9ca9f83803ab008fbedc3ce11690190720d5d700f40129be6187aec13084419f

Analysis

max time kernel
119s
max time network
152s
platform
windows7_x64
resource
win7v20210408
submitted
25-06-2021 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_.exe
Size

2.0MB
MD5

9ca8a76d08dd6b3b6be67a170968fc23
SHA1

361552c19a71ffb6b467f29981984970435f2ac5
SHA256

ec17203876629f4b92a28863a91d09205cc8bc821dcd29b5e4bad35ca9d306af
SHA512

7522dbf7bccd9708660c6d5fdb36cfb0d06d3e846a2c65119623774163b16c203939d2820b345e259634c040a3b15974a3032f891933b52f5a62f97037df5a37

Score

8^/10

adware stealer upx

Malware Config

Signatures

Executes dropped EXE 13 IoCs

Processes:

_.exeLZMA_EXELZMA_EXEinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exe

pid	process
1248	_.exe
1612	LZMA_EXE
1756	LZMA_EXE
1612	installer.exe
692	bspatch.exe
640	unpack200.exe
1712	unpack200.exe
2000	unpack200.exe
1572	unpack200.exe
1724	unpack200.exe
1984	unpack200.exe
1880	unpack200.exe
1848	javaw.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe	upx

Loads dropped DLL 64 IoCs

Processes:

_.exe_.exeMsiExec.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exe

pid	process
1348	_.exe
1248	_.exe
1248	_.exe
1248	_.exe
1388	MsiExec.exe
1388	MsiExec.exe
1388	MsiExec.exe
1612	installer.exe
692	bspatch.exe
692	bspatch.exe
692	bspatch.exe
1612	installer.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
640	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
1712	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe
2000	unpack200.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exejavaw.exe

description	ioc	process
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\hijrah-config-umalqura.properties	installer.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259415201\javaws.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\deployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\jdk\jopt-simple.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\ext\nashorn.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\fonts\LucidaBrightDemiBold.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\client\classes.jsa	javaw.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\ktab.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\javafx\jpeg_fx.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\jdk\freebxml.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\THIRDPARTYLICENSEREADME.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-processenvironment-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\glass.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\glib-lite.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaw.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\i386\jvm.cfg	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\images\cursors\win32_LinkDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\images\cursors\win32_MoveDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\cmm\sRGB.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\images\cursors\win32_LinkNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-localization-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\jsdt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\prism_sw.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\servertool.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\jdk\relaxngdatatype.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\jfr\profile.jfc	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\management\jmxremote.password.template	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\fxplugins.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\java-rmi.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\ext\access-bridge-32.jar	installer.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259415201\java.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-string-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\instrument.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\deploy\messages_it.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\jce.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\security\blacklisted.certs	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\java.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\images\cursors\win32_CopyNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\security\policy\unlimited\local_policy.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-synch-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\kinit.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\ext\sunjce_provider.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\images\cursors\win32_MoveNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-memory-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\charsets.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\THIRDPARTYLICENSEREADME-JAVAFX.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\jpeg.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\vcruntime140.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\deploy\messages_zh_TW.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\security\javaws.policy	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\vcruntime140.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\jdk\relaxngcc.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-synch-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\deploy\messages_de.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\lib\management-agent.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-filesystem-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npdeployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaws.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\jdk\unicode.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\bin\zip.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_281\legal\javafx\icu_web.md	installer.exe

Drops file in Windows directory 9 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFDD3.tmp	msiexec.exe
File created	C:\Windows\Installer\f75ef24.msi	msiexec.exe
File created	C:\Windows\Installer\f75ef20.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f75ef20.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF50B.tmp	msiexec.exe
File created	C:\Windows\Installer\f75ef22.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFCD9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE22.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exe_.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3"	installer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0058-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0096-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0084-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_84"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_42"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0047-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_47"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0070-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_70"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0042-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0059-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_40"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_11"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0062-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0070-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_70"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_02"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0073-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0044-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_10"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_44"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_59"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0096-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_63"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0072-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBA}\InprocServer32	installer.exe

