b5e8538a_copyright Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\COPYRIGHT
Size	3.2KB
Processes	2708 (xcopy.exe)
Type	ISO-8859 text
MD5	`3dc1bfbd5bed75d650ad0506a0df5930`
SHA1	`8e79323389b9bc4b6aad357b8bfaab6a518fb82e`
SHA256	`621f7616b5e8538abbc26667f28c25650a5b239a4f1eca981f5dd60b8da9b589`
CRC32	`E5EE54B9`
ssdeep	`96:ikjJXQSqgbiihCrRbo+Q/cV0rDcFBL3P0/r3:icAaOi01E+xV0rDaBL3P0z3`
Yara	None matched
VirusTotal	Search for analysis

Name	3d83e336c9a24d09_jmxremote.password.template Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\management\jmxremote.password.template
Size	2.8KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`7b46c291e7073c31d3ce0adae2f7554f`
SHA1	`c1e0f01408bf20fbbb8b4810520c725f70050db5`
SHA256	`3d83e336c9a24d09a16063ea1355885e07f7a176a37543463596b5db8d82f8fa`
CRC32	`3980B5B2`
ssdeep	`48:MGS+Hpamow7YNkjP9YZAuFovuAnNpG1GMV/BWEUHXYE9nN6k5:Mdm7RT9tvuAnujaE0rN6g`
Yara	None matched
VirusTotal	Search for analysis

Name	8f356c200fe0f8b9_instrument.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\instrument.dll
Size	113.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`714744dc049bac61e664d2d761be1e98`
SHA1	`a4f3597084092b423019e8871133f8612ceb50cd`
SHA256	`8f356c200fe0f8b96716e0dad7badfdd2a54d1093f26171dfce48a2707fce90d`
CRC32	`A0F0A794`
ssdeep	`1536:ELHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyirIwIOfnToIfeQrVZXnmk6:ErPDco4xMNEfZ1LQG4iEmvTBfeQ7X76`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a0719cae8271f918_sunmscapi.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar
Size	31.9KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`2249eac4f859c7bc578afd2f7b771249`
SHA1	`76ba0e08c6b3df9fb1551f00189323dac8fc818c`
SHA256	`a0719cae8271f918c8613feb92a7591d0a6e7d04266f62144b2eab7844d00c75`
CRC32	`8BD7FB45`
ssdeep	`768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7`
Yara	None matched
VirusTotal	Search for analysis

Name	428b2cf536c85e68_mlib_image.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\mlib_image.dll
Size	561.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`de6067b876439be3311b99682f05cadd`
SHA1	`7533f49ba010a8dfbe5e9a4366a309b6663633a3`
SHA256	`428b2cf536c85e6819344b4fb755ba5c3dbb61fe51fea412047a17ef2e521140`
CRC32	`23A2B3C9`
ssdeep	`12288:d7SyubFzTH+54vhwj5Z5Hm50PrYl0i1rxzhZRIHTppMaN4m/+nHHe7PG+q/Nw3Pu:d7SyubFPH+54vhwj5Z5Hm5orYlrxXRIm`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	081caac386d968ad_gray.pf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\cmm\GRAY.pf
Size	632.0B
Processes	2708 (xcopy.exe)
Type	Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
MD5	`1002f18fc4916f83e0fc7e33dcc1fa09`
SHA1	`27f93961d66b8230d0cdb8b166bc8b4153d5bc2d`
SHA256	`081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424`
CRC32	`27E7D8B6`
ssdeep	`12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl`
Yara	None matched
VirusTotal	Search for analysis

Name	895c5262cdb6297c_lucidabrightdemiitalic.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf
Size	73.4KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Ital
MD5	`793ae1ab32085c8de36541bb6b30da7c`
SHA1	`1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7`
SHA256	`895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c`
CRC32	`DF8F6D0B`
ssdeep	`1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w`
Yara	None matched
VirusTotal	Search for analysis

Name	3c6a9a4adc6bd750_tnameserv.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\tnameserv.exe
Size	16.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`dfdaf5f7162a6bb8939dea473add3d91`
SHA1	`eea1372df6ec1c202dbb90619da94182fd68519a`
SHA256	`3c6a9a4adc6bd75027924997abddc1b26f859675cf6f4e5f996b645e0f53d7d0`
CRC32	`5F4FC4A6`
ssdeep	`384:GpshZwnvN/c7skDmSHhV8hnOee1cGLnYPLr7nAtdg:GpshqnF/26S/8RTe3C7nD`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	113b01304ebbf3cc_splash.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\splash.gif
Size	8.4KB
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 320 x 139
MD5	`249053609eaf5b17ddd42149fc24c469`
SHA1	`20e7aec75f6d036d504277542e507eb7dc24aae8`
SHA256	`113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be`
CRC32	`F54F8010`
ssdeep	`192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE`
Yara	None matched
VirusTotal	Search for analysis

Name	712036aa1951427d_linear_rgb.pf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf
Size	1.0KB
Processes	2708 (xcopy.exe)
Type	color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
MD5	`a387b65159c9887265babdef9ca8dae5`
SHA1	`7913274c2f73bafcf888f09ff60990b100214ede`
SHA256	`712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46`
CRC32	`6B0A4C69`
ssdeep	`6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw`
Yara	None matched
VirusTotal	Search for analysis

Name	b9e8ff694630aac8_splashscreen.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\splashscreen.dll
Size	173.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`258e621761820db8098cb425372c2089`
SHA1	`41471c4b802f6a2799c05f7a92788350ab8193d8`
SHA256	`b9e8ff694630aac887c0886a25fc30712220af0c580b355ac25e48b9f12f44aa`
CRC32	`F943908D`
ssdeep	`3072:1o6ZZOIoNuDwy6qWzJjoEx2WhOf72tn2UZDUmaV99TBfqvFHL:C6ZkTsDclOf729XDUmaV99TByt`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fc908259013b90f1_lucidatypewriterbold.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf
Size	228.6KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrit
MD5	`a0c96aa334f1aeaa799773db3e6cba9c`
SHA1	`a5da2eb49448f461470387c939f0e69119310e0b`
SHA256	`fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2`
CRC32	`00CF5AD1`
ssdeep	`6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4`
Yara	None matched
VirusTotal	Search for analysis

Name	aa0a2e1d4ba7bae4_sunmscapi.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\sunmscapi.dll
Size	25.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5c805904e3c22cea2fd737489259fec3`
SHA1	`978933f2e318d829e609f74ef05a895ad778e180`
SHA256	`aa0a2e1d4ba7bae4f91a9ecd7a90f8550e1c3437071e393203a068326a6d3b19`
CRC32	`FEB5AD64`
ssdeep	`384:G1Zk71ABZfFsHJOaa8306gTnlFGJIjkzIPV5GKlWWLKbqnYPLr7bKW:p12zvaa8E6gblF5jk8d5RKeC7n`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4af21954cdf398d1_meta-index Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\meta-index
Size	2.1KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with CRLF line terminators
MD5	`91aa6ea7320140f30379f758d626e59d`
SHA1	`3be2febe28723b1033ccdaa110eaf59bbd6d1f96`
SHA256	`4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4`
CRC32	`DF13DFA6`
ssdeep	`48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk`
Yara	None matched
VirusTotal	Search for analysis

