Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jre-8u201-windows-i586.exe

Overview

General Information

Sample name:jre-8u201-windows-i586.exe
Analysis ID:1465764
MD5:302eae56691aed62c78c62e4ebac4e22
SHA1:4a354626ab98491f109fa0981008516b599101c0
SHA256:2caa55f2a9bffb6be596fb34f8ce14a554a60008b2764734b41a28ae15a21ea4
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Drops PE files
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • jre-8u201-windows-i586.exe (PID: 6860 cmdline: "C:\Users\user\Desktop\jre-8u201-windows-i586.exe" MD5: 302EAE56691AED62C78C62E4EBAC4E22)
    • jre-8u201-windows-i586.exe (PID: 7000 cmdline: "C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe" MD5: 3FF9B6B335E9214FE0338B77558F8908)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: jre-8u201-windows-i586.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: jre-8u201-windows-i586.exeStatic PE information: certificate valid
Source: jre-8u201-windows-i586.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: javadl-esd-secure.oracle.com
Source: global trafficDNS traffic detected: DNS query: rps-svcs.oracle.com
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: http://es5.github.io/#x15.4.4.21
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://s.symcd.com06
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://s2.symcb.com0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: http://stackoverflow.com/a/15123777)
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: http://stackoverflow.com/questions/1068834/object-comparison-in-javascript
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0W
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: http://www.computerhope.com/forum/index.php?topic=76293.0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: http://www.tutorialspoint.com/javascript/array_map.htm
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000003F60000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://docs.oracle.com/javase/
Source: jds5927843.tmp.0.drString found in binary or memory: https://javadl-esd-secure.oracle.com/update/1.8.0/42970487e3af4f5aa5bca3f542482c60/1.8.0_201-b09.xml
Source: jre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rps-svcs.oracle.com/
Source: jre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rps-svcs.oracle.com/h
Source: jre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rps-svcs.oracle.com/services/countrylookup
Source: jusched.log.0.drString found in binary or memory: https://rps-svcs.oracle.com/services/countrylookup)
Source: jre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rps-svcs.oracle.com/services/countrylookupD
Source: jre-8u201-windows-i586.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: jds5927843.tmp.0.drStatic PE information: Resource name: JAVA_INSTALLER_UTIL type: PE32 executable (console) Intel 80386, for MS Windows
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewrapper_jre_offline.exeP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000003F60000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuninstaller.exeP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000410B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameauutils.dll\ vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecustomactions.dllP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewrapper_jre_offline.exeP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004245000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameuninstaller.exeP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameauutils.dll\ vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamewrapper_jre_offline.exeP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamecustomactions.dllP vs jre-8u201-windows-i586.exe
Source: jre-8u201-windows-i586.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean4.winEXE@3/15@2/0
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeFile created: C:\Users\user\AppData\LocalLow\Oracle\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMutant created: NULL
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeFile created: C:\Users\user\AppData\Local\Temp\jds5927828.tmpJump to behavior
Source: jre-8u201-windows-i586.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/wrapper4wrapper/wrapper4wrapper.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Bbad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setkernel32SetDefaultDllDirectories.tmpjdsD:(A;;FA;;;BA)`anonymous-namespace'::createSecureDirectoryc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/wrapper4wrapper/wrapper4wrapper.cppSystem errorCreateDirectory() failed`anonymous-namespace'::getCommandLine__targv is NULL" "`anonymous-namespace'::execProcessWaitForFinishCreateProcess failedWaitForSingleObject failedGetExitCodeProcess failedSecure directory is tempered, exiting...`anonymous-namespace'::runstring too longinvalid string positionvector<T> too longbad cast8}B
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/SysInfo.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: @falsetrueRtlGetVersionntdll() failed: `anonymous-namespace'::initWithRtlGetVersionc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/SysInfo.cpp is not availableGetVersionExWKernel32`anonymous-namespace'::initWithGetVersionExGetVersionExW()%s failed with %s.SysInfo::getProcessModulePathGetModuleFileName(NULL) failedGetSystemDirectory)DllFunction<long (__stdcall*)(struct _OSVERSIONINFOEXW *)>::operator long (__stdcall *)(struct _OSVERSIONINFOEXW *)c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u201\12322\install\src\windows\common\Dll.h() function is not available in DllFunction<int (__stdcall*)(struct _OSVERSIONINFOEXW *)>::operator int (__stdcall *)(struct _OSVERSIONINFOEXW *)SysInfo::`anonymous-namespace'::getSystemDirImpl failedUnexpected reply fromldluLdLu%pEe
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinErrorHandling.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/FileUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: a@] [Some errorGetModuleHandleEx() failed for address.`anonymous-namespace'::makeMessagec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinErrorHandling.cpp(Delete*<>:"|?*/\c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/FileUtils.cpp, Created [\/\] fileFileUtils::`anonymous-namespace'::createNewFileFileUtils::createTempFileIllegal characters in prefix=Illegal characters in suffix=createTempFile(] directoryFileUtils::`anonymous-namespace'::createDirFileUtils::`anonymous-namespace'::moveFileImplMoveFileEx(folderfileMoveMoved '' to ''Deleted on rebootFileUtils::deleteFileDeleteFile(Deleted [FileUtils::`anonymous-namespace'::deleteFileImplDiscarded R/O attribute from [Failed to discard R/O attribute from [] file. File will not be deletedFileUtils::deleteDirectoryRemoveDirectory(FileUtils::`anonymous-namespace'::BatchDeleter::executeFileUtils::iterateDirectoryFindFirstFile(..FindNextFile(FileUtils::`anonymous-namespace'::deleteOnRebootFileUtils::Deleter::mapOpcodeinvalid operation codeX
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Resources.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/tstrings.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Security.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinAutoHandle.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Dll.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: jusched.logTRACEINFOWARNINGERRORUNKNOWNUnknownHoBNo description availablesystem error (#')', type=' (name='Resource::getPtrc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Resources.cppcannot find resourcecannot load resourcetstrings::formatc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/tstrings.cppDestination buffer can't be NULLtstrings::toUtf8Unexpected reply from WideCharToMultiByte()tstrings::toUtf16Unexpected reply from MultiByteToWideChar()c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Security.cppsecurity::SecurityDescriptor::SecurityDescriptorConvertStringSecurityDescriptorToSecurityDescriptor failedCloseHandle(closeHANDLEc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinAutoHandle.cppException with message '' caughtUnknown exception caught(): ) at ;.,:!? . `anonymous-namespace'::loadLibraryc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Dll.cppLoadLibraryW(Dll::DllGetModuleHandleExW(
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/jreoffline/wrapper.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share\Version.h
Source: jre-8u201-windows-i586.exeString found in binary or memory: ModuleModule_RawREGISTRY:bad locale namefalsetrueios_base::badbit setios_base::failbit setios_base::eofbit setjrejavafxjdk1.8.0_201-b09.msi64Wrapper begin...Running offline JRE wrapper with command line=<>WinMainc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/jreoffline/wrapper.cppFailureCould not initialize common controls!YYjoffOld JRE found: No Old JRE Version foundXXWrapper Load ConfigSettings...Error occurred while loading configuration settings. Exiting installer.TRANSFORMSCountryTEST_CONFIG_FILE_ERRORS enabled.Show error <path_to_config_file> Another Java installation is in progress. You must complete that installation before you can run this installer.Wrapper, check for reinstall case..A newer JRE build already exists. Exit install8This is an unsupported operationg system.Wrapper: Extract MSI ...JAVA_INSTALLERMETHODThe user cancelled from Welcome dialog. Exit code: 0icThe user cancelled from Change Folder dialog. Exit code: 0initial ClearMSIStatus() failed. Return Code: %d, ErrorCode: %dINSTALLDIRMSI command line: Error occurred while exporting configuration settings. Exiting installer.WEB_JAVA_SECURITY_LEVEL set to MED/2Upgrade install and Security level >2, show the Med->High Security textWrapper: Execute MSI ...SilentInstallInstallStatusreinstallClearMSIStatus() failed. Return Code: %d, ErrorCode: %dSun\Java\DeploymentRemoving Deployment CacheGetMSIStatus() failed. Return Code: %d, ErrorCode: %dClearMSIStatus() after get failed. Return Code: %d, ErrorCode: %dSoftware\JreMetricsRegDeployStatusVisitorIdMethodWrapper exit code: APPIDVersionDetails::Base<6,struct JavaVersionDetails::Parser,1>::initc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share\Version.hFailed to parse [] version string completely. Number of unrecognized characters is ] version string. The string is too shortstring too longinvalid string positionvector<T> too longinvalid map/set<T> iteratorbad castmap/set<T> too longldluLdLu%pEeDqI|
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/WrapperOffline.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/UpdateConf.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: FPostStatusUrlExecCommandc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/WrapperOffline.cppau.msiExtractAndInstallAutoUpdate%lx%lx%lxffffffff-SOFTWARE\JavaSoft\Java Update\PolicyRegQueryValueEx(%s): Error:%d, ErrorCode:%d
Source: jre-8u201-windows-i586.exeString found in binary or memory: LastUDCheckTimeSoftware\JavaSoftSOFTWARE\JavaSoft\SetJavaSoftKeyc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/UpdateConf.cpp001Pings disabled.Pings enabledNo pings: unallowed url: SendHeadRequest<?xml version="1.0" encoding="UTF-8"?> <request> 1.0sc_xml_ver,suninstallstat%ssuninstallstatdevsunjfxinstallstatdevreportsuiteidvisitoridprop21https://https://sjremetrics.java.com%xnonprodpasswdprop20nonhttpspasswdpagenameevar42evar12%ievar24evar25evar2evar15evar40evar26evar27evar28i586amd64evar4evar5evar6evar7evar8event6,event7eventsNo pings: reinstallexistsdeclineevar17evar18evar19%devar29evar3032bit64bitevar31NAevar33evar34OEMUPDATERegistry value for OEMUPDATE is not found: OEMUpdate after registry check is evar43evar50No pings: decline;jre|%d~%s,;jre|%d~%sproductsJava Removal Tool ping: list1udevent1uaevent2_%devar9evar10NotifyInstallnbdevar11nbi</request>jupdatePing Values: request#$LogHeadRequestBufferGetUpdatedJreMetrics() - RegCreateKeyEx failed: %l Error Code: %d
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/WrapperUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: @P1.1enjava-updateinformationversionxml:langoffline-optionspost-statuscntry-lookupmsi-urlInstallerXmlURLhttps://javadl-esd-secure.oracle.com/update/1.8.0/42970487e3af4f5aa5bca3f542482c60/1.8.0_201-b09.xmlGetOptionsFromXmlIfOnlinec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/WrapperUtils.cppJava3BillDevices%s/%s_%s.png1.8.0_201%s\Sun\Java\jre%s\%s.pngSOFTWARE\Microsoft\Windows\CurrentVersion\RunSunJavaUpdateSchedJava\Java Update\jusched.exe-- DeleteFaultyBaseImage begin...DeleteFaultyBaseImagebaseimage8baseimagefam8fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195-- Cached 32-bit baseimage present and checksum incorrect. Deleting file.0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11-- Cached 64-bit baseimage present and checksum incorrect. Deleting file.%s\%s2.8.201.9SOFTWAREMozillaMozilla FirefoxMinefieldCurrentVersionMainInstall DirectoryError Opening RegKey at 64 bit loaction: %dGetRegValueOfStringTypeError Opening RegKey at 32 or 64 bit loaction: %dRegistry Value not found: %dRegistry Value not of type REG_SZ: %dIERESTARTThe IE browser will be closedBrowserRestartFIREFOXRESTARTThe Firefox browser will be closedThe Firefox browser will be restartedThe IE browser will be restartedfirefox.exeiexplore.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exepathLaunchChrome(): Failed to find Chrome.exe path: %dLaunchChrome%s\chrome.exehttps://java.com/verify9/?src=install"%s" -new-window "%s"LaunchChrome(): ExecProcess() failed.%s\firefox.exe -new-window %sRestart IESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXELaunchIE ---- failed to open version IExplore key ---- LaunchIELaunchIE ---- failed to get value of the IExplore.exe string ---- %s\Oracle\Java\JAVA_INSTALL_FLAGFail to create directory %s, ErrorCode is %dFail to get the file path for Java install flag Fail to set installation flag, ErrorCode is %dSame version newer build JRE exists on the systemCheckForReinstallCaseSame version static JRE exists on the systemSOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDirJavaIsThisAFamilyUpgradeUnexpected bundle typeThis is a Family Upgrade installTurnOffSecurityBaselineCheckDeployLibLoaderError VersionDetails::Base<5,struct VersionDetails::Parser,4>::init
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/JavaScrubSequence.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/JavaScrubPingData.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Djscrub::`anonymous-namespace'::uninstallJavac:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/JavaScrubSequence.cppNumber of JREs installed: jscrub::`anonymous-namespace'::showSequenceNumber of JREs about to remove: Out-of-date Java versions detected: jscrub::JavaScrubSequence::runDRS detected, skipping out-of-date Java uninstallua100ua500ua101ua102JavaScrubPingData: Adding Uninstall result for Version: ; exitCode is jscrub::JavaScrubPingData::addUninstalledVersionc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/JavaScrubPingData.cppJavaScrubPingData: Setting isDrs to: jscrub::JavaScrubPingData::setIsDRSJavaScrubPingData: Setting isIgnoredByUser to: jscrub::JavaScrubPingData::setIsIgnoredByUserJavaScrubPingData: Adding secure Version: jscrub::JavaScrubPingData::calculateSecureVersionsunjre~~;uninstaller~~XXDRS file is found on machinejscrub::JavaScrubPingData::createUninstallPing1: User cancelled jre uninstallationSome JREs were uninstalledJdsOperationSequenceSharedMemoryCostInitialize.InstallInitialize.CreateFolders.
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/ProgressController.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: AAc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/include\ipc/SharedMemory.hdataProgressController::stopc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/ProgressController.cppc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/ProgressController.cppipc::Thread::getCurrent() == ctorThreadProgressController::runsizeof(buffer) == impl.getSize()
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/SecurityPrompts.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: /installmethod
Source: jre-8u201-windows-i586.exeString found in binary or memory: /installurl
Source: jre-8u201-windows-i586.exeString found in binary or memory: /INSTALLDIRPUBJRE
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstallConfigData.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: KAf8BThe Firefox browser restart flag is set`anonymous-namespace'::InitCompleteDialogc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/SecurityPrompts.cppThe IE browser restart flag is setThe browser restart flag is set for the final dialog`anonymous-namespace'::ProcessCompleteDialogThe installer will restart browserjchromejxpijcab`anonymous-namespace'::ProcessRestoreSecurityDialogCheckbox for restoreSecurityPrompts is selected. Calling deploy to doClearUserPreviousDecisions...Checkbox for restoreSecurityPrompts is NOT selected. Calling deploy to doResetUserPreviousDecisions...DeployLibLoaderError in DeployLibLoader constructor ShowDialogs: pane index is %d`anonymous-namespace'::ShowDialogsCancel is pushed, exit ShowDialogsFinishUIInstallationWithSecurityPromptsEmpty Java homeAdding JavaPlugin pane. It will be shown.Adding RestoreSecurity pane. It will be shown.The installer will display the Setup Complete dialogThe Setup Complete dialog is closedINSTALL_SILENT=Disable