Modifies registry class 64 IoCs

Processes:

installer.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_14"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0058-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_58"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0085-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0095-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_56"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0089-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0096-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0050-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238120180F\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_48"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_63"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_10"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0069-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_13"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0051-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0069-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_69"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_281\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0078-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_78"	installer.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

_.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	_.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	_.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	_.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	_.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	_.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

_.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1248	_.exe
Token: SeIncreaseQuotaPrivilege	1248	_.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeSecurityPrivilege	452	msiexec.exe
Token: SeCreateTokenPrivilege	1248	_.exe
Token: SeAssignPrimaryTokenPrivilege	1248	_.exe
Token: SeLockMemoryPrivilege	1248	_.exe
Token: SeIncreaseQuotaPrivilege	1248	_.exe
Token: SeMachineAccountPrivilege	1248	_.exe
Token: SeTcbPrivilege	1248	_.exe
Token: SeSecurityPrivilege	1248	_.exe
Token: SeTakeOwnershipPrivilege	1248	_.exe
Token: SeLoadDriverPrivilege	1248	_.exe
Token: SeSystemProfilePrivilege	1248	_.exe
Token: SeSystemtimePrivilege	1248	_.exe
Token: SeProfSingleProcessPrivilege	1248	_.exe
Token: SeIncBasePriorityPrivilege	1248	_.exe
Token: SeCreatePagefilePrivilege	1248	_.exe
Token: SeCreatePermanentPrivilege	1248	_.exe
Token: SeBackupPrivilege	1248	_.exe
Token: SeRestorePrivilege	1248	_.exe
Token: SeShutdownPrivilege	1248	_.exe
Token: SeDebugPrivilege	1248	_.exe
Token: SeAuditPrivilege	1248	_.exe
Token: SeSystemEnvironmentPrivilege	1248	_.exe
Token: SeChangeNotifyPrivilege	1248	_.exe
Token: SeRemoteShutdownPrivilege	1248	_.exe
Token: SeUndockPrivilege	1248	_.exe
Token: SeSyncAgentPrivilege	1248	_.exe
Token: SeEnableDelegationPrivilege	1248	_.exe
Token: SeManageVolumePrivilege	1248	_.exe
Token: SeImpersonatePrivilege	1248	_.exe
Token: SeCreateGlobalPrivilege	1248	_.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe
Token: SeRestorePrivilege	452	msiexec.exe
Token: SeTakeOwnershipPrivilege	452	msiexec.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

_.exe

pid process

1248 _.exe
1248 _.exe
1248 _.exe
1248 _.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

_.exe_.exemsiexec.exeinstaller.exe

description	pid	process	target process
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1348 wrote to memory of 1248	1348	_.exe	_.exe
PID 1248 wrote to memory of 1612	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1612	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1612	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1612	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1756	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1756	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1756	1248	_.exe	LZMA_EXE
PID 1248 wrote to memory of 1756	1248	_.exe	LZMA_EXE
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1388	452	msiexec.exe	MsiExec.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 452 wrote to memory of 1612	452	msiexec.exe	installer.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 692	1612	installer.exe	bspatch.exe
PID 1612 wrote to memory of 640	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 640	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 640	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 640	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1712	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1712	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1712	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1712	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 2000	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 2000	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 2000	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 2000	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1572	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1572	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1572	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1572	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1724	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1724	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1724	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1724	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1984	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1984	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1984	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1984	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1880	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1880	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1880	1612	installer.exe	unpack200.exe
PID 1612 wrote to memory of 1880	1612	installer.exe	unpack200.exe

C:\Users\Admin\AppData\Local\Temp\_.exe
"C:\Users\Admin\AppData\Local\Temp\_.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1348

C:\Users\Admin\AppData\Local\Temp\jds259299713.tmp\_.exe
"C:\Users\Admin\AppData\Local\Temp\jds259299713.tmp\_.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\msi.tmp"
3⤵
- Executes dropped EXE
PID:1612

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\jre1.8.0_281full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\msi.tmp"
3⤵
- Executes dropped EXE
PID:1756

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:452

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1C57CE15B6E9DC8112200EC717D4B624
2⤵
- Loads dropped DLL
PID:1388