Name	2a400f5aa2fea60d_hprof.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\hprof.dll
Size	129.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f7dbcaae6c76901218ebd71e82d82835`
SHA1	`dbaa575330615eff9885f3fa2af7831f8f2ca37c`
SHA256	`2a400f5aa2fea60ddfa8ba784814703331310b7199e276553b4d0dfcfe77d63d`
CRC32	`CBABD9E0`
ssdeep	`3072:JGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXYB/6KyTyNSpdc:ExvffVvyo0Xi6KM+Mm`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	303dbd2b5c5b36e4_deploy.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\deploy.dll
Size	443.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aebae37015f680b7a8470742018c3b21`
SHA1	`88545557d7191cfe3981412479013748e10e280a`
SHA256	`303dbd2b5c5b36e4d2ec2427d69e20b26a7abaa8418072a86ade7462093279b3`
CRC32	`D1E2FB59`
ssdeep	`6144:jA7ps21iY4PSq7dw3iM/E+hB71sv/fWNmkhkFOBojeIvxIW1M2:jAd90Ych7dw3nMWNmkhIvq+M2`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2af488c13bd7da95_npt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\npt.dll
Size	17.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`beaa43e306a1397a8ef7117bd2d47f62`
SHA1	`5c1a6e8c8f5eeff37345992193927d6212f49174`
SHA256	`2af488c13bd7da9558c1a45c95137b2bde2b22443ded3912d4c3541feec0064f`
CRC32	`B3408273`
ssdeep	`192:ojZK394shTFBTSiA1fLhKv0g3X+PVR6yHqIdoEUdnYe+PjPriT0fwrdIU6MeC3Q:7ThTrJUfAv0gOPV5KIdoEMnYPLr7YvA`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	530ad6b5d9523d6e_classes.jsa Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\client\classes.jsa
Size	12.1MB
Processes	2708 (xcopy.exe)
Type	data
MD5	`942eea72e051aa043399de17deacda13`
SHA1	`1fe5067dd10016243a593d44701f824fd1a65426`
SHA256	`530ad6b5d9523d6e7ad91e69479a0799639eee94238d43db5e8db59fbbd7b52e`
CRC32	`02E24B89`
ssdeep	`49152:ruLJGuNjqx+aupVnp/8W/1O6wcFZU0JemsZm6PsKm6EfuOzwSRKfDJhSGaSLeKJ0:ruLJPtqEwS4UzwSRL0eKJdyQ`
Yara	Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	64a523adf9ce0c54_jawt.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jawt.dll
Size	13.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aa3951a7f8e3374967a19bfa38ecc045`
SHA1	`03858eb17bb957d564d6d7f417a671eef0d3c14c`
SHA256	`64a523adf9ce0c5488e0efcc17aecf0bf3cca7197ba16d4291f39222eaaa3a7c`
CRC32	`26B03EA9`
ssdeep	`192:aCZnvndLwN3XLPVlD6AiUOnYe+PjPriT0fwqL638:aig7PVlzifnYPLr7v08`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dcf826f041206843_javafx_font_t2k.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll
Size	436.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5f0f81bacde393d810a62eeadd0be7da`
SHA1	`763a38b40f09e1fe3aca0058010a89ae3096ac8a`
SHA256	`dcf826f0412068438938de9eeccf6eaff1e979f8d81c649e236e65b23ec48f79`
CRC32	`117F463E`
ssdeep	`12288:YP+a1CtswnTrxYYCOO/H0Aw4+pfyptfiP+AeDyPKX8pGSglgh:YPh1CP7pUyPKX8pglgh`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3ff9fd541d348e18_javafx.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\javafx.properties
Size	56.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`835d5b793eb3a77d3630aedd70385d35`
SHA1	`435810eb38a5c629a0d8b85013b9b9c2803f9f4f`
SHA256	`3ff9fd541d348e186c363a94e9f2e2655db5aa0f9e0b2b82e94d9324ce866133`
CRC32	`5A0288CD`
ssdeep	`3:CEBqRM9LTAGQdLVYUiqRM9LHQIuHNv:CEAsnAbLP/szQfv`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b8becc3ef2e7ff7d_local_policy.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\local_policy.jar
Size	3.4KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`57aaaa3176dc28fc554ef0906d01041a`
SHA1	`238b8826e110f58acb2e1959773b0a577cd4d569`
SHA256	`b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7`
CRC32	`737130BB`
ssdeep	`96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ`
Yara	None matched
VirusTotal	Search for analysis

Name	96a69e45dbb5b8a8_policytool.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\policytool.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`a51d81b245289929a2cad7ef3c034754`
SHA1	`e26243f23e2fd0398846adc8f153e1d08f0a29a2`
SHA256	`96a69e45dbb5b8a85cf8a5ab36aad4c194a667dc4bec9ad32caccf707f24e7f9`
CRC32	`46DB9D5C`
ssdeep	`384:Gpsn5Bnb77mSHhV8skeet4SzvBmnYPLr7+X8:Gps3niS/8sBetJMC7+X8`
Yara	ASPack_Zero - ASPack packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3a923735d9c20620_management.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\management\management.properties
Size	14.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`5edb0d3275263013f0981ff0df96f87e`
SHA1	`e0451d8d7d9e84d7b1c39ec7d00993307a5cbbf1`
SHA256	`3a923735d9c2062064cd8fd30ff8cca84d0bc0ab5a8fab80fdad3155c0e3a380`
CRC32	`C1D775E7`
ssdeep	`384:Fqsmpsj42wbZTHV+Dq3xtP3xPqaNC/R1a:wsmpsjL0ZTHV++3xtpi68Xa`
Yara	None matched
VirusTotal	Search for analysis

Name	ed489ad86c444ae0_jabswitch.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jabswitch.exe
Size	30.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1c1ac3093e7a9741624ac7fec9090f70`
SHA1	`1e385e577941da9c91f16d5985c9c2144a5e8a19`
SHA256	`ed489ad86c444ae01e6ec8db33c7126877083f39d61e33161418471a3273c8c1`
CRC32	`19AA0E79`
ssdeep	`768:ZLHhfWinfwUFAvnbzTIUL+naSOu9XDQ5UC7ZH:ZNuin5FAvHTIUL+nbXDQ51ZH`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	59115d97d1f8ec6f_gstreamer-lite.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\gstreamer-lite.dll
Size	502.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ae02b16c286a10377d981df95086f576`
SHA1	`067b4aef37d15579a331e325da0a29bc05fc7251`
SHA256	`59115d97d1f8ec6f238011aea2e574229723ebe33f15e43468f3c276929a015f`
CRC32	`BC7D9A3D`
ssdeep	`12288:BcNqlntBlgP/93G+h1JDE37lorNAn6zNV78:BcNmXlONG2JDZpA6pV78`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d0dadb4665a45db2_rmid.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\rmid.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`baba9ab34c56f6caa87fd9cc0adf003e`
SHA1	`19c1b2519b3d0a3360fbb5ab22c06e58c2091b1c`
SHA256	`d0dadb4665a45db2cdf58e80e7d9fe7e675c04bf6a627bdb491474dd800826e6`
CRC32	`305D787F`
ssdeep	`384:Gps+5cna7cmSHhV8gy1ee84SzKHnYPLr7nU:GpsVnIS/8gve8OC7nU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fed9433bd58f9eda_test.txt Submit file
Filepath	C:\Windows\SysWOW64\test.txt
Size	443.0B
Processes	2300 (java.exe) 552 (javaw.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`d7a038d5e1a2196197b1a606ea3698a3`
SHA1	`7dd76b76dfde2022d4969aed2fa2a4e386c1183c`
SHA256	`fed9433bd58f9edabddcc284490809255e2feab1942ff79edf0b42726090b8bc`
CRC32	`06B8F659`
ssdeep	`12:ipKVeq6nRYNmeuHcqtXbijhYeIppVIEYVNAQOhRU85kTu:iQEvRYNmegLaeQBNqHPki`
Yara	None matched
VirusTotal	Search for analysis

Name	20563eb12d325e08_cldrdata.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\cldrdata.jar
Size	3.7MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`872dfc90088d818dc1a561f90585da80`
SHA1	`1ca2573d6b27ea606bdd4dfab39b960e8fb7d7d0`
SHA256	`20563eb12d325e08a75c6c5892907e7630658a414d470a57100e38f0ff70e2a4`
CRC32	`2D5D7AAB`
ssdeep	`98304:V6FMyjmaL2jdXmgVS1drWHpINaVdE2OcOj/aKqoJC0UJ:V6FvbCd5Edr4DfpKrqYClJ`
Yara	None matched
VirusTotal	Search for analysis

Name	f8d877b0b64600e7_lucidasansregular.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf
Size	681.9KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Reg
MD5	`b75309b925371b38997df1b25c1ea508`
SHA1	`39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add`
SHA256	`f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde`
CRC32	`824BAD60`
ssdeep	`12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI`
Yara	None matched
VirusTotal	Search for analysis