Source: jre-8u201-windows-i586.exeString found in binary or memory: TEST_CONFIG_FILE_ERRORS/langWEB_JAVA_SECURITY_LEVELBASEIMAGECHECKSUMSHA256ProductCodeCMDLINEMSI_CMDLINEDEPLOYMENT_RULE_SETUSAGETRACKER_CFGREBOOTADDLOCALSPONSORPREF/installmethod/installurlCOUNTRYOVERRIDE/INSTALLDIRPUBJREINSTALLCFGTEST_RETRYSPLASH_DIALOGTEST_ERRORHELP_DIALOGTEST_SETUPERROR_DIALOGTEST_CHANGE_DIALOGTEST_WELCOME_DIALOGMOSTEST_WELCOME_DIALOGTEST_PROGRESS_DIALOGTEST_FINAL_DIALOGNOSTARTMENUREINSTALL_NO_PROMPTPIPRUNONCEFAMILYUPGRADEREMOVEOLDERJRESREMOVEOUTOFDATEJRESLAUNCHEDFROMJDKREPAIRMODENO_VERIFYDYNAMICBASELINEOFFEULAWEB_ANALYTICSWEB_JAVASPONSORSAUTO_UPDATESTATICINSTALL_SILENT/l/q-no_override-download/h/s=:InstallConfigData::InstallConfigDatac:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstallConfigData.cppEnableDisable234LHVHDefault config settings are:
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/UpdateUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/AuMsi.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: E<!----><!<??>&amp;&lt;&gt;&apos;&quote;ALLPublicjreFeature(null)0123456789abcdefError opening file "%s"getCheckSumc:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u201\12322\install\src\windows\wrappers\common\UpdateUtils.hppCryptAcquireContextCryptCreateHashCryptHashDataCryptGetHashParamChecksum verification for "%s" file failed: expected=[%s]; actual=[%s]; algorithm=%d.verifyCheckSumjucheckCOUNTRYGetCountryc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/wrappers/common/UpdateUtils.cpp'Invalid country value : ' after GetCountry()Save Country Code {4A03706F-666A-4037-7777-5F2748764D10}Expected AU executable not found.au::`anonymous-namespace'::fileExistsc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/AuMsi.cppau::`anonymous-namespace'::initState2.8.0.0No Old AU Version foundau::InstalledState::detectProductVersionFound AU version in MSI: <SOFTWARE\JavaSoft\Auto Update\AUVersionFound AU version in Registry: <Error initializing AU stateAuto Update is enabledau::msi::install::doInstallAuto Update is disabled via configuration settingsDISABLEAU is not upgradeable - Installed version () >= the bundled version ().au::msi::install::operator ()Failed to get existing AU schedule setting.1.6.0_18au::msi::uninstall::operator ()System errorJava\Java Updatejucheck.exejusched.exejaureg.exe
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/config.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: DEnableAutoUpdateCheckITCONFIGEnableJavaUpdateFrequencyUpdateScheduleUpdateMinScheduleIdNotifyDownloadLastUpdateBeginTimeLastUpdateFinishTimeOEMDelayOOBDStartupDelaySDVCUpdateServletURLManualUpdateServletURLBalloonVisible(weekly) day value is out of range, reschedulinggetSchedule failed: au::Config::getSchedulec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/config.cppinconsistent data, reset to defaultgetNotifyType failed: au::Config::getNotifyTypesetNotifyType: unknown value: au::Config::setNotifyTypeunknown notifyTypexI
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/RegData.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: ASOFTWARE\JavaSoft\Java Update\Policy\jucheckunknown encryptionTypegetValue(DWORD) failed: au::RegData::getValuec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/au/common/au/RegData.cppsetValue(DWORD) failed: au::RegData::setValueunknown reg location%I64uencryption failed, sysError=decryption failed, sysError=decrypted data has wrong sizebinary2string (phase1) failed, sysError=binary2string (phase2) failed, sysError=string2binary (phase1) failed, sysError=string2binary (phase2) failed, sysError=error.htmlsetUpdate(%d)setErrorCode(%d)HxIP
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/wrappers/ChangeFolderDialog.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: =Bchange_folder.html(%d)browse\\\cleanErrorMsg();semicolonInPathnotemptyFoldernetworkdrivepathtooshortshowErrorMsg('%s');setFolder('%s');selectSHGetPathFromIDListChangeFolderDialog::browseForFolderc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/wrappers/ChangeFolderDialog.cpp yI
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/wrappers/CancelConfirmation.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: =BCancelConfirmation::showc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/wrappers/CancelConfirmation.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/JavaScrub/SecurityBaselines.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/Dialog.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: =BSun\Java\Deployment\DeploymentRuleSet.jarjscrub::`anonymous-namespace'::downloadBaselinesFilec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/JavaScrub/SecurityBaselines.cpphttps://www.java.com/applet/javaLatestVersion.xmlJavaScrubjscrub::`anonymous-namespace'::verifyEqualsExpected family: ; given version: /jreVersions/familyiddefaultjscrub::SecurityBaselines::SecurityBaselinesUnexpected multiple default familiesbaselineVersionlatestVersionLatest should be upper or equal to base ranges/rangeminVersionmaxVersionInvalid range: min=; max=Ignore version range [|] as it is completely above security baseline.Version range [] intersects with ] overlaps with another range.invalid map<K, T> key/res://%5C%20backtitlesizecloseButtonsetWindowProp(Title): requires 1 paramsui::Dialog::setWindowPropc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/Dialog.cppsetWindowProp(Title): %ssetWindowProp(Size): requires 2 paramssetWindowProp(Size): %d x %dsetWindowProp(closeButton): requires 1 paramssetWindowProp(closeButton): %dsetWindowProp: unexpected prop: '%s'&&quot;<x~Ij8BJ8Bf8Bf8Bzi@g8Bg8Bd~I29B^<Bz<B
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserWindow.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: =BSunAwtDialogRegisterClassui::BrowserWindow::createc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserWindow.cppCreateWindowCreateWindow failedsystemDPI: [, ] scaled [ to [ui::BrowserWindow::scale2systemDPIAdjustWindowRectExui::BrowserWindow::clientSize2windowSizeAdjustWindowRectEx errorbrowser control does not existui::BrowserWindow::staticWndProc$
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/UIThread.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common\Dll.h
Source: jre-8u201-windows-i586.exeString found in binary or memory: GBno parameter at the given positionSetProcessDPIAwareuser32ui::`anonymous-namespace'::initDPIAwarec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/UIThread.cppSetProcessDPIAware failedSetProcessDPIAware succeededUI thread failireCreateControlWindowui::UIThread::ThreadImpl::runUIThread exception: MessageLoop::GetMessageui::UIThread::ThreadImpl::runMessageLoopAction thrown an exception: ui::UIThread::ThreadImpl::wndProcNULL actionaction failedDllFunction<int (__cdecl*)(void)>::operator int (__cdecl *)(void)c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common\Dll.h() function is not available in
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserControl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: InSB(UBIDispatch error #%dUnknown error 0x%0lXCreateInstanceui::BrowserControl::createControlc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserControl.cppwebBrowser -> OleObjectOleObject->SetClientSitecontainerObjcontainerAppOleSetContainedObjectviewObject->SetAdviseDoVerb(OLEIVERB_INPLACEACTIVATE)cannot get CP containerui::BrowserControl::adviseBrowserFindConnectionPointAdviseUnadviseBrowserControl::createControl failedui::BrowserControl::createSetObjectRectsui::BrowserControl::setRectcannot get OleObjectui::BrowserControl::setFocusDoVerb(OLEIVERB_UIACTIVATE)Navigateui::BrowserControl::openUrlwebBrowser->Navigate failedobject is not createdwebBrowser->getDocument(Disp)ui::BrowserControl::execJScriptUnsafewebBrowser->getDocument(HTMLDoc)doc->getScript()evalscript->getIDsOfNamesscript->InvokeJScript execution errorOleWindow(GetWindow)ui::BrowserControl::getObjectWndEMPTYNULL(extractParam[]) COM Error: ui::`anonymous-namespace'::getParamString<unknown>DISPID_HTMLWINDOWEVENTS_ONERROR: ui::BrowserControl::InvokeDISPID_NAVIGATEERROR: QueryCustomPolicy: url='ui::BrowserControl::QueryCustomPolicySetZoneMapping: zone=, flags=, pattern='ui::BrowserControl::SetZoneMappingGetZoneMappings: zone=ui::BrowserControl::GetZoneMappings
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserExternal.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: delaysetWindowProplognotifygetLocaleui::BrowserControl::BrowserExternal::GetIDsOfNamesc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/html_ui/engine/BrowserExternal.cpp((external) unknown method called: ui::BrowserControl::BrowserExternal::InvokeTRACEINFOWARNINGERRORempty messageui::BrowserControl::BrowserExternal::logexternal.notify: no parameters specifiedexternal.setWindowProp: no parameters specifiedcannot get parameter value (): ui::BrowserControl::BrowserExternal::delay0123456789abcdefABCDEF
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/MsiUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: B"" msi::`anonymous-namespace'::CallbackTrigger::adapterc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/MsiUtils.cppMsiCloseHandle() failed with error=msi::closeMSIHANDLEMsiGetProductInfomsi::`anonymous-namespace'::openDatabaseMsiOpenDatabase(, MSIDBOPEN_READONLY) failedMsiViewClose(msi::`anonymous-namespace'::closeDatabaseViewLocalPackageSELECT Value FROM Property WHERE Property = 'msi::Database::getPropertyMsiDatabaseOpenView() failedMsiViewExecute(MsiViewFetch(MsiRecordGetFieldCount() returned unexpected valueMsiRecordGetStringMSI error [msimsg.dllLoadLibraryExW(msi::`anonymous-namespace'::makeMessagemsi::`anonymous-namespace'::handleMsiStatusfailedsucceeded [MsiConfigureProductEx() MsiInstallProduct(ReallySuppressGlobal\_MSIExecutefinish waiting for mutex: msi::waitForInstallationCompletionmsi::`anonymous-namespace'::getProperty
Source: jre-8u201-windows-i586.exeString found in binary or memory: CRtlGetVersionntdll() failed: `anonymous-namespace'::initWithRtlGetVersionc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/SysInfo.cpp is not availableGetVersionExWKernel32`anonymous-namespace'::initWithGetVersionExGetVersionExW()IsWow64Processkernel32SysInfo::isWow64fnIsWow64Process() failedwin32win2003winxpwinlongwinvistawin2008R2win7win2012win8win2012R2win81.-spSysInfo::getProcessModulePathGetModuleFileName(NULL) failedSHGetKnownFolderPathshell32SysInfo::getUserAppDataLowDirSHGetKnownFolderPath(FOLDERID_LocalAppDataLow) failed. GetSystemDirectoryGetSystemWow64DirectoryGetWindowsDirectorygetPatchCache() failed, invalid arch passedOracleinstallcacheinstallcache_x64SysInfo::SHGetFolderPathAdapterSHGetFolderPath(0x, mode=DllFunction<long (__stdcall*)(struct _OSVERSIONINFOEXW *)>::operator long (__stdcall *)(struct _OSVERSIONINFOEXW *)c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u201\12322\install\src\windows\common\Dll.hDllFunction<int (__stdcall*)(struct _OSVERSIONINFOEXW *)>::operator int (__stdcall *)(struct _OSVERSIONINFOEXW *)DllFunction<int (__stdcall*)(void *,int *)>::operator int (__stdcall *)(void *,int *)DllFunction<long (__stdcall*)(struct _GUID const &,unsigned long,void *,wchar_t * *)>::operator long (__stdcall *)(const struct _GUID &,unsigned long,void *,wchar_t **)SysInfo::`anonymous-namespace'::getSystemDirImpl failedUnexpected reply from
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/AllUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Cc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/AllUtils.cppGetUserShellFolderlogit</<l></l>java.exejavaw.exejavaws.exe%s failed with error %d: %sErrorInstaller : Wrapper.CreateFile Installer : Wrapper.WriteFile (In small chunks) Installer : Wrapper.CloseHandle binlib_x64getWorkDirGetUserShellFolder failedD:(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FR;;;WD)O:x
Source: jre-8u201-windows-i586.exeString found in binary or memory: B`*<>:"|?*/\c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/FileUtils.cppCreated [\/C:] fileFileUtils::`anonymous-namespace'::createNewFileFileUtils::createTempFileIllegal characters in prefix=Illegal characters in suffix=createTempFile(] directoryFileUtils::`anonymous-namespace'::createDirCreateDirectory(FileUtils::`anonymous-namespace'::moveFileImplMoveFileEx(folderfileMoveMoved '' to 'Deleted on rebootFileUtils::deleteFileDeleteFile(Deleted [FileUtils::`anonymous-namespace'::deleteFileImplDiscarded R/O attribute from [Failed to discard R/O attribute from [] file. File will not be deletedFileUtils::deleteDirectoryRemoveDirectory(FileUtils::`anonymous-namespace'::BatchDeleter::executeFileUtils::iterateDirectoryFindFirstFile(..FindNextFile(FileUtils::`anonymous-namespace'::deleteOnReboot.tmpjdsFileUtils::Deleter::mapOpcodeinvalid operation codeVersionResource::VersionResourceGetFileVersionInfoSize(GetFileVersionInfo(`anonymous-namespace'::readResourceRecordVerQueryValueW() returned unexpected buffer size.
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/JavaVersion.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: jusched.logUNKNOWNUnknownNo description availablesystem error (COM error 0x%08X (%s)Entering Exiting (entered at _--b.-+-++-+JavaVersionDetails::`anonymous-namespace'::parsec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/JavaVersion.cppInsufficient size of destination buffer[%d < %d] failedJavaVersionDetails::Base::throwUnrecognizedVersionTypeunknown version tagSpecializedVersion<struct JavaVersionDetails::BaseJep223>::SpecializedVersion is not recognized as a Jep223 Java version stringSpecializedVersion<struct JavaVersionDetails::BaseLegacy>::SpecializedVersion is not recognized as a legacy Java version stringSpecializedVersion<struct JavaVersionDetails::BaseJavaFx>::SpecializedVersion is not recognized as a JavaFX Java version string
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Locales.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Dzh_CNzhzh_TWdeesfritjakopt_BRsvc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Locales.cppLocale::fromLangIdunsupported locale langId: GetThreadPreferredUILanguagesPreferredUILanguages: XP fallbackLocale::preferredLanguagesPreferredUILanguages: Vista+GetThreadPreferredUILanguages (detect size) failedGetThreadPreferredUILanguages (get values) failedCannot get langID: DllFunction<int (__stdcall*)(unsigned long,unsigned long *,wchar_t *,unsigned long *)>::operator int (__stdcall *)(unsigned long,unsigned long *,wchar_t *,unsigned long *)
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstallDirValidator.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Registry.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/JavaEnvironment.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: jCINSTALLDIR path contains a semi-colon. It is not supported by this product.InstallDirValidator::isSemicolonInPathc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstallDirValidator.cppINSTALLDIR is not empty. It is not supported by this product.InstallDirValidator::isDirNotEmpty path is too short. It is not supported by this product.InstallDirValidator::validate', type=' (name='Resource::getPtrc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Resources.cppcannot find resourcecannot load resourceStringResource::stringtstrings::formatc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/tstrings.cppDestination buffer can't be NULLtstrings::toUtf8Unexpected reply from WideCharToMultiByte()tstrings::toUtf16Unexpected reply from MultiByteToWideChar()32Registry::openc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Registry.cppopen keyRegistry::getDwordwrong typequery dword valuewrong sizeRegistry::getStringquery string valueRegistry::getBinaryquery binary valueRegistry::getValuequery valueREG_NONEREG_SZREG_EXPAND_SZREG_BINARYREG_DWORDREG_DWORD_BIG_ENDIANREG_LINKREG_MULTI_SZREG_RESOURCE_LISTREG_FULL_RESOURCE_DESCRIPTORREG_RESOURCE_REQUIREMENTS_LISTREG_QWORD[...]; length=Registry::setDwordset dword valueRegistry::setStringset string valueRegistry::setBinaryset binary valuelength=Registry::deleteValuedelete value] valueRegistry::getSubkeyNamesenum subkeys) error: Set []=`anonymous-namespace'::getArchc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/JavaEnvironment.cppUnknown bits value: `anonymous-namespace'::getTypeUnknown Java installation type: Registry key [] exists in both 32bit and 64bit HKLM registry hives. Use from 64bit hive.`anonymous-namespace'::getRegKeyRegistry key '' not found in none of HKLM hives`anonymous-namespace'::getMsiPropertySOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Detect arch of Java installation`anonymous-namespace'::detectBitsDetect type of `anonymous-namespace'::detectTypeProductNameJava SE Development KitFind home dir of `anonymous-namespace'::detectHomeDirInstallLocationUnexpected empty value of [] product property of Java installation. Fall back to heuristic home directory detection.Try home directory from [ProductIcon Java installation.DisplayIcon] registry value of ReadmeJavaHomedetectFullVersionFromMsi(`anonymous-namespace'::detectFullVersionFromMsiFullVersionJDK_VERSIONGiven version is []; Value of "" MSI property is []. Should have the same family.detectFullVersionFromHomeDir(`anonymous-namespace'::detectFullVersionFromHomeDirValue of file version extracted from is []. Unexpected components in file version.Detect full version of `anonymous-namespace'::detectFullVersionDetect mode of `anonymous-namespace'::detectJreModeMSI\MODErt.jarMETA-INF/MANIFEST.MF Detected version mapping from to in `anonymous-namespace'::adjustV