C:\Program Files (x86)\Java\jre1.8.0_281\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_281\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180281F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1612

C:\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:692

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:640

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1712

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2000

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/rt.jar"
3⤵
- Executes dropped EXE
PID:1572

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/jsse.jar"
3⤵
- Executes dropped EXE
PID:1724

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/charsets.jar"
3⤵
- Executes dropped EXE
PID:1984

C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_281\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_281\lib/ext/localedata.jar"
3⤵
- Executes dropped EXE
PID:1880

C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1848

C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssvagent.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssvagent.exe" -doHKCUSSVSetup
3⤵
PID:912

C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
PID:1124

C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_281" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzI4MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8yODFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzI4MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:880

C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
PID:956

C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_281" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzI4MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8yODFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzI4MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjgxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_281\bin\VCRUNTIME140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-file-l1-2-0.dll
MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-file-l2-1-0.dll
MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-localization-l1-2-0.dll
MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-processthreads-l1-1-1.dll
MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-synch-l1-2-0.dll
MD5
eb6f7af7eed6aa9ab03495b62fd3563f

SHA1
5a60eebe67ed90f3171970f8339e1404ca1bb311

SHA256
148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02

SHA512
a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-timezone-l1-1-0.dll
MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-heap-l1-1-0.dll
MD5
a6a9dfb31be2510f6dbfedd476c6d15a

SHA1
cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

SHA256
150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

SHA512
b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-runtime-l1-1-0.dll
MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-stdio-l1-1-0.dll
MD5
5765103e1f5412c43295bd752ccaea03

SHA1
6913bf1624599e55680a0292e22c89cab559db81

SHA256
8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

SHA512
5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-string-l1-1-0.dll
MD5
f364190706414020c02cf4d531e0229d

SHA1
5899230b0d7ad96121c3be0df99235ddd8a47dc6

SHA256
a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2

SHA512
a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\ucrtbase.DLL
MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
MD5
f202df73ab8b2755092b1fedf2a53a75

SHA1
083905061e1110db2b332e3da1f3375ea6cd836b

SHA256
b99ae66fc02058cdbd2b3fc1fdb3dde2dee54bc205393a3fa90f4ab4a74aec69

SHA512
36ea65d5430d047a8f85f8849f1bd7a1f645ea3c30d024575a48a935cd51226729124f5e664bd40d19a7d423c7d31a1cf1bb1e0a4664e09db97aefbb3aad6642

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_281\installer.exe
MD5
4b6f28c50890eab375d080bd7162ab5a

SHA1
281cd76bbe9ec0ee92487b887f87f8484403e2a8

SHA256
fd2421a2c358d71b4f65703946b3e4d891e2f0e3ce537f46ab126ccf1787ac2c

SHA512
e9c51be54abac73d6fe211bd15c12f85d4db73fb15bd9f6cc97b4a1673b5e734872a25b170894484b69ea6a7d214fab0bf0973ee43ec565a28ea1b35a71262a2

Download Submit
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\baseimagefam8
MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\diff
MD5
d76b2f48e458e79bb06c62d489accfa3

SHA1
0735d72cdd515c6e314a5099ed30781d6f905cac

SHA256
b5f4746327ea23da22a605115a368ff990dea29e2c04148651f3d652602e5371

SHA512
7db8b00150336bd9bce644b59f21c8dac744849a43c6f32ec325d65ac33a383795b7c2b37a85525c8946d32b944ae08793444c44fa9e663feb596912fedfc5b1

Download Submit
C:\ProgramData\Oracle\Java\installcache\259393096.tmp\newimage
MD5
34788a65da0ef44c4841a6a6494a27a3

SHA1
59fa3f49a312ec91a695ad4043de58f4d78c9cae

SHA256
19a0d926fc6743f62c7137aea8a90cfeeae52f48c2c558f6ba82d78f5a969af6

SHA512
b498068173bf2f34942790d1f11e200553f48a8e11cce9ade7578e113b88dafbe0539c833c5face89426a62eb4f2af493d9dfbe7b3e52aa40f330a29fe915c3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
e690c5bad28e2a3b5562551d7cecaf05