Name	4b60d27776cdb2dc_dnsns.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\dnsns.jar
Size	8.1KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`3a9705ce95cdbb94f22ceb75c6ef07b2`
SHA1	`1f54eab9d6dd38600408ea09b13b61f46f13f869`
SHA256	`4b60d27776cdb2dc0a2899291127a4d911e204d7fd3b6d6377597b6fece1763e`
CRC32	`0A8B3F1F`
ssdeep	`192:fn5jIgQ7WbMCokXmHTEIWB7EH+mqcEb+wYtvEmUAVIF:fnZQ7WbM0WTFWBAH+BCrEmU5`
Yara	None matched
VirusTotal	Search for analysis

Name	01fe24232d0dbefe_classlist Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\classlist
Size	82.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7fc71a62d85ccf12996680a4080aa44e`
SHA1	`199dccaa94e9129a3649a09f8667b552803e1d0e`
SHA256	`01fe24232d0dbefe339f88c44a3fd3d99ff0e17ae03926ccf90b835332f5f89c`
CRC32	`1308D209`
ssdeep	`1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A`
Yara	None matched
VirusTotal	Search for analysis

Name	e886fcc9a8c627bc_jp2native.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jp2native.dll
Size	18.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ece5519c6b41eec6b66809b05a4b18d6`
SHA1	`973938c94b10fc7424e6e3638bd0beb84f49af30`
SHA256	`e886fcc9a8c627bc358ecf8954165364e07d79a7a9d4014425de9d29e36eea98`
CRC32	`1F0FE30B`
ssdeep	`384:PTgLkLRfrvquxw7TPVlV3B+ASZQ4NNAfJF3DnYPLr7+:PMwlq/fdRSGJ5C7+`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5ec1b1e5d70052f8_glass.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\glass.dll
Size	196.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8e24e693cf853b15b344ea401d57daf4`
SHA1	`8db020b280d32662e801aba7a1b7448d2b5c744d`
SHA256	`5ec1b1e5d70052f895b3bd8d775d56c8308bd1a51022cbf503159966a43c863b`
CRC32	`EEC16B99`
ssdeep	`3072:vC0MaR3VsSduCCkNlKpZ1lWh6uNcCQZPD64E2B3Fzkmldrrr0D9BpJGOs9b0V0G:a0XRFsYtxWtE2B3uW8BpYOs9byR`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b537ed6118866b12_javaaccessbridge-32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll
Size	125.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`585ed8722196be9a576c42635f818c3d`
SHA1	`5cb200db48b89187dd330567dc32831b4adfa0b3`
SHA256	`b537ed6118866b12ba5bebbdacad0004fc1c6d468f97e1d75123e5064f93dda6`
CRC32	`1F47DD63`
ssdeep	`3072:3N77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mF:3NXd178+5fZZnQA9`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0c790de696536165_psfont.properties.ja Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\psfont.properties.ja
Size	2.7KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`7c5514b805b4a954bc55d67b44330c69`
SHA1	`56ed1c661eeede17b4fae8c9de7b5edbad387abc`
SHA256	`0c790de696536165913685785ea8cbe1ac64acf09e2c8d92d802083a6da09393`
CRC32	`C7EB3205`
ssdeep	`48:R8s89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:y56CiPFylXLrMGyJU+B`
Yara	None matched
VirusTotal	Search for analysis

Name	48122294b5c08c69_pycc.pf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\cmm\PYCC.pf
Size	268.0KB
Processes	2708 (xcopy.exe)
Type	Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
MD5	`24b9dee2469f9cc8ec39d5bdb3901500`
SHA1	`4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144`
SHA256	`48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0`
CRC32	`9BE1446E`
ssdeep	`6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I`
Yara	None matched
VirusTotal	Search for analysis

Name	926ccadaec649f62_messages.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages.properties
Size	2.8KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`811bafa6f97801186910e9b1d9927fe2`
SHA1	`dc52841c708e3c1eb2a044088a43396d1291bb5e`
SHA256	`926ccadaec649f621590d1aa5e915481016564e7ab28390c8d68bdaaf4785f1f`
CRC32	`F94E52FC`
ssdeep	`48:pSDUEm98mDhDdDDLc59BXnnyzEEUFggBne8TCHCHb2ttfe4ey1nttAUicf9EEZze:pSDi98mFV45bAUS1HCHb2tjHEElfJo`
Yara	None matched
VirusTotal	Search for analysis

Name	a24d24090dda7558_npdeployjava1.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll
Size	887.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4e7dc1b2e4a1dcc54acf6444e4bf8b8b`
SHA1	`f5eddf3737379981ada5f9bc6ebbe0aa51f8414f`
SHA256	`a24d24090dda7558e2facffa90082f550218acec1b99e1aa90cbee15c8c4645b`
CRC32	`17D7793B`
ssdeep	`24576:zPWn3AnOZfKoJvS1ERypNCMRWU4NlO94etzDC:iAYfdSMmNCMh94etvC`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d936ee24810b747c_tzmappings Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\tzmappings
Size	8.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`7d4abbcfb06d083f349e27d7e6972f3c`
SHA1	`eb91253590526f7be7415839ccbf702683639c8c`
SHA256	`d936ee24810b747c54192b4b5a279f21179fe3ceb42d113d025a368ebb7cb5a7`
CRC32	`32589825`
ssdeep	`192:qwfOC9OYOxUmHomjgDwlZ+TFXsq2H+aUHCHQj4mEo:qqgniTyq0iV`
Yara	None matched
VirusTotal	Search for analysis

Name	92e0320d24b7a9da_javaw.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javaw.exe
Size	187.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9592ebb4bba5c0ff01834c1e2c1ca565`
SHA1	`9cbab8bd5144c6a28a1313e74fea85ec9745abed`
SHA256	`92e0320d24b7a9dad6a597d55b40e14907ca4ba2125fbe24ec9cb9e247c12ba1`
CRC32	`3A1F6FED`
ssdeep	`3072:rqGHPGleIOsEF+ySTk0Cl23+I0IXgcTBf83djZqMN82Hce4WH:2GvnsEOTknl23+I0ggcTBivBtH`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bf2beb004ed82307_java.security Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\java.security
Size	33.5KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with CRLF line terminators
MD5	`046d2fd99f6fca96cce7bea665281a04`
SHA1	`05f44cf0ba3adef254261a05db929ec65eeb607a`
SHA256	`bf2beb004ed82307d3e3d5a979e8f7f0074373a6d92c45775f176b776f8b2db9`
CRC32	`6EEE72F9`
ssdeep	`768:rmLHAEcqrlANbwbqL1AdLAHaPw28Z5oyTEBp+Z5IcbJNg:rWQaYPPoyTEBpm26J+`
Yara	None matched
VirusTotal	Search for analysis

Name	1201ecd9f3eb0a40_pack200.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\pack200.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ba7edc5253f7f6acbcf68639038a8e17`
SHA1	`4d4e8aeef83ab00b86acda7f6e78a3a7c2b68a74`
SHA256	`1201ecd9f3eb0a40660be69f33a4126e0871d87b34eeaf578c37b1cbb4455a7a`
CRC32	`987F538C`
ssdeep	`384:GpsT5BnZ7lmSHhV8ybyeeU4Sz5tnYPLr7HmK:GpsjnqS/8yb/eUtC7d`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fd046e6edec4d0ce_java.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\java.exe
Size	186.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`afd9af4848dfc9d10d926303c855366f`
SHA1	`a6aa1dc89cebbcff235476fd0f53aa8835217cd7`
SHA256	`fd046e6edec4d0cef0edf372659257de09483793a2cb0212816b3e6d47c958d2`
CRC32	`EF18FB87`
ssdeep	`3072:ZC41UmIXZO4TsRjcUizRQrQBMWKmy3TBf8fLjZqMNxwqovPc/:M4+XsRjAzqrQBMWLy3TBAvGqn/`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1a1d3079d4958383_win32_copynodrop32x32.gif Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif
Size	153.0B
Processes	2708 (xcopy.exe)
Type	GIF image data, version 89a, 32 x 32
MD5	`1e9d8f133a442da6b0c74d49bc84a341`
SHA1	`259edc45b4569427e8319895a444f4295d54348f`
SHA256	`1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b`
CRC32	`4902E23A`
ssdeep	`3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn`
Yara	None matched
VirusTotal	Search for analysis