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/NetUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: CException with message '' caughtUnknown exception caught(): ) at ;.,:!?. GETPOSTHEADjava_installerHttpConnection::connect(url=HttpConnection::connectc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/NetUtils.cppInternetCrackUrl failedInvalid schemeHttp is disabledInternetOpen failedInternetConnect failed*/*HttpOpenRequest failedHttpSendRequest failedcannot get response status codeExport DeniedHttpConnection::connect succeeded, size: bytes) returned unexpected size: getHeaderValue(HttpConnection::Response::getIntHeaderValue, name=wininetCannot get header value (HttpConnection::Response::getHeaderValueHttpConnection::Response::readContentInternetReadFile failedHttpConnection::Response::saveToBufferHttp error, status: MB), size is Content size exceeds maximum size (unknownsun.comjava.comoracle.comfile:///
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Browsers.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/Version.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Executor.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: CSoftware\Clients\StartMenuInternetIEXPLORE.EXEFIREFOX.EXEGoogle Chrome.htmlbrowsers::getDefaultBrowserPathc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Browsers.cppcannot find the default browserlaunchDefault(browsers::launchDefaultbrowsers::isInstalledunexpected browserIdCloseHandle(closeHANDLEc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinAutoHandle.cppInternetCloseHandle(closeInternetHandleRegCloseKey(closeRegHandleVersionDetails::Parser::operator ()c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/Version.cppDestination buffer can't be empty < ] failedVersionDetails::parseComponentFailed to recognize version component in [Executor: applicationPath is emptyExecutor::Executorc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Executor.cppapplicationPath is emptyExecutor.exec(): CreateProcessExecutor::execExecutor.exec(): Executor::startExecutionExecutor.finishExecution()Executor::finishExecutionExecutor.finishExecution(): WaitForSingleObject exited with code Executor.finishExecution(): The timeout is elapsed. Terminating Process.Executor.finishExecution(): GetExitCodeProcess()Executor.finishExecution(): ExitCode = Executor.finishExecution(): Process execution Create pipe SUCCESSExecutor::createPipeCreate pipe FAILUREExecutorError in Executor::ExecProcess Executor::ExecProcessExecutor::ExecProcessAsDesktopUserExecProcessAsDesktopUser: appPath is emptyexplorer.exe \Oracle\tmpinstallExecProcessAsDesktopUser: \javatmp.lnk) call failedExecProcessAsDesktopUser: pJavaShortCutItem->SetPath(ExecProcessAsDesktopUser: pJavaShortCutItem->SetArguments(CreateShortCutItem() - pJavaShortCutItemFile->Save call failedCreateShortCutItem() - pJavaShortCutItem->QueryInterface call failedCreateShortCutItem() - pJavaShortCutItem.CoCreateInstance call failedExecProcessAsDesktopUser failed to create temporary shortcutExecProcessAsDesktopUser: Executor.exec(),
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Bundle.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/DeployLibLoader.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: EJava 2 Runtime Environment, SE vJ2SE Runtime Environment 5.0Java(TM) Runtime Environment 6Java(TM) Update Java SE Development Kit JavaFX 2.0Software\JavaSoft\JRESoftware\JavaSoft\Java Runtime EnvironmentSoftware\JavaSoft\JDKSoftware\JavaSoft\Java Development KitBundle::throwUnexpectedTypec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Bundle.cppUnexpected type of `anonymous-namespace'::getRootKeyUnexpected bundle arch: javaHome is empty. Fail to load deploy lib.DeployLibLoader::DeployLibLoaderc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/DeployLibLoader.cppjavaHome is empty. Fail to load deploy libDeployLibLoader: javaHome is msvcr100.dllmsvcrLib path is Failed to load msvcr librarybin\deploy.dllDeployLib path is Failed to load Deploy libraryRegisterDeployExFailed to GetProcAddress(RegisterDeployEx)RegisterDeployEx: query userWebJavaStatusDeployLibLoader::QueryDeployRegisterDeployEx: query userPreviousDecisionsExistRegisterDeployEx: query clearUserPreviousDecisionsRegisterDeployEx: query resetUserPreviousDecisionsRegisterDeployEx: query systemConfig Calling RegisterDeployEx...RegisterDeployEx call returned query_res = %d ( 1 - yes/ok, 0 - no/(not found), -1 - error during execution)RegisterDeployEx call failedisJavaPluginDisabledisPreviousSecurityDecisionsExistdoClearUserPreviousDecisionsdoResetUserPreviousDecisionsdeployment.expiration.check.enabled falseturnOffSecurityBaselineCheckDeployLibLoader::() return falseDeployLibLoader::LogResult() succeed|
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Crypto.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: EverifyChecksumStringc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Crypto.cppUnexpected length of hash string.abcdef1234567890Illegal character in sha256CryptReleaseContextcloseHCRYPTPROVCryptDestroyHashcloseHCRYPTHASH`anonymous-namespace'::acquire_RSA_AES_contextCryptAcquireContext() failed`anonymous-namespace'::createHashCryptCreateHash(`anonymous-namespace'::appendHashDataCryptHashData() failed`anonymous-namespace'::getHashValueSizeCryptGetHashParam(HP_HASHSIZE) failedUnexpected reply from CryptGetHashParam(HP_HASHSIZE). Expected: ; Actual: HashBase::getStringValueCryptGetHashParam(HP_HASHVAL) failed
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstalledJava.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: I(?DhInstalledJava::uninstallc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/InstalledJava.cppImplementation-Versionjavac.exec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/progress/ClientOperation.cppnamec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/progress/OperationSequence.cppop.getState() != Operation::Invalidop.getId()progress->getCurrentChunkId()!currentTimer.get()idp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Guid.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: EDc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/progress/OperationMailbox.cpp`anonymous-namespace'::initGuidc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Guid.cppIIDFromString(}{Guid::toStringStringFromGUID2() failedGuid::generateCoCreateGuid() failedc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/share/Timer.cppr
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/ThreadImpl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: NDipc errorc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/include\ipc/Runnable.himplreply.get()ipc::`anonymous-namespace'::ThreadFunctionc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/ThreadImpl.cppipc::Thread::startipc::Thread::join
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/share/Mutex.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/ConditionalImpl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/HighResolutionTimerImpl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/SharedMemoryImpl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/ComUtils.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/xml.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Dc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/share/Mutex.cppipc::Mutex::~Mutexc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/share/Mutex.cpptid = Thread::getCurrent().getId()Thread::getCurrent().getId() == tid&state == m.state0ipc::Mutex::Lock::~LockThread::getCurrent().getId() == l.tid&l.state == l.m.stateipc::Mutex::Unlock::~Unlockipc::Conditional::Impl::waitc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/ConditionalImpl.cppc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/ConditionalImpl.cppw->eventipc::Conditional::Impl::notifyipc::`anonymous-namespace'::perfFrequencyc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/HighResolutionTimerImpl.cppipc::`anonymous-namespace'::perfCounterc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/SharedMemoryImpl.cppipc::SharedMemoryUnsafe::createc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/SharedMemoryImpl.cppipc::SharedMemoryUnsafe::Snapshot::Snapshotipc::SharedMemoryUnsafe::Snapshot::~Snapshotipc::SharedMemoryUnsafe::Snapshot::flushSome errorGetModuleHandleEx() failed for address.`anonymous-namespace'::makeMessagec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/windows/WinErrorHandling.cppsecurity::`anonymous-namespace'::processTokenc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Security.cppOpenProcessToken failedCopySid failedsecurity::Sid::fromPSIDsecurity::Sid::toStringConvertSidToStringSid failedsecurity::Sid::processOwnerUserGetTokenInformation (get size) failedGetTokenInformation failedsecurity::SecurityDescriptor::SecurityDescriptorConvertStringSecurityDescriptorToSecurityDescriptor failedCoInitialize failed with ComInitializer::ComInitializerc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/ComUtils.cppOleInitialize failed with OleInitializer::OleInitializer - _com_error [0x] '; xml::`anonymous-namespace'::checkParseErrorsc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/xml.cppxml parse error at line , pos xml::Element::textxml::Element::selectElementsselectElements(xml::Element::selectElementIfExistselectElementIfExist(xml::Element::loadInvalid argumentXPathSelectionLanguageSHCreateMemStream() failed
Source: jre-8u201-windows-i586.exeString found in binary or memory: `anonymous-namespace'::loadLibraryc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Dll.cppLoadLibraryW(Dll::DllGetModuleHandleExW(Dll::getFunctionGetProcAddress(Product with ProductCode=[] is tracked multiple timesGroupTracker<class KnownProductCodeInstalledJavaTracker,class Jep223UpgradeCodeInstalledJavaTracker>::nextc:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u201\12322\install\src\windows\common\InstalledJavaTracker.h
Source: jre-8u201-windows-i586.exeString found in binary or memory: Dc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/common/share/progress/Progress.cpp,
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/Util.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Dipc::waitForSingleObjectc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/Util.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/MutexImpl.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/KnownProductCodeInstalledJavaTracker.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Jep223UpgradeCodeInstalledJavaTracker.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: Dipc::Mutex::createc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/MutexImpl.cppc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/ipc/windows/MutexImpl.cppipc::Mutex::destroyipc::Mutex::releaseABCDEF1234567890{1111706F-666A-4037-7777-MNOO06464D10}{1111706F-666A-4037-7777-MNOO03264D10}{1111706F-666A-4037-7777-MNO648764D10}{1111706F-666A-4037-7777-MNO328764D10}{26A24AE4-039D-4CA4-87B4-2F64MNOUUUXX}{26A24AE4-039D-4CA4-87B4-2F32MNOUUUXX}{26A24AE4-039D-4CA4-87B4-2FX64MNOUUXX}{26A24AE4-039D-4CA4-87B4-2FX32MNOUUXX}{6448F0A8-6813-11D6-A77B-00B0D0MNOUUX}{3248F0A8-6813-11D6-A77B-00B0D0MNOUUX}{64A3A4F4-B792-11D6-A78A-00B0D0MNOXXX}{32A3A4F4-B792-11D6-A78A-00B0D0MNOXXX}{64A3A4F4-B792-11D6-A78A-00B0D015OUUX}{32A3A4F4-B792-11D6-A78A-00B0D015OUUX}{35A3A4F4-B792-11D6-A78A-00B0D0142UUX}{7148F0A8-6813-11D6-A77B-00B0D0142UUX}KnownProductCodeInstalledJavaTracker::matchc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/KnownProductCodeInstalledJavaTracker.cppMsiEnumProducts() failed with error=[]
Source: jre-8u201-windows-i586.exeString found in binary or memory: Ignored.KnownProductCodeInstalledJavaTracker::next57BDA5C6-443C-4D65-B233-28239%2d2%04d%2dA3A4F4-B792-11D6-A78A-00B0D02%04d0`anonymous-namespace'::UpgradeCodeIterator::getTemplatec:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/Jep223UpgradeCodeInstalledJavaTracker.cppUnrecognized product type`anonymous-namespace'::InstalledJavaTrackerBase::nextMsiEnumRelatedProducts(GroupTracker<class GroupTracker<class `anonymous namespace'::UpgradeCodeInstalledJavaTracker<0,32>,class A0x4d9af25b::UpgradeCodeInstalledJavaTracker<1,32> >,class GroupTracker<class `anonymous namespace'::UpgradeCodeInstalledJavaTracker<0,64>,class A0x4d9af25b::UpgradeCodeInstalledJavaTracker<1,64> > >::nextGroupTracker<class `anonymous namespace'::UpgradeCodeInstalledJavaTracker<0,32>,class A0x4d9af25b::UpgradeCodeInstalledJavaTracker<1,32> >::nextGroupTracker<class `anonymous namespace'::UpgradeCodeInstalledJavaTracker<0,64>,class A0x4d9af25b::UpgradeCodeInstalledJavaTracker<1,64> >::next
Source: jre-8u201-windows-i586.exeString found in binary or memory: c:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/unzip/unzip.cpp
Source: jre-8u201-windows-i586.exeString found in binary or memory: EcreateFileProxyc:/re/workspace/8-2-build-windows-i586-cygwin/jdk8u201/12322/install/src/windows/common/unzip/unzip.cpp`anonymous-namespace'::ZipFileEntry::ZipFileEntryZIP_FindEntry(`anonymous-namespace'::ZipFileEntry::verifyCan't use ZipFileEntry instance if relase() was called`anonymous-namespace'::extractEntryInMemory::operator ()ZIP_ReadEntry(ZipFile::ZipFileZIP_Open() failed. Error: ZipFile::extractEntryAsUtf8StringZip entry from archive is too large to be extracted into memoryUnexpected empty name of zip entry archive is a directory and can't be extracted into memoryMETA-INF/invalid END header (bad central directory size)invalid END header (bad central directory offset)invalid CEN header (bad signature)invalid CEN header (encrypted entry)invalid CEN header (bad compression method)invalid CEN header (bad header size)zip file name too longzip file is emptyZip file open errorerror reading zip fileinvalid LOC header (bad signature)ZIP_Read: jzentry is NULLZIP_Read: specified offset out of rangeZIP_Read: corrupt zip file: invalid entry sizeZIP_Read: error reading zip fileinflateFully: Unexpected end of fileinflateFully: Unexpected end of streamjzentry was invalid%s: %s
Source: jre-8u201-windows-i586.exeString found in binary or memory: Controllare che i comandi siano validi e riprovare.@070a8439b0e493fc855fedb190a95677bc79b949aa15698258182f29c891a0c84Fehler bei Verbindung mit Java-Installationsprogramm
Source: jre-8u201-windows-i586.exeString found in binary or memory: r die Internetverbindung nicht fortfahren. Weitere Informationen finden Sie in den Installationshinweisen.$Warnung - Java-Installationsprogramm
Source: jre-8u201-windows-i586.exeString found in binary or memory: Java-Installation l
Source: jre-8u201-windows-i586.exeString found in binary or memory: Eine andere Java-Installation wird ausgef
Source: jre-8u201-windows-i586.exeString found in binary or memory: glich. Deinstallieren Sie die derzeit auf Ihrem System installierte Version (Static=1), und versuchen Sie es erneut.%Java-Installation nicht abgeschlossen
Source: jre-8u201-windows-i586.exeString found in binary or memory: Java-installation p
Source: jre-8u201-windows-i586.exeString found in binary or memory: rqEn annan Java-installation p
Source: jre-8u201-windows-i586.exeString found in binary or memory: k igen.#Java-installationen slutf
Source: unknownProcess created: C:\Users\user\Desktop\jre-8u201-windows-i586.exe "C:\Users\user\Desktop\jre-8u201-windows-i586.exe"
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeProcess created: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe "C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe"
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeProcess created: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe "C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe"Jump to behavior
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: jre-8u201-windows-i586.exeStatic PE information: certificate valid
Source: jre-8u201-windows-i586.exeStatic file information: File size 66613600 > 1048576
Source: jre-8u201-windows-i586.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x3f46e00
Source: jre-8u201-windows-i586.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: jre-8u201-windows-i586.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: jre-8u201-windows-i586.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: jre-8u201-windows-i586.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: jre-8u201-windows-i586.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: jre-8u201-windows-i586.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeCode function: 1_2_005F41D5 push ecx; ret 1_2_005F41E8
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeFile created: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jds5927843.tmpJump to dropped file
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeFile created: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 7C10000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 8480000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 8690000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 8730000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 8750000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: 4A00000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\jre-8u201-windows-i586.exeCode function: 0_2_0034697E GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0034697E