SHA1
b7e5d62cf8e2a1f73c11baa83618c8218e7a7517

SHA256
b3efcea82573a42c3625c512c9cf13fa08b421f5b03daa9fc4d919186c4a7552

SHA512
b4f79743a3d23edc0b94aae76d28a7a3ba4aa825c287cdc4ccd6d1b67cfe6259fd1636d16bd607a292ef52c238c8c8a5622a3a90a059b2e19e33d1f5c3429dce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_2A1F4CCD74E7AC1EAF9433BC50ADF937
MD5
43f2192cad7b988c7dd1033ca03923c9

SHA1
c67cb5ebf94422dbf38db03d0a6f6284177423dd

SHA256
90f1ec8091747d2b579d9b835fffe392df8cf0308ed76e690950fde1d005b312

SHA512
99bf973217fa330558bd8481e77b71f9e17012f8539406f97e1e2e263eaf3f2d829c5fa680a6ac8f1ef07dfa59b221628a4ec492afeea33ef5c52c3d94def246

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
ff9fde2db64f5a86758e10d2b98f1fb1

SHA1
34360f189287ba89fc53bb2d54b10c258416b200

SHA256
10e372a975fd94203669ca18e2119d5567a73ec97e1fbe9f6e8aac0db285a81b

SHA512
96b6cd6cd7162a4ca4af3299ae9005800d332af613e3478d07aa5611f387d3fdcbc3b7ec7e14dd20980cb050555215290ab5c6e5a09f677b5a5c8be3edaaee4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_2A1F4CCD74E7AC1EAF9433BC50ADF937
MD5
fceb0a35d974f259fc320e3ef0aa1309

SHA1
a242073c47adfe94aa3807101fe0e6f445661f09

SHA256
c9b983b36534096a87d45d165e7030cb1dcfa5d900066fa5f994a762ac32605d

SHA512
970a47e83117c0e7c7b46e9ac28dfcc2bf8a4789f41a3967df4207a24fa2247d282a322271ab4a741aca5e081e4fa3e87e49e8efcccab4f10aca99fee9aa75bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
3258f30f69d7ba0469cec34f99678386

SHA1
5fd0508dd2c5ff17b09db738786ce29f0ab69362

SHA256
218ccc3e9f86a198030226c8fffa2b60b22b7441e5238459f37eabeb6952d7a5

SHA512
40f60d88f33587ace29e0a0b31d870c2d6c95ffef030fd17548b3641fc6504f67795a27326be9994d609c095a6cac4f18f8d0d5b41b231d502328d73195311d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
16d2ad1a3d21bbbbac13f0560dcf25d5

SHA1
c624ebfca951ee0c3f7b711adcf7dae6a66cc16e

SHA256
3c3821601b5b8d8edf6825167b2a2a00b032abd94beebec7a7dc0e27eacec32f

SHA512
a8f002620ee0cf76933cb5e630b483c44118d954c91bcde0c0dff426456a1edf20d1241b904891574d7f04f2801f1cfd1c64c331f245cd3bb3536af99c89d54b

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\au.msi
MD5
88435c6298eff7ecf4fda8414d4b5c8c

SHA1
66d51843316a86d70b1b7799a6d74d492e413c64

SHA256
18ee9710217a0a341ef0b82324274a3a4ada6745934834e022ae12d19fb04981

SHA512
d46b1ad30244e0770fd040b7a9271846482c03a054ff727ccd840b0312650652a6c589c6ebca380f96fcf06fbc560d4d99a8f34c903108d1c94e93636ff0910b

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\jre1.8.0_281full.msi
MD5
cd6bbef4f6df0d6a0c9193a67f27b222

SHA1
e2fcc99c1fcc4203d1481620099f2dd156f5afaf

SHA256
ba28b247930d19fb8ad6553fb4a154cd8a40046507850c1f4af887223a5bedfc

SHA512
8ed7a70dfd9299e2ae105756186caf87fbbf11ecf57d0a2b22d49a8a28e9ecdf05cfce3654048548827497c6f5969729e1baaf98e8010773a97323c9274b64f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\msi.tmp
MD5
27163914d6a8e50c1aef46ee46c093a7