Name	2aad2465ab8903c7_sunpkcs11.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar
Size	245.4KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`9f5abe7ccb653f571167e27822df93d2`
SHA1	`97f0f18b2d0a5ed5a01a682027efa9fb8bae1a5c`
SHA256	`2aad2465ab8903c7f66a46b34d0d4ecbeea72d44afedaac9822e48b5b175595d`
CRC32	`4B53E0D2`
ssdeep	`6144:GJ+LIFVys2YON2lJmF5BwP5PYYGhscw1g0yHSno9O:GJMUVLbON8JK5BwP5PYYQlw1g0v2O`
Yara	None matched
VirusTotal	Search for analysis

Name	53773357d739f89b_lucidasansdemibold.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf
Size	310.4KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida S
MD5	`5dd099908b722236aa0c0047c56e5af2`
SHA1	`92b79fefc35e96190250c602a8fed85276b32a95`
SHA256	`53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee`
CRC32	`21DC035E`
ssdeep	`6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16`
Yara	None matched
VirusTotal	Search for analysis

Name	a6be5be2d16a2443_windows2173301012068462979.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Windows2173301012068462979.dll
Size	45.5KB
Processes	552 (javaw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0b7b52302c8c5df59d960dd97e3abdaf`
SHA1	`d85524f464dcded54edfcfe6a5056f6c4008bbcb`
SHA256	`a6be5be2d16a24430c795faa7ab7cc7826ed24d6d4bc74ad33da5c2ed0c793d0`
CRC32	`8299AD6C`
ssdeep	`768:5iUNFqJL3HXiQl2DuhacwRZPE7dmvqID8ouM2PkYEDienAZu+P:TNFW33hdxwz87dmRDbkPKg`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c2748e07b59398cc_flavormap.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\flavormap.properties
Size	3.8KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`d8b47b11e300ef3e8be3e6e50ac6910b`
SHA1	`2d5ed3b53072b184d67b1a4e26aec2df908ddc55`
SHA256	`c2748e07b59398cc40cacccd47fc98a70c562f84067e9272383b45a8df72a692`
CRC32	`53DF24DE`
ssdeep	`96:pTgwOsORUjdjTD6QfxWkVIyiVyV2mjuVwwY:Jgw5TjdjTtpWk6ylV2zwwY`
Yara	None matched
VirusTotal	Search for analysis

Name	d68819a70b60ff68_lucidabrightitalic.ttf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf
Size	79.0KB
Processes	2708 (xcopy.exe)
Type	TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Ital
MD5	`4d666869c97cdb9e1381a393ffe50a3a`
SHA1	`aa5c037865c563726ecd63d61ca26443589be425`
SHA256	`d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06`
CRC32	`21F14B5A`
ssdeep	`1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott`
Yara	None matched
VirusTotal	Search for analysis

Name	20dfbcc50e6185c5_jfxrt.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\jfxrt.jar
Size	17.4MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`2cbf373682d68bc5f3df4ef3db869027`
SHA1	`bc2eaec97f99c38bc83a3e14f24f3a4826ef152c`
SHA256	`20dfbcc50e6185c5d7bddfbd974f2be8359b9b02de9dca12470a6804ea766750`
CRC32	`A6139C48`
ssdeep	`98304:QhR/+RSSM8FGfPdqW/T3+sWLos0m/jR6P:W/K6qsT3+sWLos0mLRC`
Yara	Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	592485374cdd9efb_servertool.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\servertool.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`cf0cfbe874d2c2d2cb8ff4e49eeb2d9c`
SHA1	`40128288397345af605dc3203fabe49cd4c75dde`
SHA256	`592485374cdd9efbfc90d82da94d5c250aadbe75b9316baefdccbdb23c8f683e`
CRC32	`823C1D1D`
ssdeep	`384:GpsN5BnE27UmSHhV87G1eet4SzvB/nYPLr7A:GpsdnEIS/87TetJtC7A`
Yara	ASPack_Zero - ASPack packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6542f03afee2f0e6_nio.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\nio.dll
Size	50.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9ad5d231d3da13f96315019b15ee911d`
SHA1	`d8c824dd307032812f45e8e5fa07513465788e04`
SHA256	`6542f03afee2f0e65d8531ebbe709d5b6e71e9ea0e71fc45352b919f73be3680`
CRC32	`0F1C48AF`
ssdeep	`768:amDWbAalnbhkoe8pfNZTcL8I3d0ZfGB9XORMBT8YpwQ+vi4v8qHp3C7vv5G:amDWbAaXbxTWdNcfGB9Xp8YAi4UqHpqw`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	115b2049de908e5d_fontconfig.properties.src Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\fontconfig.properties.src
Size	10.3KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`a15d4f6635bfb05282b88458d33c1309`
SHA1	`a3d930002d0c8bf2fd263cb21ec089d233fff106`
SHA256	`115b2049de908e5d9bad5bde2ed035e85a7ade35bf323bfd3d491a8c218146f1`
CRC32	`07188B53`
ssdeep	`192:y+e6a1nsNi8bTeOiO/Ywca9nB2RwhCdvBMGuo6wj:ylnHIR9B2Rwhivj`
Yara	None matched
VirusTotal	Search for analysis

Name	d020172012854bb4_cacerts Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\cacerts
Size	110.8KB
Processes	2708 (xcopy.exe)
Type	Java KeyStore
MD5	`2ecfd7e5a8789c3f0e68ae85a26dea23`
SHA1	`8bccdebcd485eba9a0ac324efe458a087dd55c2a`
SHA256	`d020172012854bb4a9d461885c6816eb855498c63ff78bc60944f4fba1e9091a`
CRC32	`C0440D0D`
ssdeep	`1536:n1kP9UXlkT1ze0WuQHoeCHtVjnIhEObD4lyCpcJa7eUS:nKLI0WuybotVnINbclyCpE`
Yara	None matched
VirusTotal	Search for analysis

Name	46f47b3883c7244a_content-types.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\content-types.properties
Size	5.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`f507712b379fdc5a8d539811faf51d02`
SHA1	`82bb25303cf6835ac4b076575f27e8486dab9511`
SHA256	`46f47b3883c7244a819ae1161113fe9d2375f881b75c9b3012d7a6b3497e030a`
CRC32	`FCE9EDBF`
ssdeep	`96:r45Vf4fq7MBzO4pYEZ2MQ6KXr3NO0slzMX+W1CuHvvABbiAQ+xaW/ioLHTU+Wsch:r4KJO4mEZ2MQ6Cr3NO0slzMX+WIuHvvv`
Yara	None matched
VirusTotal	Search for analysis

Name	c439f72d430d7d54_w2k_lsa_auth.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll
Size	21.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fd060e886e47e31c6691dff7271fb4b7`
SHA1	`108ff2a3c3fb066b56e9067ccf39aab06ccb27d6`
SHA256	`c439f72d430d7d54e761a14d5afc8b77ddd42b67ddea41d3b9534794c3114fd1`
CRC32	`32E3761A`
ssdeep	`384:CUJIXZ3o4TV9REZiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7xyFoynPV5CVGLt:hJIXZY4tsiW9LEiGTHb6hVXbS7QbGGN9`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0d918c075ac614a3_id.txt Submit file
Filepath	C:\Users\test22\DfSJGumiMVk\ID.txt
Size	47.0B
Processes	2300 (java.exe)
Type	ASCII text, with no line terminators
MD5	`62c09f03dc5b02eff0dbb313be2864aa`
SHA1	`68b4ab2fc76bac647936d784354bd3563eb65848`
SHA256	`0d918c075ac614a3549ad00e399679440339431cb13c7bfc90910cbe0649c040`
CRC32	`C89346CC`
ssdeep	`3:YwwAHIKGsIJcf:YwwAH6G`
Yara	None matched
VirusTotal	Search for analysis