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Obfuscated Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
jre-8u201-windows-i586.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jds5927843.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.symauth.com/rpa000%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter0%Avira URL Cloudsafe
http://stackoverflow.com/a/15123777)0%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce0%Avira URL Cloudsafe
https://rps-svcs.oracle.com/services/countrylookupD0%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf0%Avira URL Cloudsafe
http://www.computerhope.com/forum/index.php?topic=76293.00%Avira URL Cloudsafe
http://stackoverflow.com/questions/1068834/object-comparison-in-javascript0%Avira URL Cloudsafe
https://rps-svcs.oracle.com/0%Avira URL Cloudsafe
http://www.tutorialspoint.com/javascript/array_map.htm0%Avira URL Cloudsafe
https://javadl-esd-secure.oracle.com/update/1.8.0/42970487e3af4f5aa5bca3f542482c60/1.8.0_201-b09.xml0%Avira URL Cloudsafe
https://docs.oracle.com/javase/0%Avira URL Cloudsafe
http://es5.github.io/#x15.4.4.210%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith0%Avira URL Cloudsafe
https://rps-svcs.oracle.com/services/countrylookup0%Avira URL Cloudsafe
https://rps-svcs.oracle.com/services/countrylookup)0%Avira URL Cloudsafe
https://rps-svcs.oracle.com/h0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
javadl-esd-secure.oracle.com
unknown
unknownfalse
    		unknown
    rps-svcs.oracle.com
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://javadl-esd-secure.oracle.com/update/1.8.0/42970487e3af4f5aa5bca3f542482c60/1.8.0_201-b09.xmljds5927843.tmp.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.tutorialspoint.com/javascript/array_map.htmjre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reducejre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://rps-svcs.oracle.com/services/countrylookupDjre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filterjre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.symauth.com/rpa00jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://stackoverflow.com/a/15123777)jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://stackoverflow.com/questions/1068834/object-comparison-in-javascriptjre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.computerhope.com/forum/index.php?topic=76293.0jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOfjre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://rps-svcs.oracle.com/jre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://docs.oracle.com/javase/jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000003F60000.00000002.00000001.01000000.00000003.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.symauth.com/cps0(jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000040A3000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.0000000004041000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.000000000429D000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000042D8000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.0000000004276000.00000002.00000001.01000000.00000004.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://es5.github.io/#x15.4.4.21jre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://rps-svcs.oracle.com/services/countrylookupjre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://rps-svcs.oracle.com/services/countrylookup)jusched.log.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWithjre-8u201-windows-i586.exe, 00000000.00000000.1694488389.00000000041BE000.00000002.00000001.01000000.00000003.sdmp, jre-8u201-windows-i586.exe, 00000001.00000003.1778261323.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, jre-8u201-windows-i586.exe, 00000001.00000000.1722600223.00000000043F3000.00000002.00000001.01000000.00000004.sdmp, runtime[1].1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://rps-svcs.oracle.com/hjre-8u201-windows-i586.exe, 00000001.00000003.1771651935.0000000004BC8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1465764
      Start date and time:2024-07-02 01:50:53 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 6m 3s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:7
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:jre-8u201-windows-i586.exe
      Detection:CLEAN
      Classification:clean4.winEXE@3/15@2/0
      EGA Information:
      • Successful, ratio: 50%
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.199.222.107, 104.102.46.104
      • Excluded domains from analysis (whitelisted): e13073.g.akamaiedge.net, fs.microsoft.com, rps-svcs.oracle.com.edgekey.net, ocsp.digicert.com, slscr.update.microsoft.com, javadl-esd-secure.oracle.com.edgekey.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Execution Graph export aborted for target jre-8u201-windows-i586.exe, PID 6860 because there are no executed function
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • VT rate limit hit for: jre-8u201-windows-i586.exe