SHA1
d9880a1a2475c7359e0c5254f6f51b2f8cf9b289

SHA256
463fc2144ed4107e1462e2360e2baebfcde064dd8698375f015471abc20c2c5b

SHA512
70c25abf89442765c42ccfee99cd8396d8d06d8f984aac5c91dfa96ef8ba9f2c8cba7cb9d5062e5e9036e3dd09d83f5ac56c687549d203465c020e997d1d48b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\msi.tmp
MD5
c0e6d8887ccdf3376fcd87f20009b043

SHA1
2248952e0148d92eec7d03a832d269062e152a68

SHA256
001805d209448562eb98b92cb74933aa0b713f81437863591826b1ccea5350ab

SHA512
a40b82fa20115b4ffdcbf9e7f3abde074c33d9461c4db21dd483e61ef189c6d90bb3ae8187b3742181d8beb619f413e9e816fd81d15a4109858383cbbff8fbc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259299713.tmp\_.exe
MD5
138dc2a47fb16fbc46c9ea6de48e62c5

SHA1
86411ddf411b01fbbc42e6ca274dfe29adb8affb

SHA256
2fe4f92aeb41f28989d9cf48829e19482cac6764d5b4143555779f60b7c5a277

SHA512
ee0ae781540d3a2ac517d7632f56b159e2f922db7a4972d949205b2e733bae287dab970c8bb4c0d8f725819442850a9ff92dbc826afef0de47b06c8148195632

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259299713.tmp\_.exe
MD5
138dc2a47fb16fbc46c9ea6de48e62c5

SHA1
86411ddf411b01fbbc42e6ca274dfe29adb8affb

SHA256
2fe4f92aeb41f28989d9cf48829e19482cac6764d5b4143555779f60b7c5a277

SHA512
ee0ae781540d3a2ac517d7632f56b159e2f922db7a4972d949205b2e733bae287dab970c8bb4c0d8f725819442850a9ff92dbc826afef0de47b06c8148195632

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
32b73113e3d0a95625c5c770da05c9ee

SHA1
5178b6f3790cb001c50cfdcf15c79d9b1256bf02

SHA256
ad81be9baf98432a8dcfe9be4a6af8c58311203315082df140afa6e056bada04

SHA512
599e716002a44ec38cef0b2b23b5c9094937faf77900bc9851a50fbbef7ba7355ffc8e4f34710e44b42477af56c474d7cacd28da99eb002b3dd6e3984d856de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
0d267cedb8e451455eabf4aabc471ff6

SHA1
2e4bfe48bb7ebe8446828804d2e4fe0695063e4d

SHA256
0576a55044f93aec892eb4ad9ba62f004de5acf884cf01d8aa7331a3db8805a0

SHA512
438bc1099dce0ab2dbff26a10f784be72734d8f1000ef2ab12c8a592a7964aef9a69f872702729e6827755987afcb8eed5def14d7b4b22c59b7f525ee5981ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
ba0f6482ddab9e7cf039734d5ab41358

SHA1
4f7ca9eccad05bffc8d42ff52f02335914b2ab6a

SHA256
509f79f84ebc895e5235b3da41b982bc2c3dbfb913476b57688eb559a52f6694

SHA512
2ecd461bf088accd43dd145c92dc8cea63b0385b713b935b80b47c9905ec48cda61c913c8d8f8c99ddfb097291cb044d0d4c83ada1d2c5a3b74f5ae708e44e1f

Download Submit
C:\Windows\Installer\MSIF50B.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
C:\Windows\Installer\MSIFCD9.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
C:\Windows\Installer\MSIFE22.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
C:\Windows\Installer\f75ef24.msi
MD5
c0e6d8887ccdf3376fcd87f20009b043

SHA1
2248952e0148d92eec7d03a832d269062e152a68

SHA256
001805d209448562eb98b92cb74933aa0b713f81437863591826b1ccea5350ab

SHA512
a40b82fa20115b4ffdcbf9e7f3abde074c33d9461c4db21dd483e61ef189c6d90bb3ae8187b3742181d8beb619f413e9e816fd81d15a4109858383cbbff8fbc2