Name	e239b5c4c26c48d5_unpack200.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\unpack200.exe
Size	155.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`052da61184623cdb1f7940dd80c8e8ef`
SHA1	`0278b13dad181749c9c7dccabc96ae3da2e83571`
SHA256	`e239b5c4c26c48d574c9d99e8203b93b36fb8b33fa165b2145f449888a6891cb`
CRC32	`6908BE16`
ssdeep	`3072:3ruq5zbJEeMW19gFbIFhgnkTj9ITBfYEaf9zQ6NlICaM:agMcKUh2keTBgEaf9zQ6N5`
Yara	ASPack_Zero - ASPack packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c557f0c905330170_meta-index Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\meta-index
Size	1.5KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with CRLF line terminators
MD5	`77abe2551c7a5931b70f78962ac5a3c7`
SHA1	`a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc`
SHA256	`c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4`
CRC32	`9CF5815B`
ssdeep	`24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp`
Yara	None matched
VirusTotal	Search for analysis

Name	439158eb513525fe_jmxremote.access Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\management\jmxremote.access
Size	3.9KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`f63bea1f4a31317f6f061d83215594df`
SHA1	`21200eaad898ba4a2a8834a032efb6616fabb930`
SHA256	`439158eb513525feda19e0e4153ccf36a08fe6a39c0c6ceeb9fcee86899dd33c`
CRC32	`2EA5BCC4`
ssdeep	`96:OWi7j79eK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQgQX+dv:OWiv7b8rNXE+wusxr9m5WZuVDv`
Yara	None matched
VirusTotal	Search for analysis

Name	4140663a49040ff1_messages_pt_br.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_pt_BR.properties
Size	3.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`ed15a441a20ea85c29521a0c7c8c3097`
SHA1	`24e4951743521ab9a11381c77bd0cdb1ed30f5b5`
SHA256	`4140663a49040ff191c07d2d04588402263ec2e1679a9a1a79b790a137ee7fb8`
CRC32	`45F2F038`
ssdeep	`48:R+OfaeLkDcUfLYgIYu9WvXx6K6GBxLy1gBne8u6K0NCMc6MTNTjtA7NZdlw7ZHAz:R1fybjfSIX8pGBxLy1Ba+mZdlw7Zs`
Yara	None matched
VirusTotal	Search for analysis

Name	7b8b63f78e2f732b_cursors.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties
Size	1.2KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`269d03935907969c3f11d43fef252ef1`
SHA1	`713acb9eff5f0b14a109e6c2771f62eac9b57d7c`
SHA256	`7b8b63f78e2f732bd58bf8f16144c4802c513a52970c18dc0bdb789dd04078e4`
CRC32	`76B77EAF`
ssdeep	`24:RlwQtG0Bf29d3ptAMZGpfFGZWpHN07mBpQKf4TpxV4jp504Tz8pFMafpXs:RlwQM0BfEpZSKyCycXW44Cfy`
Yara	None matched
VirusTotal	Search for analysis

Name	e8e632d02929e6dd_java.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\java.dll
Size	124.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`513b1f16edb25094274d917ae7235e8a`
SHA1	`9be734fdb0c54af0c48d06b924acbd2c9d8a18c5`
SHA256	`e8e632d02929e6dd4f69a2fac8f5066a62804cc1cb1f6832ba02e37b11a16c45`
CRC32	`1BA17A61`
ssdeep	`3072:sMISp12eGpaFzW7sXZySplxm5VklcIn/pNrw5kdIE8qg:Fp1zrXZfx0PCf+xx`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a6b9626bba7ec009_eula.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\eula.dll
Size	106.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f48daa9630c17bc6c1cfc7523202712f`
SHA1	`8ea1aa4b3fada8ce581ec269cc5ceb8ad280f91f`
SHA256	`a6b9626bba7ec009495e9dc45e0a6e7e7b676fb5e43e23b82c41aef1a284b0b0`
CRC32	`AB0D2916`
ssdeep	`1536:KE9WcstxlDgZ9EYDKg0nc6N3Ms+EpOBlo+mxVTtaE:5hspgZPDanhN+EpOBm+mx/aE`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4e996adc72b7232e_javaws.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javaws.exe
Size	262.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1b608a3165adcaa835f4bf1dc1647588`
SHA1	`c120d348b2767ba4cb78d5fc070a1655f3de6dab`
SHA256	`4e996adc72b7232ea68bbcf7cadd1463c8dd4899ae31d7b8456f5a62e4a585b4`
CRC32	`50B7D6B0`
ssdeep	`6144:fFPlS+WohsO0tHsOB0ppGr32DwrH9e/vk4s:hlBWohsntHsb/Gb2Dwg/vk4s`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0c8cd372c548e4dd_default.jfc Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\jfr\default.jfc
Size	19.6KB
Processes	2708 (xcopy.exe)
Type	XML 1.0 document, ASCII text
MD5	`41d5cd8db1f75101304308a9ee3612ff`
SHA1	`1a64b68d0e7d43f8149faba94440be54f4f24527`
SHA256	`0c8cd372c548e4ddcbb0fa8cd6fca09d65ec312d784f495be19baf1bf06c57f3`
CRC32	`9ED67D64`
ssdeep	`192:/JA1ySPBhRt0ng3Ca66LAsmztuxqCbCdCsCNG2ixzTi5OAdzAMzVdWVqGKxtOym+:/J4yS5zaaedc2FMhV`
Yara	None matched
VirusTotal	Search for analysis

Name	ad740c9c0515399b_rt.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\rt.jar
Size	52.0MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`e2631c5fe5900134a74e9e9360cfdc28`
SHA1	`d55bc1430656f0b12f29ae9e1d96327226cf323a`
SHA256	`ad740c9c0515399be9fd85175275eb3962bd88d3597f69c41aa3db93e64f0a6d`
CRC32	`786C9964`
ssdeep	`393216:y+1BSlLnm8H95Wr5thf1G8Wcv0J9bSQNF:y4BSlLnmQkr5thf1G8Wcv0J9btv`
Yara	Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d7c25b47b9502b34_charsets.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\charsets.jar
Size	2.9MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`33f25a155e53b09e473bd86131ebe452`
SHA1	`1f5d5e88601490aa0e35b91ed4f4263526570ed7`
SHA256	`d7c25b47b9502b34aca5e22002c1436ed726f34a2bc8ce3aa07f214940037f69`
CRC32	`DC33E4BE`
ssdeep	`49152:QJiESz1nQDSCo9z0UndA5Mg40nvvmnlbIC6VP:QJizzNBRvGFn3QlbIL`
Yara	None matched
VirusTotal	Search for analysis

Name	6c73c877b36d4abd_blacklist Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\security\blacklist
Size	4.0KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`b2c6eae6382150192ea3912393747180`
SHA1	`d4ffb3857eab403955ce9d156e46d056061e6a5a`
SHA256	`6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71`
CRC32	`F8F89CCA`
ssdeep	`96:uudVZoOZ3mFcFtqZB0q6jV//H2cB/iye6S04UioQeXbZFf6HULUBnSQXHvLnOTSW:uudVZoOZ3mFcXqZB0q6B//H2cB/Ze6SG`
Yara	None matched
VirusTotal	Search for analysis

Name	dfa3d1698c06bd26_deployjava1.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll
Size	807.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7c4e39e1f21898ae21ea58194dea87c5`
SHA1	`5a1ea5182fa68ed7a3b37794ca5c841d2055da22`
SHA256	`dfa3d1698c06bd26344699d542fb69da37f4b2040b723b4593751286f2780337`
CRC32	`CD0594C3`
ssdeep	`12288:+/Q8lwpW6n9F1XkdJ8611WLvCzY9vyc1aen4NovChbOso6C6QJ1eega5:GQ8SpW6nL1XQJ86nWLvCzYEc1bIw5`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	ff4a3a92bc92cb08_messages_zh_tw.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties
Size	3.7KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`880baacb176553deab39edbe4b74380d`
SHA1	`37a57aad121c14c25e149206179728fa62203bf0`
SHA256	`ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620`
CRC32	`26DC5BF6`
ssdeep	`96:zMWCQv8u9/IzdG/JvFWlHaQzWy/owZFomWdYQCfQ/ydQCyJ:gWCQv7VIxG/JodaQ7PoHWQaQ/6QCY`
Yara	None matched
VirusTotal	Search for analysis