      Simulations

      Behavior and APIs

      TimeTypeDescription
      19:51:54API Interceptor4x Sleep call for process: jre-8u201-windows-i586.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe (copy)TQCN.exeGet hashmaliciousUnknownBrowse
        C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jds5927843.tmpTQCN.exeGet hashmaliciousUnknownBrowse

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Oracle\Java\jre1.8.0_201\jre1.8.0_201.msi

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Java SE Runtime Environment 8 Update 201, Author: Oracle Corporation, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Sun Dec 16 09:00:12 2018, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 4, Template: Intel;1033, Last Saved By: Intel;1033, Revision Number: {26A24AE4-039D-4CA4-87B4-2F32180201F0}8.0.2010.9;{26A24AE4-039D-4CA4-87B4-2F32180201F0}8.0.2010.9;{57BDA5C6-443C-4D65-B233-282393218000}, Number of Pages: 200, Number of Characters: 131135
          Category:dropped
          Size (bytes):63856640
          Entropy (8bit):7.995160618971232
          Encrypted:true
          SSDEEP:1572864:iQUaVuA4CJa5XMqUQ06sDHVuE5xamp3oNLHMs:iyoWJSFU6sjoexRp3
          MD5:74082EB88C49A2A04F11488A02D90679
          SHA1:B56DB313916B76AF86BDB4E79226D72D6D1357C6
          SHA-256:F75787904F5FC07D600BB3E298DC37B7C0305570FF3E402F50C6F10FD1F66ADA
          SHA-512:7C2B7056B5975F5F99498B86E7577F1C829925095D9F06FD5BD425BC3CCD6B1CD04EC8EC0974B77DC337F59F8263A0915DFE228B481FA70EC310C081D7978266
          Malicious:false
          Reputation:low
          Preview:......................>.................................................................................... ...$...(...,...0...4...8...<..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:data
          Category:dropped
          Size (bytes):49120
          Entropy (8bit):0.0017331682157558962
          Encrypted:false
          SSDEEP:3:Ztt:T
          MD5:0392ADA071EB68355BED625D8F9695F3
          SHA1:777253141235B6C6AC92E17E297A1482E82252CC
          SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
          SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\layout[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:Unicode text, UTF-8 (with BOM) text
          Category:dropped
          Size (bytes):2248
          Entropy (8bit):4.685488752161589
          Encrypted:false
          SSDEEP:48:lYk4XAm0tHXdY1zJ/R8t9RGlw26QinwjTU4wlwDwAHkwG8/YoJ1iQF:hU8oU35TwjToiEw7G8w6iQF
          MD5:CC86B13A186FA96DFC6480A8024D2275
          SHA1:D892A7F06DC12A0F2996CC094E0730FE14CAF51A
          SHA-256:FAB91CED243DA62EC1D938503FA989462374DF470BE38707FBF59F73715AF058
          SHA-512:0E3E4C9755AA8377E00FC9998FAAB0CD839DFA9F88CE4F4A46D8B5AAF7A33E59E26DBF55E9E7D1F8EF325D43302C68C44216ADB565913D30818C159A182120FC
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:./*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */..function addOnloadCallback (newonload) {. var oldonload = window.onload. if (typeof oldonload == "function") {. window.onload = function() {. oldonload(). newonload(). }. } else {. window.onload = newonload. }.}..// function is called before onload event fired.function initLayout() {. function setElement(id) {. var src = document.getElementById(id + ".src"). if (src !== null) {. var innerHTML = src.innerHTML. src.parentNode.removeChild(src). document.getElementById(id).innerHTML = innerHTML. }. }.. setElement("header"). setElement("main"). setElement("footer_left"). setElement("footer_right").. l10n.setLocale(host.getLocale()).. configureAnchors().}..addOnloadCallback( function () {. // set focus to t

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\masthead_fill[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:PNG image data, 172 x 57, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):1121
          Entropy (8bit):6.362755998125199
          Encrypted:false
          SSDEEP:24:xa1he91Wwjx82lY2T3o5VDus7KfQ22yJ3VDzCK2EGwqJ2OU:uqQNn2qptuY2tJ3pzH2EMsOU
          MD5:91A7B390315635F033459904671C196D
          SHA1:B996E96492A01E1B26EB62C17212E19F22B865F3
          SHA-256:155D2A08198237A22ED23DBB6BABBD87A0D4F96FFDC73E0119AB14E5DD3B7E00
          SHA-512:B3C8B6F86ECF45408AC6B6387EE2C1545115BA79771714C4DD4BBE98F41F7034EAE0257EC43C880C2EE88C44E8FC48C775C5BB4FD48666A9A27A8F8AC6BCFDCB
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:.PNG........IHDR.......9........(....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:DD55D8D6564411E4818DDB4A98AB2FE4" xmpMM:DocumentID="xmp.did:DD55D8D7564411E4818DDB4A98AB2FE4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DD55D8D4564411E4818DDB4A98AB2FE4" stRef:documentID="xmp.did:DD55D8D5564411E4818DDB4A98AB2FE4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..\....IDATx......0.D..r..(..&.5......jm.>..k `..N.....jX.K+..Kj..+..lX.E.g-j.@.b..K..m..jX.K.a....lX.J@.a%.V..,

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\welcome[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
          Category:dropped
          Size (bytes):2844
          Entropy (8bit):5.088249790930343
          Encrypted:false
          SSDEEP:48:lmIApyUuDpSKZq+PBscVL6zDEbSLh0HEinDrlKVZEfsRaxNi3E71cB6bA3a8+DSv:1AEoKZqV0KsPlKVZEfsRaghYDDm7
          MD5:6B750D0B068570E76F5E1360C62CDABA
          SHA1:2C7C2A1C4F9EC0463E5A332B36EA393E653761E6
          SHA-256:3A5E18546535BB6CD70FF0958878A3D64BC3F0F1A0D55C41E3039A1430F2C94E
          SHA-512:83F050D2AD89E607429F71736CDF8888D71BDC87F38AE0571A87CE1458F0B8BBB10E0B03319414AE360AA53B68C5F77815840E7A65B9597932F19FCBF9BBA6BC
          Malicious:false
          Reputation:low
          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">....<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.... .. Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved... ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...-->....<head>.. <meta http-equiv="X-UA-Compatible" content="IE=7"/>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>.. <title> </title>.. <script type="text/javascript" src="runtime.js"></script>.<script type="text/javascript" src="host.js"></script>.<script type="text/javascript" src="l10n.js"></script>.<script type="text/javascript" src="layout.js"></script>.<script type="text/javascript" src="rtutils.js"></script>.. <script type="text/javascript">.addOnloadCallback( function () {.. getElement("cancelBtn").onclick = function () {. host.notify("cancel"). }.. getElement("installBtn").onclick = function () {.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\common[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1818
          Entropy (8bit):4.9454967634174
          Encrypted:false
          SSDEEP:48:olDvWfdWDiMmy8kSXDjMW26KLc4UOUTmF8IID:EIdWD8IWFKLc4Ujmw
          MD5:F5BB484D82E7842A602337E34D11A8F6
          SHA1:09EA1DEE4B7C969771E97991C8F5826DE637716F
          SHA-256:219108BFEF63F97562C4532681B03675C9E698C5AE495205853DBCBFD93FAF1A
          SHA-512:A23CC05B94842E1F3A53C2EA8A0B78061649E0A97FCD51C8673B2BCB6DE80162C841E9FDDE212D3DFD453933DF2362DCB237FE629F802BAFAA144E33CA78B978
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:/*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */..html, body {. overflow: hidden;. margin: 0;. padding: 0;.}..div, span {. font-family: "Segoe UI",arial,sans-serif;.}..a {. color: rgb(33, 79, 131);. text-decoration: underline;.}..table {. border: none;. border-collapse: collapse;. /* all our tables fills 100% of parent */. width: 100%;. padding: 0;.}.td {. padding: 0;. border-spacing: 0;.}..button {. font-size:10pt;. padding: 1pt 8pt 1pt 8pt;. margin: 0 8pt 0 0;. overflow: visible;. min-width: 80pt;.}..div#root {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;. left: 0;. top: 0;. display: none;.}..#masthead img {. height: 57px;. display: block;.}.#masthead .left {. width: 208px;.}.#masthead .fill>img {. width: 100%;.}..#header_ctnr {. height: 50px;. background-color: #e7e5d5;. text-align: center;.}.#header, #headerText {. font-size:1

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\host[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:Unicode text, UTF-8 (with BOM) text
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):4.492829784193595
          Encrypted:false
          SSDEEP:24:9RV7D5/XtGTIauKK6opGgYW3CXDLGb2f2yOCbFKjCbFr5h8/TCbFXuTCbFVjCbFK:lFXtGTbK6iGgZyHGb2f2yZFvFr5mKFrF
          MD5:A752A4469AC0D91DD2CB1B766BA157DE
          SHA1:724AE6B6D6063306CC53B6AD07BE6F88EAFFBAB3
          SHA-256:1E67043252582AEA0E042F5A7BE4A849B7CD01B133A489C3B2E67C10ADE086F3
          SHA-512:ABC2899705A23F15862ACF3D407B700BB91C545722C02C7429745AB7F722507285C62614DCB87EA846F88FC0779345CB2E22DC3AD5F8113F6907821505BE2C02
          Malicious:false
          Preview:./*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */..// redirect all log output to host.log.require("log").prototype.logWrite = function (channel, msg) {. host.log(channel, msg).}.// define log variable in "global namespace".var log = require("log")()..var host = new function () {.. function addFunction(name, fallback) {. if (external && (name in external)) {. this[name] = function () {. var args = "". for (var i = 0; i < arguments.length; ++i) {. args += "arguments[" + i + "],". }. return eval("external." + name + "(" + args.slice(0, -1) + ")"). }. } else if (fallback instanceof Function) {. this[name] = fallback. } else {. this[name] = function () {. }. }. }.. addFunction.call(this, "log"). addFunction.call(thi

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\l10n[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text
          Category:dropped
          Size (bytes):4825
          Entropy (8bit):4.608726199173222
          Encrypted:false
          SSDEEP:96:4t/V3qoC44l4idyrsftEHNa2AmgERLJvQJqi3qKeVvEEik6mYh34HvTviDGQP:gCbl4idyrsftPBEnvPsqzdEEik6PhGv4
          MD5:1FD5111B757493A27E697D57B351BB56
          SHA1:9CA81A74FA5C960F4E8B3AD8A0E1EC9F55237711
          SHA-256:85BBEC802E8624E7081ABEAE4F30BD98D9A9DF6574BD01FE5251047E8FDAF59F
          SHA-512:80F532E4671D685FA8360EF47A09EFCB3342BCFCF929170275465F9800BFBFFFC35728A1BA496D4C04A1FDEFB2776AF02262C3774F83FEA289585A5296D560B0
          Malicious:false
          Preview:./*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */..function WixFile (fname) {. var xmlDoc = require("activex")("Msxml2.DOMDocument");. // If loading an XML document from a resource, the load must be performed asynchronously.. xmlDoc.async = true. xmlDoc.load(fname).. // We don't want to process asynchronously because this can cause size effects. // like execution of the onload handlers before layout is initialized.. // So we wait here until the document loading is complete. // (actually I was not able to reproduce the case when xmlDoc.load returns before. // onreadystatechange event is fired, and MSDN example does not check ready state,. // but lets do it for safety).. while (xmlDoc.readyState !== 4) {. host.delay(10). }.. if (xmlDoc.parseError.errorCode != 0) {. var theErr = xmlDoc.parseError. log.fatal(fname + ": xml loadin

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\masthead_left[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:PNG image data, 208 x 57, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):4551
          Entropy (8bit):7.830264553000027
          Encrypted:false
          SSDEEP:96:QY2zSEpQqrAB8XlLPQMcnI0lYAc7FuMdVL9wB5bIkWdp:QZpQT8XlTQBIy/c74URTkWz
          MD5:B663555027DF2F807752987F002E52E7
          SHA1:AEF83D89F9C712A1CBF6F1CD98869822B73D08A6
          SHA-256:0CE32C034DFB7A635A7F6E8152666DEF16D860B6C631369013A0F34AF9D17879
          SHA-512:B104ED3327FED172501C5AA990357B44E3B31BB75373FB8A4EA6470EE6A72E345C9DC4BCF46A1983C81ADB567979E6E8E6517D943EB204C3F7FAC559CD17C451
          Malicious:false
          Preview:.PNG........IHDR.......9......2i....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:DD55D8D2564411E4818DDB4A98AB2FE4" xmpMM:DocumentID="xmp.did:DD55D8D3564411E4818DDB4A98AB2FE4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A55B1E89564211E4818DDB4A98AB2FE4" stRef:documentID="xmp.did:A55B1E8A564211E4818DDB4A98AB2FE4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>b>.>...9IDATx..\.TT..f.f..a`...U.d@.....Ic5F.K..6.9=ik.MO{.lm.zr..Dc..%.&1.c..Q.@Q..d.a.e...}....D@...p.s.p.}w...~...

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\rtutils[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:Unicode text, UTF-8 (with BOM) text
          Category:dropped
          Size (bytes):244
          Entropy (8bit):5.0714541475696
          Encrypted:false
          SSDEEP:6:9F3VfHzDmMpUeZONAuVEXM2U4RTkVubDRd7j:9F3VPzDk0+4RTRDRRj
          MD5:C0A4CEBB2C15BE8262BF11DE37606E07
          SHA1:CAFC2CCB797DF31EECD3AE7ABD396567DE8E736D
          SHA-256:7DA9AA32AA10B69F34B9D3602A3B8A15EB7C03957512714392F12458726AC5F1
          SHA-512:CC68F4BC22601430A77258C1D7E18D6366B6BF8F707D31933698B2008092BA5348C33FA8B03E18C4C707ABF20CE3CBCB755226DC6489D2B19833809C98A11C74
          Malicious:false
          Preview:./*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */../* helper utilities */..function getElement(id) {. return document.getElementById(id);.}.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\runtime[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:ASCII text, with CRLF, LF line terminators
          Category:dropped
          Size (bytes):38529
          Entropy (8bit):4.824303031945631
          Encrypted:false
          SSDEEP:768:Rzu7qi9eRvuLoh8QDFdjXbuAQsPScZLR/JQTF7N:8o4BQDfuAQWRQ7
          MD5:FB30766ECC8A37B4D648980BF5179A79
          SHA1:A2C49A091020520AF5E87C6C8D27D4EA0E97684D
          SHA-256:7F0E33CA27109D5B0261BD63FD6495A0BAB272E200DBEE242BF3A91CE126E3F4
          SHA-512:5C6F0F154DAB475DAD3E119E35B81BF32EE0515FE3ED55551AA44DB9631D094B3E015EF32591DCAF68ACAAB71CA806A7E256957A735A91A9F507DB50FA57FFDB
          Malicious:false
          Preview:/*.. * This is automatically generated file... */....//..// Load modules in dedicated scope..//..var jibe = (function (jibe) {....//////////////////////////////////////////////////////////////////////////////..//..// util module..//..//////////////////////////////////////////////////////////////////////////////..jibe.loadModule(function (require, publish, jibe, __FILE__, __MODULE__, log) {../*. * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.. * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.. */..if (!Array.prototype.contains) {. Array.prototype.contains = function (k) {. return (this.indexOf(k) !== -1). }.}...if (!Array.prototype.unique) {. Array.prototype.unique = function () {. return this.filter(function (v, i) {. return (this.indexOf(v) === i). }, this). }.}...if (!Array.prototype.forEach) {. Array.prototype.forEach = function (callback, thisArg) {. var len = this.length. if (ty

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\welcome_en[1]

          Download File
          Process:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          File Type:XML 1.0 document, ASCII text
          Category:dropped
          Size (bytes):978
          Entropy (8bit):4.84455628672086
          Encrypted:false
          SSDEEP:24:2dE4+QGRE5kYc1/0AQw/tEj3nWxoWuKBIhRbmIs:ciTO5kYceAzO7NrKBIh4Is
          MD5:9E0E7CA0500B39CD12A44642D6FCD659
          SHA1:588D7153C2DDEB1A92F36F1F3EC3AC7DABFA78F2
          SHA-256:AA1CF901A557492E9F95039ECF356B4E1451647B5E8538159FCA4B0CBE289EA6
          SHA-512:0A853233946AFDC09ADABCEE557608DDC3A7EE22F1D3D9B71DC826911B4C3D5A148A407CDEDD60CF56FB011485ACB77D46C246858AF9DCD40032B16CA1C99556
          Malicious:false
          Preview:<?xml version="1.0" encoding="utf-8"?>.<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization" Codepage="1252">. <String Id='lang'>1033</String>.. <String Id='title'>Java Setup - Welcome</String>. <String Id='header'>Welcome to Java</String>. <String Id='description'>. Java provides access to a world of amazing content.. From business solutions to helpful utilities and entertainment, Java makes. your Internet experience come to life.. </String>. <String Id='personalInfo'>. Note: No personal information is gathered as part of our install process.. [Click here] for more information on what we do collect.. </String>. <String Id='license'>. Click Install to accept the [license agreement] and install Java now.. </String>. <String Id='changeFolder'>Change destination folder</String>. <String Id='cancelBtn'>Cancel</String>. <String Id='installBtn'>&amp;Install &gt;</String>..</WixLocalization>.

          C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jds5927843.tmp

          Download File
          Process:C:\Users\user\Desktop\jre-8u201-windows-i586.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):66318200
          Entropy (8bit):7.983108516295702
          Encrypted:false
          SSDEEP:1572864:vKQUaVuA4CJa5XMqUQ06sDHVuE5xamp3oNLHMs7:SyoWJSFU6sjoexRp3i
          MD5:3FF9B6B335E9214FE0338B77558F8908
          SHA1:97E924246B3E2EA8DF787661742A5A256C89BE00
          SHA-256:A1A4C372B2F754B4B844627C21638EFE5EB6C11E237948A5CDC6D745AB45779C
          SHA-512:91862C90BE6F34F400F9AEAF84BFC2C2185E8B1538FCAEDD6CA39B9D523A3095B650D8D40382C5892A3DC6E505C49E3F80B964392B086D2AB70DEBCB4697D064
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Joe Sandbox View:
          • Filename: TQCN.exe, Detection: malicious, Browse
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........P...P...P...?.G.U....t.Q...Kkr.M...KkF....KkG.....Y.o.\...Y...M...P...2...KkC. ...Kkv.Q...P.{.U...Kkq.Q...RichP...................PE..L......\............................=........0....@..........................0............@.................................l........P..H...............x............................................g..@............0...............................text............................... ..`.rdata......0......................@..@.data...@n.......@..................@....rsrc...H....P......................@..@.reloc..F,..........................@..B................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe (copy)

          Download File
          Process:C:\Users\user\Desktop\jre-8u201-windows-i586.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):66318200
          Entropy (8bit):7.983108516295702
          Encrypted:false
          SSDEEP:1572864:vKQUaVuA4CJa5XMqUQ06sDHVuE5xamp3oNLHMs7:SyoWJSFU6sjoexRp3i
          MD5:3FF9B6B335E9214FE0338B77558F8908
          SHA1:97E924246B3E2EA8DF787661742A5A256C89BE00
          SHA-256:A1A4C372B2F754B4B844627C21638EFE5EB6C11E237948A5CDC6D745AB45779C
          SHA-512:91862C90BE6F34F400F9AEAF84BFC2C2185E8B1538FCAEDD6CA39B9D523A3095B650D8D40382C5892A3DC6E505C49E3F80B964392B086D2AB70DEBCB4697D064
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Joe Sandbox View:
          • Filename: TQCN.exe, Detection: malicious, Browse
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........P...P...P...?.G.U....t.Q...Kkr.M...KkF....KkG.....Y.o.\...Y...M...P...2...KkC. ...Kkv.Q...P.{.U...Kkq.Q...RichP...................PE..L......\............................=........0....@..........................0............@.................................l........P..H...............x............................................g..@............0...............................text............................... ..`.rdata......0......................@..@.data...@n.......@..................@....rsrc...H....P......................@..@.reloc..F,..........................@..B................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\jusched.log

          Download File
          Process:C:\Users\user\Desktop\jre-8u201-windows-i586.exe
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):16555
          Entropy (8bit):5.635026930074416
          Encrypted:false
          SSDEEP:192:CXifi6MKhm771DcQr6+NqoL2VAGL+5VSUlcMAbd09al/xWIuaw0sTVfY:dm771D9qoL2VAGdUlcMAmcwXZY
          MD5:9321CA146BC3EA3D9FA17BF1CB9C44AC
          SHA1:5AC321DF08F4F168F05733C6A78D0DCF868C857C
          SHA-256:882A49F911A31268E8EB17CFD8D9DED9E7B5FA1C5A0B1929FF319640D828F4AB
          SHA-512:861662772586DA1CC43BFBB28CF219338E32F0260D2A6FBC403246576399F1E723BF7D43FF241E61DB06A101FA9C43CE4F3DE376CABA2AFBC366E777E914490B
          Malicious:false
          Preview:[2023/10/03 12:49:33.046, jusched.exe (PID: 7824, TID: 7204), AllUtils.cpp:135 (logit)]...INFO: **************** Running jusched ****************....[2023/10/03 12:52:05.892, jusched.exe (PID: 6340, TID: 6320), AllUtils.cpp:135 (logit)]...INFO: **************** Running jusched ****************....[2023/10/03 12:57:40.870, jusched.exe (PID: 6456, TID: 6460), AllUtils.cpp:135 (logit)]...INFO: **************** Running jusched ****************....[2023/10/03 13:02:40.886, jusched.exe (PID: 6456, TID: 6460), AllUtils.cpp:135 (logit)]...INFO: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed Oct 4 20:37:00 2023....[2023/10/03 13:02:40.886, jusched.exe (PID: 6456, TID: 6460), AllUtils.cpp:135 (logit)]...INFO: JavaUpdate [Critical] NextSchedTime=Wed Oct 4 20:37:00 2023..JavaUpdate [Critical]lastSchedTime=Wed Sep 27 20:37:00 2023..JavaUpdate [Critical]nextSchedTime=Wed Oct 4 20:37:00 2023..JavaUpdate [Critical]sleeptime (sec=113660, h

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.979605035251398
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.12%
          • InstallShield setup (43055/19) 0.43%
          • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          File name:jre-8u201-windows-i586.exe
          File size:66'613'600 bytes
          MD5:302eae56691aed62c78c62e4ebac4e22
          SHA1:4a354626ab98491f109fa0981008516b599101c0
          SHA256:2caa55f2a9bffb6be596fb34f8ce14a554a60008b2764734b41a28ae15a21ea4
          SHA512:845a707fc86e5d3689ba51f8ad4b504ac73af4c07fb6008c3475a0744767068153662edbb1ae29882ca28daa13568f91db00d0b41701018d2eb286e5123f2802
          SSDEEP:1572864:4KQUaVuA4CJa5XMqUQ06sDHVuE5xamp3oNLHMsk:/yoWJSFU6sjoexRp3F
          TLSH:E1E733197690C032E5B7837199AD83B855B1FCB08A35849B73DCB65D4FB12C18F32B6A
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-...CK..CK..CK...K..CK.E.K..CK.E.K..CK.E.K9.CK...K..CK...K..CK..BK..CK.E.K..CK.E.K..CK...K..CK.E.K..CKRich..CK...............

          File Icon

          Icon Hash:d08c8e8ea2868a54

          Static PE Info

          General

          Entrypoint:0x40e208
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x5C1615B6 [Sun Dec 16 09:07:02 2018 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:1
          File Version Major:5
          File Version Minor:1
          Subsystem Version Major:5
          Subsystem Version Minor:1
          Import Hash:1ca0524118d0fda0a70479ae0d39af0f

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 26/02/2018 00:00:00 27/02/2020 23:59:59
          Subject Chain
          • CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, S=California, C=US
          Version:3
          Thumbprint MD5:AD6FCA398B3380400C0D6B473504AD1D
          Thumbprint SHA-1:0AD606D3EAED77C1D5E2FF3076FD26B18E21BC2A
          Thumbprint SHA-256:F913F45E7D8E59C5A6F26A3F2A5981EA60DC4BBD0B989E3C38C76063AB4F36FB
          Serial:597E4E45CBC115BBA6402602E89CBF45

          Entrypoint Preview

          Instruction
          call 00007F4A90E56D26h
          jmp 00007F4A90E4E43Eh
          mov edi, edi
          push ebp
          mov ebp, esp
          mov eax, dword ptr [ebp+14h]
          push esi
          test eax, eax
          je 00007F4A90E4E5F3h
          cmp dword ptr [ebp+08h], 00000000h
          jne 00007F4A90E4E5C5h
          call 00007F4A90E54AF0h
          push 00000016h
          pop esi
          mov dword ptr [eax], esi
          call 00007F4A90E5595Ch
          mov eax, esi
          jmp 00007F4A90E4E5DCh
          cmp dword ptr [ebp+10h], 00000000h
          je 00007F4A90E4E599h
          cmp dword ptr [ebp+0Ch], eax
          jnc 00007F4A90E4E5C0h
          call 00007F4A90E54AD2h
          push 00000022h
          pop ecx
          mov dword ptr [eax], ecx
          mov esi, ecx
          jmp 00007F4A90E4E590h
          push eax
          push dword ptr [ebp+10h]
          push dword ptr [ebp+08h]
          call 00007F4A90E4DEB8h
          add esp, 0Ch
          xor eax, eax
          pop esi
          pop ebp
          ret
          mov edi, edi
          push ebp
          mov ebp, esp
          lea eax, dword ptr [ebp+14h]
          push eax
          push 00000000h
          push dword ptr [ebp+10h]
          push dword ptr [ebp+0Ch]
          push dword ptr [ebp+08h]
          call 00007F4A90E51D55h
          add esp, 14h
          pop ebp
          ret
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          mov eax, dword ptr [esp+0Ch]
          push ebx
          test eax, eax
          je 00007F4A90E4E604h
          mov edx, dword ptr [esp+08h]
          xor ebx, ebx
          mov bl, byte ptr [esp+0Ch]
          test edx, 00000003h
          je 00007F4A90E4E5C8h
          mov cl, byte ptr [edx]
          add edx, 01h
          xor cl, bl
          je 00007F4A90E4E624h
          sub eax, 01h
          je 00007F4A90E4E5E4h
          test edx, 00000003h
          jne 00007F4A90E4E59Ch
          sub eax, 04h
          jc 00007F4A90E4E5C4h
          push edi
          mov edi, ebx
          shl ebx, 08h
          add ebx, edi
          mov edi, ebx

          Rich Headers

          Programming Language:
          • [C++] VS2010 build 30319
          • [ASM] VS2010 SP1 build 40219
          • [C++] VS2010 SP1 build 40219
          • [ C ] VS2010 SP1 build 40219
          • [ C ] VS2008 SP1 build 30729
          • [IMP] VS2008 SP1 build 30729
          • [RES] VS2010 SP1 build 40219
          • [LNK] VS2010 SP1 build 40219

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x2b0b00x3c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x3f46cb8.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x3f856000x1b60.reloc
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f770000x1fc8.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x274980x40.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x230000x1a0.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x215090x216008fb87f65702c69b6df0f7fa806cdb66fFalse0.5787394662921348data6.631145218466368IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x230000x8a1c0x8c00ab765297e26445e52cee7b9dd2261266False0.33755580357142856data4.804048862693966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x2c0000x3d200x1c000e08fa8b1571945fdf36294a03fd3f0bFalse0.32156808035714285data4.175110889853331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x300000x3f46cb80x3f46e004911df600510c999d58d612f3e5cf964unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x3f770000x125b80x126009f19a856442e966c9a62feef5f08f05aFalse0.08793048469387756data1.1675298594357466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x3f6f3080x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.21890243902439024
          RT_ICON0x3f6f9700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.3400537634408602
          RT_ICON0x3f6fc580x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.35450819672131145
          RT_ICON0x3f6fe400x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46283783783783783
          RT_ICON0x3f6ff680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5026652452025586
          RT_ICON0x3f70e100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5798736462093863
          RT_ICON0x3f716b80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.40264976958525345
          RT_ICON0x3f71d800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.3273121387283237
          RT_ICON0x3f722e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.27344398340248965
          RT_ICON0x3f748900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.37875234521575984
          RT_ICON0x3f759380x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.37868852459016394
          RT_ICON0x3f762c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.4796099290780142
          RT_RCDATA0x303900x3f3ef78PE32 executable (GUI) Intel 80386, for MS WindowsEnglishUnited States0.5859279632568359
          RT_GROUP_ICON0x3f767280xaedataEnglishUnited States0.5977011494252874
          RT_VERSION0x3f769580x35cdataEnglishUnited States0.4720930232558139
          RT_MANIFEST0x3f767d80x17eXML 1.0 document, ASCII textEnglishUnited States0.5916230366492147

          Imports

          DLLImport
          KERNEL32.dllGetCurrentProcess, GetModuleHandleExW, GetSystemDirectoryA, GetModuleFileNameA, GetTempPathA, LocalFree, CreateFileA, MoveFileExA, GetTickCount, GetFileAttributesA, FindFirstFileA, SetLastError, RemoveDirectoryA, SetFileAttributesA, FindClose, FindNextFileA, CloseHandle, DeleteFileA, Sleep, FormatMessageW, GetLocalTime, GetCurrentThreadId, GetCurrentProcessId, FindResourceA, LoadResource, SizeofResource, LockResource, WideCharToMultiByte, MultiByteToWideChar, InterlockedDecrement, FreeLibrary, LoadLibraryW, InterlockedIncrement, InterlockedExchange, GetStringTypeW, DecodePointer, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetModuleHandleW, ExitProcess, HeapFree, GetCommandLineA, HeapSetInformation, GetStartupInfoW, GetFileType, WriteFile, GetConsoleCP, GetConsoleMode, GetModuleHandleA, RtlUnwind, HeapAlloc, LCMapStringW, GetCPInfo, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, GetLocaleInfoW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStdHandle, GetModuleFileNameW, HeapCreate, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, QueryPerformanceCounter, GetSystemTimeAsFileTime, ReadFile, SetFilePointer, FlushFileBuffers, HeapSize, SetStdHandle, SetEndOfFile, GetProcessHeap, WriteConsoleW, GetACP, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, HeapReAlloc, CreateFileW, GetProcAddress, GetLastError, CreateDirectoryA, CreateProcessA, SetDllDirectoryA, GetExitCodeProcess, WaitForSingleObject, GetModuleHandleExA, EncodePointer, RaiseException
          ADVAPI32.dllConvertStringSecurityDescriptorToSecurityDescriptorA

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States

          Network Behavior

          Network Port Distribution

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jul 2, 2024 01:51:52.767410994 CEST5751253192.168.2.41.1.1.1
          Jul 2, 2024 01:51:54.061347008 CEST5223653192.168.2.41.1.1.1
          Jul 2, 2024 01:52:04.732021093 CEST53600151.1.1.1192.168.2.4

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jul 2, 2024 01:51:52.767410994 CEST192.168.2.41.1.1.10x435dStandard query (0)javadl-esd-secure.oracle.comA (IP address)IN (0x0001)false
          Jul 2, 2024 01:51:54.061347008 CEST192.168.2.41.1.1.10xa540Standard query (0)rps-svcs.oracle.comA (IP address)IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jul 2, 2024 01:51:52.774364948 CEST1.1.1.1192.168.2.40x435dNo error (0)javadl-esd-secure.oracle.comjavadl-esd-secure.oracle.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
          Jul 2, 2024 01:51:54.077136993 CEST1.1.1.1192.168.2.40xa540No error (0)rps-svcs.oracle.comrps-svcs.oracle.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:19:51:46
          Start date:01/07/2024
          Path:C:\Users\user\Desktop\jre-8u201-windows-i586.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\jre-8u201-windows-i586.exe"
          Imagebase:0x330000
          File size:66'613'600 bytes
          MD5 hash:302EAE56691AED62C78C62E4EBAC4E22
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:1
          Start time:19:51:49
          Start date:01/07/2024
          Path:C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\AppData\Local\Temp\jds5927828.tmp\jre-8u201-windows-i586.exe"
          Imagebase:0x590000
          File size:66'318'200 bytes
          MD5 hash:3FF9B6B335E9214FE0338B77558F8908
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:29.5%
            Dynamic/Decrypted Code Coverage:0%
            Signature Coverage:0%
            Total number of Nodes:6
            Total number of Limit Nodes:0
            execution_graph 547 5eb63d 550 5f5c72 547->550 549 5eb642 549->549 551 5f5c97 550->551 552 5f5ca4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 550->552 551->552 553 5f5c9b 551->553 552->553 553->549

            Callgraph

            • Executed
            • Not Executed
            • Opacity -> Relevance
            • Disassembly available
            callgraph 0 Function_005EAE5F 53 Function_005EAE23 0->53 1 Function_005F305D 1->1 2 Function_005F405B 17 Function_005F76FD 2->17 3 Function_005EEBD8 48 Function_005F482C 3->48 4 Function_005EAE59 35 Function_005EB188 4->35 5 Function_005F4BD7 5->3 34 Function_005F308A 5->34 6 Function_005F4DD5 7 Function_005F41D5 8 Function_005EB3D5 15 Function_005EB27F 8->15 9 Function_005EEA50 33 Function_005F4190 9->33 45 Function_005F54BC 9->45 47 Function_005EEA31 9->47 50 Function_005F48A5 9->50 10 Function_005F46CA 11 Function_005E8EC3 14 Function_005E8E7E 11->14 40 Function_005E8E3E 11->40 12 Function_005F26C1 20 Function_005EFFF4 12->20 13 Function_005EEBFE 13->3 24 Function_005EEBEB 13->24 29 Function_005EEB96 13->29 38 Function_005EA885 14->38 15->6 15->7 25 Function_005EB167 15->25 15->33 46 Function_005F46B8 15->46 49 Function_005EB3AA 15->49 16 Function_005EB17F 17->3 17->34 18 Function_005F4778 18->7 28 Function_005F481A 18->28 18->33 51 Function_005F4823 18->51 19 Function_005F2675 20->3 20->29 20->38 41 Function_005EA8BF 20->41 52 Function_005F40A3 20->52 21 Function_005F5C72 22 Function_005F49EE 23 Function_005F46EA 24->48 42 Function_005EB13C 25->42 26 Function_005F46E4 27 Function_005F471E 28->6 30 Function_005E8E14 31 Function_005F0494 32 Function_005EEA91 32->3 32->9 32->10 32->13 32->18 32->19 32->23 32->26 32->27 32->32 32->34 32->38 32->50 34->1 35->6 36 Function_005EB409 36->0 36->2 36->8 36->25 36->30 36->31 36->41 36->52 55 Function_005E8F21 36->55 37 Function_005F3E86 38->3 38->29 39 Function_005EBB3E 39->3 39->34 40->39 40->41 41->2 41->3 41->25 41->52 43 Function_005EAD3C 43->5 43->12 44 Function_005EB63D 44->21 45->48 47->22 47->48 48->18 48->19 48->23 48->38 49->6 50->36 50->48 51->6 53->4 53->7 53->16 53->33 53->43 54 Function_005EAD21 55->11

            Non-executed Functions

            Function 005EFFF4 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 114 5efff4-5efffd 115 5effff-5f0009 call 5ea8bf 114->115 116 5f000a-5f0010 114->116 118 5f001f-5f0020 116->118 119 5f0012-5f001d call 5ea885 116->119 122 5f0052-5f0055 118->122 127 5f006c-5f006e 119->127 123 5f0057-5f0063 call 5f40a3 call 5eebd8 122->123 124 5f0022-5f0024 122->124 141 5f0069 123->141 128 5f0027-5f003d HeapReAlloc 124->128 129 5f0026 124->129 131 5f003f-5f0045 128->131 132 5f009d-5f009f 128->132 129->128 135 5f0087-5f009b call 5eebd8 GetLastError call 5eeb96 131->135 136 5f0047-5f0050 call 5f40a3 131->136 134 5f006b 132->134 134->127 135->132 136->122 143 5f006f-5f0085 call 5eebd8 GetLastError call 5eeb96 136->143 141->134 143->141
            APIs
            • _malloc.LIBCMT ref: 005F0002
              • Part of subcall function 005EA8BF: __FF_MSGBANNER.LIBCMT ref: 005EA8D8
              • Part of subcall function 005EA8BF: RtlAllocateHeap.NTDLL(00000000,00000001,?,00000000,?,?,005EB446,?), ref: 005EA904
            • _free.LIBCMT ref: 005F0015
            Memory Dump Source
            • Source File: 00000001.00000002.2943358810.0000000000591000.00000020.00000001.01000000.00000004.sdmp, Offset: 00590000, based on PE: true
            • Associated: 00000001.00000002.2943331499.0000000000590000.00000002.00000001.01000000.00000004.sdmpDownload File
            • Associated: 00000001.00000002.2943435998.0000000000613000.00000002.00000001.01000000.00000004.sdmpDownload File
            • Associated: 00000001.00000002.2943481602.000000000063E000.00000004.00000001.01000000.00000004.sdmpDownload File
            • Associated: 00000001.00000002.2943517020.0000000000645000.00000002.00000001.01000000.00000004.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_1_2_590000_jre-8u201-windows-i586.jbxd
            Similarity
            • API ID: AllocateHeap_free_malloc
            • String ID:
            • API String ID: 1020059152-0
            • Opcode ID: c118ae87a66b5bfe5208855a73bde8c40a87398d9cfd770d61126fdf9cb3cbe7
            • Instruction ID: 95b4ed6547826bedaf0007ffcd8e805ffc720d17aff472ce6038b93ce792b4c8
            • Opcode Fuzzy Hash: c118ae87a66b5bfe5208855a73bde8c40a87398d9cfd770d61126fdf9cb3cbe7
            • Instruction Fuzzy Hash: 3211083240061AABCB352B31AC0D77A3F9DBFC1361BA85426FA4A96292DE3CC8404750