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-file-l1-2-0.dll
MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-file-l2-1-0.dll
MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-localization-l1-2-0.dll
MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-processthreads-l1-1-1.dll
MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-synch-l1-2-0.dll
MD5
eb6f7af7eed6aa9ab03495b62fd3563f

SHA1
5a60eebe67ed90f3171970f8339e1404ca1bb311

SHA256
148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02

SHA512
a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-core-timezone-l1-1-0.dll
MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-heap-l1-1-0.dll
MD5
a6a9dfb31be2510f6dbfedd476c6d15a

SHA1
cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

SHA256
150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

SHA512
b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-runtime-l1-1-0.dll
MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\api-ms-win-crt-string-l1-1-0.dll
MD5
f364190706414020c02cf4d531e0229d

SHA1
5899230b0d7ad96121c3be0df99235ddd8a47dc6

SHA256
a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2

SHA512
a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\ucrtbase.dll
MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\unpack200.exe
MD5
f202df73ab8b2755092b1fedf2a53a75

SHA1
083905061e1110db2b332e3da1f3375ea6cd836b

SHA256
b99ae66fc02058cdbd2b3fc1fdb3dde2dee54bc205393a3fa90f4ab4a74aec69

SHA512
36ea65d5430d047a8f85f8849f1bd7a1f645ea3c30d024575a48a935cd51226729124f5e664bd40d19a7d423c7d31a1cf1bb1e0a4664e09db97aefbb3aad6642

Download Submit
\Program Files (x86)\Java\jre1.8.0_281\bin\vcruntime140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259393096.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_281\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\Local\Temp\jds259299713.tmp\_.exe
MD5
138dc2a47fb16fbc46c9ea6de48e62c5

SHA1
86411ddf411b01fbbc42e6ca274dfe29adb8affb

SHA256
2fe4f92aeb41f28989d9cf48829e19482cac6764d5b4143555779f60b7c5a277

SHA512
ee0ae781540d3a2ac517d7632f56b159e2f922db7a4972d949205b2e733bae287dab970c8bb4c0d8f725819442850a9ff92dbc826afef0de47b06c8148195632

Download Submit
\Windows\Installer\MSIF50B.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
\Windows\Installer\MSIFCD9.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
\Windows\Installer\MSIFE22.tmp
MD5
48ba53112ed2c351e062499995891806

SHA1
f33cadaea1dfe2f488b3d936e1f12e9fe8ab6406

SHA256
21cd63d63d3af5da2c84f9368129cc760cded245d3365a075975890c3c775fc8

SHA512
35e692ea7daae171e35319dc670792110bbc0d618e38e967be8c40588bccdcc49c6398f4b309001a1972f0619af5e12b39a5f736598b29198f651b23125666e6

Download Submit
memory/452-77-0x000007FEFC4A1000-0x000007FEFC4A3000-memory.dmp

Filesize
8KB

Download
memory/640-111-0x0000000000000000-mapping.dmp

Download
memory/692-100-0x0000000000000000-mapping.dmp

Download
memory/880-179-0x00000000027F0000-0x00000000027F8000-memory.dmp

Filesize
32KB

Download
memory/880-165-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-159-0x0000000002720000-0x0000000002728000-memory.dmp

Filesize
32KB

Download
memory/880-163-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-157-0x0000000002718000-0x0000000002720000-memory.dmp

Filesize
32KB

Download
memory/880-178-0x00000000027E8000-0x00000000027F0000-memory.dmp

Filesize
32KB

Download
memory/880-174-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-167-0x00000000027B0000-0x00000000027B8000-memory.dmp

Filesize
32KB

Download
memory/880-168-0x00000000027B8000-0x00000000027C0000-memory.dmp

Filesize
32KB

Download
memory/880-169-0x00000000027C0000-0x00000000027C8000-memory.dmp

Filesize
32KB

Download
memory/880-173-0x00000000027E0000-0x00000000027E8000-memory.dmp

Filesize
32KB

Download
memory/880-170-0x00000000027C8000-0x00000000027D0000-memory.dmp

Filesize
32KB

Download
memory/880-171-0x00000000027D0000-0x00000000027D8000-memory.dmp

Filesize
32KB

Download
memory/880-172-0x00000000027D8000-0x00000000027E0000-memory.dmp

Filesize
32KB

Download
memory/880-166-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-162-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-147-0x0000000000000000-mapping.dmp

Download
memory/880-150-0x0000000002790000-0x0000000002798000-memory.dmp

Filesize
32KB

Download
memory/880-149-0x00000000026E0000-0x0000000002708000-memory.dmp

Filesize
160KB

Download
memory/880-152-0x0000000002728000-0x0000000002730000-memory.dmp

Filesize
32KB

Download
memory/880-151-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/880-153-0x0000000002798000-0x00000000027A0000-memory.dmp

Filesize
32KB

Download
memory/880-154-0x0000000002730000-0x0000000002738000-memory.dmp

Filesize
32KB

Download
memory/880-155-0x00000000027A0000-0x00000000027A8000-memory.dmp

Filesize
32KB

Download
memory/880-156-0x00000000027A8000-0x00000000027B0000-memory.dmp

Filesize
32KB

Download
memory/880-158-0x0000000002780000-0x0000000002788000-memory.dmp

Filesize
32KB

Download
memory/880-160-0x0000000002778000-0x0000000002780000-memory.dmp

Filesize
32KB

Download
memory/880-161-0x0000000002788000-0x0000000002790000-memory.dmp

Filesize
32KB

Download
memory/880-164-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/956-180-0x0000000000000000-mapping.dmp

Download
memory/1124-145-0x0000000000000000-mapping.dmp

Download
memory/1248-61-0x0000000000000000-mapping.dmp

Download
memory/1248-63-0x00000000762C1000-0x00000000762C3000-memory.dmp

Filesize
8KB

Download
memory/1388-85-0x0000000000000000-mapping.dmp

Download
memory/1572-138-0x0000000000000000-mapping.dmp

Download
memory/1612-94-0x0000000000000000-mapping.dmp

Download
memory/1612-68-0x0000000000000000-mapping.dmp

Download
memory/1712-136-0x0000000000000000-mapping.dmp

Download
memory/1724-139-0x0000000000000000-mapping.dmp

Download
memory/1756-73-0x0000000000000000-mapping.dmp

Download
memory/1848-144-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1848-142-0x0000000000000000-mapping.dmp

Download
memory/1848-143-0x0000000001FE0000-0x0000000002008000-memory.dmp

Filesize
160KB

Download
memory/1880-141-0x0000000000000000-mapping.dmp

Download
memory/1916-189-0x0000000002668000-0x0000000002670000-memory.dmp

Filesize
32KB

Download
memory/1916-188-0x0000000002660000-0x0000000002668000-memory.dmp

Filesize
32KB

Download
memory/1916-182-0x0000000000000000-mapping.dmp

Download
memory/1916-184-0x00000000025B0000-0x00000000025D8000-memory.dmp

Filesize
160KB

Download
memory/1916-185-0x00000000025F8000-0x0000000002600000-memory.dmp

Filesize
32KB

Download
memory/1916-186-0x00000000025E8000-0x00000000025F0000-memory.dmp

Filesize
32KB

Download
memory/1916-187-0x0000000002658000-0x0000000002660000-memory.dmp

Filesize
32KB

Download
memory/1916-196-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1916-195-0x0000000002648000-0x0000000002650000-memory.dmp

Filesize
32KB

Download
memory/1916-190-0x0000000002650000-0x0000000002658000-memory.dmp

Filesize
32KB

Download
memory/1916-191-0x0000000002600000-0x0000000002608000-memory.dmp

Filesize
32KB

Download
memory/1916-192-0x0000000002670000-0x0000000002678000-memory.dmp

Filesize
32KB

Download
memory/1916-193-0x0000000002678000-0x0000000002680000-memory.dmp

Filesize
32KB

Download
memory/1916-194-0x00000000025F0000-0x00000000025F8000-memory.dmp

Filesize
32KB

Download
memory/1984-140-0x0000000000000000-mapping.dmp

Download
memory/2000-137-0x0000000000000000-mapping.dmp

Download