Name	cada5671fc807eef_rmiregistry.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\rmiregistry.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`834b3d29c73c039b6ff92e368bc2be09`
SHA1	`c909882cd13974c35111b43d7156659e456be4d8`
SHA256	`cada5671fc807eef94e1afb85b6a466447426e430a52957997d802eff7056d80`
CRC32	`590C0785`
ssdeep	`384:GpsH5Bn67cmSHhV8IUeeX4SzR1nYPLr7w:GpsXnUS/8IReXFC7w`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a0c37f941b63addf_jfxmedia.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jfxmedia.dll
Size	112.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ab59b1423453b29822a290337bce413b`
SHA1	`bb8013acdb1941feb30f79cb649a917165bfa45f`
SHA256	`a0c37f941b63addfb6b7ca165b614813000fbd229415d297e7029ddda18f720c`
CRC32	`D44DF3FB`
ssdeep	`3072:/+cINiJd/beFJ0cirPgyiciH/oQr0a6xoy2W3D6vv5k7:9TOJ0cirPgyl2Ny6vRQ`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ce1688fe64109995_logging.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\logging.properties
Size	2.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`809c50033f825eff7fc70419aaf30317`
SHA1	`89da8094484891f9ec1fa40c6c8b61f94c5869d0`
SHA256	`ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232`
CRC32	`D0D7DE2B`
ssdeep	`48:EmdS5PQQL8pRNYHjVsnkYXxtOGh1xdvjMgxH:G9NL3HjVLG1XrM8H`
Yara	None matched
VirusTotal	Search for analysis

Name	20093eed582c8c11_klist.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\klist.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`dba9c18e83b5ec03d403acaedc8d38f6`
SHA1	`bffba09eec4a4c211d936be9e41a0cec8a4e6258`
SHA256	`20093eed582c8c114d994f361f4c2805fc895868d34a0160e85acbe71545df3d`
CRC32	`D35F7838`
ssdeep	`384:GpsVf5cnf7Q2mSHhV8wceek4SzSbnYPLr7Qiz:GpsVKnMnS/8wZekmC7Tz`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	68f04cb7fb8b7cdd_jp2iexp.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jp2iexp.dll
Size	202.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8bff42466ee54f6886d002e696be35ef`
SHA1	`65f6505a9563869bf07a0fecfe0beecb8f00a9d2`
SHA256	`68f04cb7fb8b7cddca1516f90fb0a65098118441363da10865aad67e3ad80a2a`
CRC32	`88EC75D1`
ssdeep	`6144:7UFRjPE4PUJnFRZLbzT++9ev4dRs+OB/jb1ask9GvY09:7UFR7PinFRxfT++9ev4wBY09`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5a65b02ad0241de5_sunec.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\sunec.dll
Size	121.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e27b05ccaff89cdd774c1666004ff055`
SHA1	`26c442bc170cfde1dcc2b64095a4092492439318`
SHA256	`5a65b02ad0241de51b230439cd7c58b6a88c3927f90b05d35a0a66fd3862baef`
CRC32	`376B9085`
ssdeep	`1536:JgDT4tE3nR3HqXHBf+4t9dRoioilgKptxG0ULtt1v+oWIoWeoW+uoWWg3Wgq2u:sL3Rq+4t9doiPe5vtpg3Wgq2u`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4f118c86fe2e4963_verify.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\verify.dll
Size	38.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6c4bce07e2e6a1d1c38e50d6be265846`
SHA1	`9a9c5b345ff43f3369fbe2f0ecb06122530b5e9e`
SHA256	`4f118c86fe2e49632b4ffc79c28cf897a6b7d0033a698b76646acdf9337b79eb`
CRC32	`B168D9F5`
ssdeep	`768:OkrNYv/YPCUptsM0vExASiOevoS+JhxSH3svDandsuPamC7W:OkhY3YPsijPAMDaayaHW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	207d748a76c10e5f_ciexyz.pf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf
Size	50.0KB
Processes	2708 (xcopy.exe)
Type	Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
MD5	`10f23396e21454e6bdfb0db2d124db85`
SHA1	`b7779924c70554647b87c2a86159ca7781e929f8`
SHA256	`207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c`
CRC32	`5C994E30`
ssdeep	`1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW`
Yara	None matched
VirusTotal	Search for analysis

Name	68ef2f3c6d7636e3_accessibility.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\accessibility.properties
Size	149.0B
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`2ed483df31645d3d00c625c00c1e5a14`
SHA1	`27c9b302d2d47aae04fc1f4ef9127a2835a77853`
SHA256	`68ef2f3c6d7636e39c6626ed1bd700e3a6b796c25a9e5feca4533abfacd61cdf`
CRC32	`1FB12A5E`
ssdeep	`3:LFpfBZgZLXnuWxVEzERMLVAAiuKIn7IRAdSPGGzJzGBXlnfMaAHCR1vn:L7APWzTLVAkIiSPhZGBX5kaAHCXn`
Yara	None matched
VirusTotal	Search for analysis

Name	69becfe0d45b62bb_hijrah-config-umalqura.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\hijrah-config-umalqura.properties
Size	13.6KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`1eddfb1ee252055556f40cdc79632e98`
SHA1	`84aa425100740722e91f4725caf849e7863d12ba`
SHA256	`69becfe0d45b62bbdbcf6fe111a8a3a041fb749b6cf38e8a2f670607e17c9ee2`
CRC32	`9DBDF5B8`
ssdeep	`96:RgZass+YXdGOS8NhN9Yd9Yq67IwOYUuUS9O0:RyJO/BFi9YqAInYUuUmO0`
Yara	None matched
VirusTotal	Search for analysis

Name	4d6aec4d62e65a34_zipfs.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\zipfs.jar
Size	67.3KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`3583422a6850aef871d10d98300ec19c`
SHA1	`6be85b90f8535ccc1026d0fceaba8dc4f19cca58`
SHA256	`4d6aec4d62e65a34d35fe3140eefd05caa2877b8aff4ad50fbd7448feeb697c7`
CRC32	`3576BF9B`
ssdeep	`1536:ASYdA9VJbaD3rl1MIeEfqjGWb29U2jD8nbisTp/A:JYdA9/aPl1leEPxkn2sTG`
Yara	None matched
VirusTotal	Search for analysis

Name	3ceb0d122e9c34e8_decora_sse.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\decora_sse.dll
Size	62.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4d0887ba4c64b41bbada04abcbe8a587`
SHA1	`de67bb9d69c50b279abf905f221072e2fd6584d9`
SHA256	`3ceb0d122e9c34e81b1361256a655d257d65b349f20e300b8c6cf3a8d0f6c743`
CRC32	`237A490E`
ssdeep	`1536:8kh2CQuUlng7qkKi5iO8pm8cN9qMfq3odc1:8kkhu0nTli5jN8cNAMfKY6`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b6c9d34c45bc00a9_bci.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\bci.dll
Size	15.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9327924dad7a38905c6b88c22ac1bbb4`
SHA1	`8ee43a1d31e493284f920368478a0b5b163c46ab`
SHA256	`b6c9d34c45bc00a960ef9f34ce67ecf907125db86a0207310f87750ea98c28ff`
CRC32	`4FBC7469`
ssdeep	`384:YTd3hw/L3kKLnYgIFGOOMsnPV5QkfvYnYPLr7w:Yzw/bkKLtQmndGkfAC7w`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4d2d1d126e486a51_fxplugins.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\fxplugins.dll
Size	149.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`24119fc9eea87908f0fa51d7f1105ad6`
SHA1	`9017dd84924bc1a361ffa55b6145a97f22bc536a`
SHA256	`4d2d1d126e486a512261a2ddf712ac02a40fa86cfdd69d6c2fe1f79247b00001`
CRC32	`30273186`
ssdeep	`3072:qN8j/p6S/ACuHdirs/THqCy7ToCHsuUVL/Z0js/aJIGHQ1CaR7C:LR6HCGdiA/rPy7ToysnjZTa+6Q1FM`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	875a1852f4db87ab_kcms.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\kcms.dll
Size	174.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`43dcf78decf1cbc15bb0a03abdb4d5d6`
SHA1	`bf8d9d887ea68e7d727f8eda476d95d44a3b681a`
SHA256	`875a1852f4db87ab390b7cba3a66763bceac76e4eb270ee7507dbb82a9bdd6b3`
CRC32	`5558027B`
ssdeep	`3072:etYV1YcXIZEY2KtpdhEnGVtVNylABxLbr+V11QwqtwuKUsIwaxvlR:rmNi2tpdhEnxABxyVH3uOIFv`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	983b888f0d7ff028_jjs.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jjs.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`0c51080fe07f93e62b6a819097cf8f15`
SHA1	`1c19722cff3f78c8855f7f851488f5f191e95f40`
SHA256	`983b888f0d7ff028516417bbd645b5b52578ab8d433a501718fd2a8569e580e9`
CRC32	`BBDBCDCB`
ssdeep	`384:Gps05cnw7OgmSHhV84Geeq4SziQnYPLr7R:GpsDnBdS/84reqJC7R`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0d1bab4b77d6f0cc_sunec.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\sunec.jar
Size	41.2KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`319324d6c53147c299b951bccf855ccf`
SHA1	`97593cc48694c7d95f0151225b1f3c035405b47a`
SHA256	`0d1bab4b77d6f0cc1dd6d330ef70e3be81d159ef900ce75a9cbdcf26289d84be`
CRC32	`36ABC781`
ssdeep	`768:1AESQ7Oqlw6pOVkJBlrQbgZgJ4SlKUKvfkM/4ZW58eKMpP/p5BZmQEnrn6RDan3f:1MQO0w6pOyxrnZgJNlKF/4C80Rx5e2R2`
Yara	None matched
VirusTotal	Search for analysis

Name	764aa12fef0790c1_ktab.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\ktab.exe
Size	15.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d1261efc9a67355568e68a3e84345b48`
SHA1	`d7c33eae2c675a03afaf0827f60512a5822c02cc`
SHA256	`764aa12fef0790c180116a890670e0d773c1559232a19406db765a4f5e397adc`
CRC32	`0FF269AC`
ssdeep	`384:GpsVB5cnW7emSHhV8KMee84SzSNnYPLr7yV:GpsVMnqS/8Kpe8oC7yV`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	550954f1f80fe0e7_messages_it.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\messages_it.properties
Size	3.1KB
Processes	2708 (xcopy.exe)
Type	ASCII text, with very long lines
MD5	`a81c4b0f3bf9a499429e14a881010ef6`
SHA1	`dbe49949308f28540a42ae6cd2ad58afbf615592`
SHA256	`550954f1f80fe0e73d74eb10ad529b454d5ebc626eb94a6b294d7d2acf06f372`
CRC32	`20FD2B17`
ssdeep	`48:pbv+eaVtVVdMDCU02B9a8+eYbuKY8t5gBne8uo265eLaqMQ6URhmwgFs+ur6N:paearV4l+e6uKY8t5C26+7RhZgRN`
Yara	None matched
VirusTotal	Search for analysis

Name	5f69eb234c1ecf73_jsound.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jsound.dll
Size	30.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`04f4cc1fda17f1ddf254dfa497456c87`
SHA1	`5620bbb649b9cf43fd04ff8612e32f24bd9f8e2e`
SHA256	`5f69eb234c1ecf73fce1da45ceeb443f225e8d345fca8eae829aeffdb37dd225`
CRC32	`B9E0F3E3`
ssdeep	`384:qBGDbTlEXdY8gdhbQHBE0PfEmu7+dJuk9taBkwAkQ+uG8RPGH92ony5fnYPLr71:qBGDbTlfsE0P9dJb9taBkwQhR+oDRC71`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c80d307e52731a89_dt_socket.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\dt_socket.dll
Size	21.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`47590040219cb3636ee76cf0f26d108c`
SHA1	`73231292a5f6e1bba43888f4546fd04fae9d753f`
SHA256	`c80d307e52731a8959ca30e879c4e69c9363043aa53b552a687d8b8478c0b6aa`
CRC32	`47B85CD1`
ssdeep	`384:HwiAYZIxsQbbRLEs5LtkKrpPVuC6qInYPLr7R:QiPZj+bVEmtkKrpd76HC7R`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	196a14f3ded78531_access-bridge-32.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\ext\access-bridge-32.jar
Size	183.6KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`dcc22fd7af0e35e4a00e4889388724f9`
SHA1	`8fd1ccb0a7e40bd0b608bb1269581233a094f304`
SHA256	`196a14f3ded78531046f267d8bcc04fc30dd2d698a99e6256836dd93a6c0844f`
CRC32	`1FB04E8F`
ssdeep	`3072:THoQ2sFyqnCwyBcZxq4vlCBxm3wjLres8kWYpY/4FO1ehTV2f1cPWZXvhT:YIqxc3vlexmAj/VEYpYgFWz1CWZfx`
Yara	None matched
VirusTotal	Search for analysis

Name	88b5cc644a88f344_javacpl.cpl Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javacpl.cpl
Size	156.5KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a9c215c14b7a54e5d6b73da4de43f71e`
SHA1	`b77ef2bce3b112c11e1870830bdd56537739ba71`
SHA256	`88b5cc644a88f3440de6b813e59472105db6b5cf26804b1a0cd38bc3d7d8d8d7`
CRC32	`47584219`
ssdeep	`3072:a2lpElIhbyyH3c1CX766zKELxK1OM/SnjZqMNNXGle:a2rE+xdW+76DEVK15wv`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	16c93910b2785e7c_net.properties Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\net.properties
Size	4.4KB
Processes	2708 (xcopy.exe)
Type	ASCII text
MD5	`2fe77cd007d99dde926a22094e333e0e`
SHA1	`6587f43b93527dd17abcd5699eb9682b6f08c09b`
SHA256	`16c93910b2785e7cbdda90d5479aa9687148c2141ac0adbd0277fde284f6bbb3`
CRC32	`D18B7D34`
ssdeep	`96:VAcEvEtGObfObz3Obm0ObPOn23CO0V+r/aJ7SFs:PEGG4f4z34m04PeBm27Si`
Yara	None matched
VirusTotal	Search for analysis

Name	994d684829d4a627_resources.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\resources.jar
Size	3.3MB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`4b9ca0459434ddc3b962c09ad2abf2a2`
SHA1	`38579419e0084e6a558abcc6248eeb73659c851c`
SHA256	`994d684829d4a6278c082711053e2cd4975e3d62d6ea8614fbbc7f46c2d3d769`
CRC32	`A3F82178`
ssdeep	`49152:6fALq/Fx3eB0FgSvaG/nDJ6oRRWPkleqSoRt+dg7iixMdjMsqopriDtJE4Jc+muG:r1`
Yara	Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win_Trojan_Formbook_Zero - Used Formbook
VirusTotal	Search for analysis

Name	95eb9027e9ead90b_ssv.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\ssv.dll
Size	462.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0ddf0eabd633212060e31e3a24a10e12`
SHA1	`d398e54aca9a7166c11002fa99bed5f0bbb73215`
SHA256	`95eb9027e9ead90b581d7a148181b0123d0ae75da7d949d0f444fce92a73031b`
CRC32	`6BBB80E1`
ssdeep	`6144:EdiZf23B3iKoRJ7wW1J3RHi5pfP+yur3i6KS8EFKx/hCRLRTGNpVcWGxwV:dERCEi3di5kyurjKS8EgJhCRLvxwV`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	7f841e514ba8d2f3_thirdpartylicensereadme-javafx.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
Size	62.4KB
Processes	2708 (xcopy.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines
MD5	`4f31cd1a5d86744d5f00666d9a57ad2a`
SHA1	`17d0b343cfb2e54bbec7af17f247a8bcb72d946b`
SHA256	`7f841e514ba8d2f30d90c63c8cd93ac516428c9326d571f9f3efbae8bd72ba96`
CRC32	`6F4562D9`
ssdeep	`1536:CMgEarxVXre2yMtzs6CSTmLNvkuiYLYKf:ZgnrxJr4QzP/yZ8xQ/`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	2eb40bac20350371_jawtaccessbridge-32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll
Size	14.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`44e3ff04fefb1560b9bcbad040c89725`
SHA1	`82adad5cfa75fcc3051707b8aada528587755f0b`
SHA256	`2eb40bac203503713ac3edfae3ef717709d73c8a33d9f1a1e451522400114a3d`
CRC32	`1DDD606D`
ssdeep	`192:ApQMhl63XLPVT6FsMPypuu0U2knYe+PjPriT0fw9n6lD:AmuU7PVnaypuu0tknYPLr7x`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	45bfe34aa3ef932f_Retrive6871426135152969709.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Retrive6871426135152969709.vbs
Size	281.0B
Processes	2300 (java.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a32c109297ed1ca155598cd295c26611`
SHA1	`dc4a1fdbaad15ddd6fe22d3907c6b03727b71510`
SHA256	`45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7`
CRC32	`99DE38B5`
ssdeep	`6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn`
Yara	None matched
VirusTotal	Search for analysis

Name	6a71351d88ec15e1_javacpl.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\javacpl.exe
Size	68.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cbdd3bf520386fe010d054edaced7c37`
SHA1	`26c7401f298742fede53a244727ba66f3ba93376`
SHA256	`6a71351d88ec15e19e72e4a79dbb24992bc8aa8c18b0df454fdb12f47da63184`
CRC32	`22A67279`
ssdeep	`768:FFVfr2k521ZnrawwMmqPXt+rP7b/9/YMCv0OpPOrEE14BVHLAuDeGJiqrmehiVSq:xxioMmqF+80MORyVq7qjh3rmKPN6GyM8`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	565544d38f1f8001_ffjcext.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip
Size	13.8KB
Processes	2708 (xcopy.exe)
Type	Zip archive data, at least v1.0 to extract
MD5	`bcfb53ea296c776347f7f52ab6b6adb0`
SHA1	`00ff829792a4f80c396b52426385b5f1532a3fe4`
SHA256	`565544d38f1f8001564aea543f6f0592717a40cffbfd849ffef7e87a3dabba3d`
CRC32	`671081A1`
ssdeep	`48:dP3bQI+R9RldRTe3TPu20y6qK5kM4RrR7Ph9XXrce7sH1E/hdOAd4pD0ACBWp0H+:dElv6R0qK5B47PnZ/3PmpaemPQpiBwn`
Yara	None matched
VirusTotal	Search for analysis

Name	2b3aa1645779a9e6_srgb.pf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\cmm\sRGB.pf
Size	3.1KB
Processes	2708 (xcopy.exe)
Type	Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
MD5	`1d3fda2edb4a89ab60a23c5f7c7d81dd`
SHA1	`9eaea0911d89d63e39e95f2e2116eaec7e0bb91e`
SHA256	`2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e`
CRC32	`182EA552`
ssdeep	`48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0`
Yara	None matched
VirusTotal	Search for analysis

Name	c9cd3fd133200073_zip.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\zip.dll
Size	68.1KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6a3590730fc495bded6b2be12b04fe63`
SHA1	`26b76524fb0c229bcb8c2874ef4c578dc5c083ee`
SHA256	`c9cd3fd1332000734e7dc1202849318a8e212b82ada1668325fbf5849c9e36c0`
CRC32	`064D6C12`
ssdeep	`1536:7CAhhv0bqqeNeNB0iDaEcIOwIOpVnToIflCecgit:Fvk8i3Smp9TBflCeNit`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	91b977bd040cd6ab_cce3fe3b0d8d805f.timestamp Submit file
Filepath	C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d805f.timestamp
Size	57.0B
Processes	2300 (java.exe)
Type	ASCII text, with CRLF line terminators
MD5	`478b6dc821175db2e28c6a085ed70a20`
SHA1	`1ace4923545bf5b404678b5669c05135769c3831`
SHA256	`91b977bd040cd6ab0066b20a08c2587f792604568a96dbdb79cb59042b025a9c`
CRC32	`629B6C07`
ssdeep	`3:oFj4I5vpN36JWLbv:oJ5X37v`
Yara	None matched
VirusTotal	Search for analysis

Name	60c06e0fa4449314_msvcr100.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\msvcr100.dll
Size	755.8KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bf38660a9125935658cfa3e53fdc7d65`
SHA1	`0b51fb415ec89848f339f8989d323bea722bfd70`
SHA256	`60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa`
CRC32	`14EE1F12`
ssdeep	`12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	0d87d6fc11c8cdb9_jdwp.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\jdwp.dll
Size	160.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d91ad6b0aeaaccfc10066ab24f89d6b0`
SHA1	`f02f086a2ce5a3ecc2241b853cb754f8c5be094c`
SHA256	`0d87d6fc11c8cdb9cbb79d46e39cda75ec964344f4a7605b272a0de7953a823e`
CRC32	`2BCA772E`
ssdeep	`3072:xkCW5Se5+EaGPjPc4QclwUsoIHTKDS4AjD9V2s1ig:KC6Se5+EaG74TKm4oD98s3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c9b91226f800e6cf_prism_common.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\prism_common.dll
Size	51.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`11c9bc4d297363d2877b4c4a464cafd4`
SHA1	`1b49f1cd1bb9ccfa8658a16fe856b0c4951b61a3`
SHA256	`c9b91226f800e6cf25bcf73152771397dcb08abee5f704a5d8f53fce1a91affd`
CRC32	`652C377D`
ssdeep	`1536:ukg0QMXOd9AIc1aO9j9KddG+cmD/pLGhT:ukgbDQ8O9j9sdG+cmDxLGhT`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1eb5434c8dba73ad_lcms.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\lcms.dll
Size	181.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`70356abc0cd243f2cd43c6072b246ce9`
SHA1	`d59f2125db0b808c99e98d5a2fd7cea9c9af7cdd`
SHA256	`1eb5434c8dba73adf7d0f22d1f66e5b7771ed181afc3334f26b7b2b07d5eee2a`
CRC32	`2832C890`
ssdeep	`3072:QvTfULf2dLzvL1Hv0STp2Ms2Ar8ozfQeZCSW3UQraWUZ+tR2LS:yfU6dP0Sgbr8oFurAItx`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8b182ec63f245e76_windowsaccessbridge-32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll
Size	95.6KB
Processes	2708 (xcopy.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bdf94c0dd32e48c15f9d54c9eeb302d0`
SHA1	`d54df509e3f1e66cc504aa9ca44ab2ce261642b2`
SHA256	`8b182ec63f245e76bc0f64e48752605f85922ece5ad8a107d5d86b8bb831e7ad`
CRC32	`B66B1384`
ssdeep	`1536:V9Ewj9N/j49qWAGXnvAAt5fBzq6PD3sik1k0kPW1G38ERaScQouw:7brGXnvB5fBu6QiCd1GXcSfoD`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0751673650a01bef_javaws.jar Submit file
Filepath	C:\Users\test22\AppData\Roaming\Oracle\lib\javaws.jar
Size	918.8KB
Processes	2708 (xcopy.exe)
Type	Java archive data (JAR)
MD5	`6e23f7140b5d38b7e158d878152fb5fd`
SHA1	`7e976de5e5a3537b3a3e330248e8c4b27299d086`
SHA256	`0751673650a01befd9def2026055f72ede5f5b7b6cf10318f75d51077968d873`
CRC32	`1F3D7ED7`
ssdeep	`6144:0YO0cX02cw5j7r1l1yARWxTEXZ2QXf4XuXfj27358ioszt59FBq86EfV3GJaSj/l:6X0yNl1yTxIX7SxJZz1F69`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis