e4f74dc6136f4d286f22846de7a501b27e15c15fbba9abe9263e42ac4bafa14d

Analysis

max time kernel
106s
max time network
111s
platform
windows7_x64
resource
win7v20210408
submitted
16-08-2021 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Jonic free .exe
Size

7.8MB
MD5

4fd63e0d9cea42ab1b05a711e378c110
SHA1

b768f2b73693c53142b2d98ca2d7ced5ed33c0aa
SHA256

e4f74dc6136f4d286f22846de7a501b27e15c15fbba9abe9263e42ac4bafa14d
SHA512

557b8f4c17b75e1c9b607e3895264b257639ff39dbd3c235428aa4bd9f0c0a405f61b3824cd3bbccc51e03399b854e1f4e3f4ddbfd7b35317b844c67662e9fb3

Score

10^/10

adware persistence stealer upx

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

83 1896 msiexec.exe
Downloads MZ/PE file

flow	pid	process
83	1896	msiexec.exe

Executes dropped EXE 19 IoCs

Processes:

JavaSetup8u301.exeJavaSetup8u301.exeLZMA_EXELZMA_EXEinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exessvagent.exejavaws.exejp2launcher.exejavaws.exejp2launcher.exe

pid	process
552	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
868	LZMA_EXE
344	LZMA_EXE
1792	installer.exe
1892	bspatch.exe
2104	unpack200.exe
2204	unpack200.exe
2228	unpack200.exe
2252	unpack200.exe
2276	unpack200.exe
2300	unpack200.exe
2324	unpack200.exe
2348	javaw.exe
2412	ssvagent.exe
2428	javaws.exe
2448	jp2launcher.exe
2476	javaws.exe
2496	jp2launcher.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe	upx

Loads dropped DLL 64 IoCs

Processes:

JavaSetup8u301.exeJavaSetup8u301.exeMsiExec.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exe

pid	process
552	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
572	MsiExec.exe
572	MsiExec.exe
572	MsiExec.exe
1792	installer.exe
1892	bspatch.exe
1892	bspatch.exe
1892	bspatch.exe
1792	installer.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2104	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2204	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe
2228	unpack200.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	msiexec.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exemsiexec.exeunpack200.exe

description	ioc	process
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-sysinfo-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\awt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\jdk\jopt-simple.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\cmm\GRAY.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\deploy\messages_es.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-console-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\hijrah-config-umalqura.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-synch-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-crt-environment-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npdeployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\fxplugins.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\jawt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\jdk\joni.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\content-types.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\rt.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\j2pkcs11.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\vcruntime140.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\javafx\directshow.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-file-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\jdwp.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\sunec.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\ext\sunjce_provider.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\images\cursors\win32_MoveDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\jvm.hprof.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-datetime-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\glib-lite.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\javafx\public_suffix.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\deploy\splash.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\ext\sunec.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\images\cursors\win32_CopyDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-string-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssvagent.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\zip.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\cmm\PYCC.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\images\cursors\win32_LinkNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\deploy.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-crt-conio-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\ktab.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\rmid.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\jdk\cryptix.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\ext\sunpkcs11.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\installer.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-heap-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\JAWTAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll	installer.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\management-agent.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-crt-multibyte-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\jfr.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\sunmscapi.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\legal\jdk\santuario.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\accessibility.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\cmm\LINEAR_RGB.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\ext\access-bridge-32.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\sound.properties	installer.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\dt_socket.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\plugin.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\jsse.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-processthreads-l1-1-1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\deploy\messages_zh_HK.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\ext\jaccess.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_301\lib\management\jmxremote.password.template	installer.exe

Drops file in Windows directory 19 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\f7505d2.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC1D5.tmp	msiexec.exe
File created	C:\Windows\Installer\f7505d4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI14CB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9AEF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7505d0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1605.tmp	msiexec.exe
File created	C:\Windows\Installer\f7505cf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7505cd.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7505d2.ipi	msiexec.exe
File created	C:\Windows\Installer\f7505cb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC14.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\f7505d0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA618.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBF34.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7505cb.msi	msiexec.exe
File created	C:\Windows\Installer\f7505cd.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI15A7.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 88caf00dbc92d701	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeinstaller.exeIEXPLORE.EXEJavaSetup8u301.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "229"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "276"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "333"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "122"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "333"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41AD57B1-FEAF-11EB-B1F7-4A6006E5B116} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ef2b1bbc92d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "209"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "333"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "276"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	JavaSetup8u301.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "335896399"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "42"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\ = "276"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000826a75f5ed76104998f039f3e0917673000000000200000000001066000000010000200000004406a49c52afeaf61d50b7603fd48379c10e052d36d87fd6d2886353cf88ed48000000000e80000000020000200000008f3dc416bdd9001488c4515fa0f31f4c8f8d243ad3660e9a2976361593e0ba55000100002f52a8da2c79b3adf542a1c9993917d8fdcbac193ece50e85d764a1922e636d8623aead6e64194912f6598ab1a80cd263d7d316dd127abac79d1cbef80b721c02bd9f80121da081731d730c05500bbed20e657d897864813c715c6130090f214f0245f4b667b87dbe594eb1d31b7c1c6798b56c593d68b0c8675d7706ecf9735992ffa25fc042de96e50e86633a650ac102b5adc5c8e336ba2f5229e6c366d7e8c2fdd9c23c2b44ad5f46d12a3bc219efaff6bba97ea781cc538b8aa7e41e0abce721a93f4022e13fdcbd693b0c1e37e0c60ed2029ce703ce7d74440797c3742c7055348f4ef7591e9e27d10886dbde43990d27ece5ce8f368e1d73dbd5ff9f440000000c7d80af2495d38f712c1dde710de7fcc0683631231ee8b3659678729bcecfd06ac6ef7321dfed66bb1e3eb3b9b25bc9ba1eb3a7c8905ed6c7e9309fd28308e8f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224"	IEXPLORE.EXE

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_200"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0203-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0221-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_83"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_50"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_95"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0192-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0140-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0197-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_242"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0201-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0257-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_138"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0251-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0082-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0098-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0215-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_215"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0273-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0191-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_294"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0219-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0062-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_91"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0277-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0195-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0053-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0050-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0211-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0163-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0194-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0253-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0189-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0268-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_167"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0139-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0269-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0095-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_53"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_35"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_41"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0188-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_188"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0259-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0056-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_56"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0158-ABCDEFFEDCBA}\InprocServer32	installer.exe

Modifies registry class 64 IoCs

Processes:

ssvagent.exeinstaller.exe

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\JavaPlugin.113012	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\ProgID	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0092-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0227-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_87"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0275-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_275"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0122-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_122"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_10"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0119-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0083-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0186-ABCDEFFEDCBB}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBA}	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0108-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0158-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_19"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_85"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_49"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0248-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0124-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0112-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0173-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_173"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0135-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0194-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_194"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0120-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0152-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_301\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0244-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0128-ABCDEFFEDCBA}	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_02"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0166-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_166"	installer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

javaws.exejp2launcher.exejavaws.exejp2launcher.exemsiexec.exe

pid process

2428 javaws.exe
2448 jp2launcher.exe
2476 javaws.exe
2496 jp2launcher.exe
1896 msiexec.exe
1896 msiexec.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

IEXPLORE.EXEJavaSetup8u301.exe

pid process

1852 IEXPLORE.EXE
1360 JavaSetup8u301.exe

pid	process
2428	javaws.exe
2448	jp2launcher.exe
2476	javaws.exe
2496	jp2launcher.exe
1896	msiexec.exe
1896	msiexec.exe

pid	process
1852	IEXPLORE.EXE
1360	JavaSetup8u301.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

JavaSetup8u301.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1360	JavaSetup8u301.exe
Token: SeIncreaseQuotaPrivilege	1360	JavaSetup8u301.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeSecurityPrivilege	1896	msiexec.exe
Token: SeCreateTokenPrivilege	1360	JavaSetup8u301.exe
Token: SeAssignPrimaryTokenPrivilege	1360	JavaSetup8u301.exe
Token: SeLockMemoryPrivilege	1360	JavaSetup8u301.exe
Token: SeIncreaseQuotaPrivilege	1360	JavaSetup8u301.exe
Token: SeMachineAccountPrivilege	1360	JavaSetup8u301.exe
Token: SeTcbPrivilege	1360	JavaSetup8u301.exe
Token: SeSecurityPrivilege	1360	JavaSetup8u301.exe
Token: SeTakeOwnershipPrivilege	1360	JavaSetup8u301.exe
Token: SeLoadDriverPrivilege	1360	JavaSetup8u301.exe
Token: SeSystemProfilePrivilege	1360	JavaSetup8u301.exe
Token: SeSystemtimePrivilege	1360	JavaSetup8u301.exe
Token: SeProfSingleProcessPrivilege	1360	JavaSetup8u301.exe
Token: SeIncBasePriorityPrivilege	1360	JavaSetup8u301.exe
Token: SeCreatePagefilePrivilege	1360	JavaSetup8u301.exe
Token: SeCreatePermanentPrivilege	1360	JavaSetup8u301.exe
Token: SeBackupPrivilege	1360	JavaSetup8u301.exe
Token: SeRestorePrivilege	1360	JavaSetup8u301.exe
Token: SeShutdownPrivilege	1360	JavaSetup8u301.exe
Token: SeDebugPrivilege	1360	JavaSetup8u301.exe
Token: SeAuditPrivilege	1360	JavaSetup8u301.exe
Token: SeSystemEnvironmentPrivilege	1360	JavaSetup8u301.exe
Token: SeChangeNotifyPrivilege	1360	JavaSetup8u301.exe
Token: SeRemoteShutdownPrivilege	1360	JavaSetup8u301.exe
Token: SeUndockPrivilege	1360	JavaSetup8u301.exe
Token: SeSyncAgentPrivilege	1360	JavaSetup8u301.exe
Token: SeEnableDelegationPrivilege	1360	JavaSetup8u301.exe
Token: SeManageVolumePrivilege	1360	JavaSetup8u301.exe
Token: SeImpersonatePrivilege	1360	JavaSetup8u301.exe
Token: SeCreateGlobalPrivilege	1360	JavaSetup8u301.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe
Token: SeRestorePrivilege	1896	msiexec.exe
Token: SeTakeOwnershipPrivilege	1896	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

1288 iexplore.exe
1288 iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEJavaSetup8u301.exe

pid	process
1288	iexplore.exe
1288	iexplore.exe
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
1852	IEXPLORE.EXE
1360	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
1360	JavaSetup8u301.exe
1360	JavaSetup8u301.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Jonic free .exeiexplore.exeJavaSetup8u301.exeJavaSetup8u301.exemsiexec.exeinstaller.exe

description	pid	process	target process
PID 1796 wrote to memory of 1288	1796	Jonic free .exe	iexplore.exe
PID 1796 wrote to memory of 1288	1796	Jonic free .exe	iexplore.exe
PID 1796 wrote to memory of 1288	1796	Jonic free .exe	iexplore.exe
PID 1796 wrote to memory of 1288	1796	Jonic free .exe	iexplore.exe
PID 1288 wrote to memory of 1852	1288	iexplore.exe	IEXPLORE.EXE
PID 1288 wrote to memory of 1852	1288	iexplore.exe	IEXPLORE.EXE
PID 1288 wrote to memory of 1852	1288	iexplore.exe	IEXPLORE.EXE
PID 1288 wrote to memory of 1852	1288	iexplore.exe	IEXPLORE.EXE
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 1288 wrote to memory of 552	1288	iexplore.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 552 wrote to memory of 1360	552	JavaSetup8u301.exe	JavaSetup8u301.exe
PID 1360 wrote to memory of 868	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 868	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 868	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 868	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 344	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 344	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 344	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1360 wrote to memory of 344	1360	JavaSetup8u301.exe	LZMA_EXE
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 572	1896	msiexec.exe	MsiExec.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1896 wrote to memory of 1792	1896	msiexec.exe	installer.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 1892	1792	installer.exe	bspatch.exe
PID 1792 wrote to memory of 2104	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2104	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2104	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2104	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2204	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2204	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2204	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2204	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2228	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2228	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2228	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2228	1792	installer.exe	unpack200.exe
PID 1792 wrote to memory of 2252	1792	installer.exe	unpack200.exe

C:\Users\Admin\AppData\Local\Temp\Jonic free .exe
"C:\Users\Admin\AppData\Local\Temp\Jonic free .exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1796

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1288

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1Y3K90W\JavaSetup8u301.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1Y3K90W\JavaSetup8u301.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:552

C:\Users\Admin\AppData\Local\Temp\jds259305688.tmp\JavaSetup8u301.exe
"C:\Users\Admin\AppData\Local\Temp\jds259305688.tmp\JavaSetup8u301.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\msi.tmp"
5⤵
- Executes dropped EXE
PID:868

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\jre1.8.0_301full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\msi.tmp"
5⤵
- Executes dropped EXE
PID:344

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A5439105292AC1F3AAB94D2776158117
2⤵
- Loads dropped DLL
PID:572

C:\Program Files (x86)\Java\jre1.8.0_301\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_301\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180301F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1792

C:\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1892

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2104

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2204

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2228

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/rt.jar"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2252

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/jsse.jar"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2276

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/charsets.jar"
3⤵
- Executes dropped EXE
PID:2300

C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_301\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_301\lib/ext/localedata.jar"
3⤵
- Executes dropped EXE
PID:2324

C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
3⤵
- Executes dropped EXE
PID:2348

C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssvagent.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssvagent.exe" -doHKCUSSVSetup
3⤵
- Executes dropped EXE
- Modifies registry class
PID:2412

C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2428

C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_301" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzMwMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zMDFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzMwMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2448

C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2476

C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_301" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzMwMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zMDFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzMwMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzAxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2496

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 71C2DCD789C79FC433C324C1F127DBB1 M Global\MSI0000
2⤵
PID:2528

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DC006B71F88E58F599E9B6511C9CD0DB
2⤵
PID:2596

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADE981121B5F5EF5A3E1A354DDDED0B4 M Global\MSI0000
2⤵
PID:2644

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_301\bin\VCRUNTIME140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-file-l1-2-0.dll
MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-file-l2-1-0.dll
MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-localization-l1-2-0.dll
MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-processthreads-l1-1-1.dll
MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-timezone-l1-1-0.dll
MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-crt-runtime-l1-1-0.dll
MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\ucrtbase.DLL
MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
MD5
e7b61826c1ff5051252c2d29fbd6d91e

SHA1
306ed9ffb342ff103fa8555b0ca72d99e224b043

SHA256
0a5805ff9744287c14af520d95055d49443a784137e670cff18ec5adcce50479

SHA512
715a63e18010e8a82422219c34d181afdc595dc4171bdcbab216dcab0ead96b6fcd624c7bd5f1ec8567f83126a2f3726b33bb797215ce7ddd279292c80a508fe

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_301\installer.exe
MD5
079096c1794e02f8f402d95180772b3e

SHA1
9037e3def77d1575bd2f4acbf4430891a746dab6

SHA256
61abd73be455800a55383fda9ae45f968d928c252c1dcab5b82b4e5e9410cd13

SHA512
df45af7184d82de7cbc1852b8891f580b66808e40c2c115697425bd74e3a21c7c9253e5c4913021508a2d42cb776b01c1467216b594f475b507290564ff5e68d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\baseimagefam8
MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\diff
MD5
b06cd9368464a0aadf979d496718ae7d

SHA1
599b2e46e23d6532fae603c9a1c7b4a150dc16d8

SHA256
3c83b27ca53e4b8a9c98d8c178366fbfe334aa2d4e257bd69c8da24241a0d426

SHA512
6dbf0e3642d07981ae400b86de465a50b255d055eb03de978ac5fab33ab407e181df2aec8959732fd2406ca2266b8b7663c74425e48bfbe1370abf07202bca00

Download Submit
C:\ProgramData\Oracle\Java\installcache\259334190.tmp\newimage
MD5
567d00a1d7aff1b5780590e0853cb4c4

SHA1
1f0a055cdb7802a089104562c839d1235fcb6a32

SHA256
853c92771dc09c229c433040a329cbacc78a477fa661775fc3b0dff1fa740e26

SHA512
bcb1972514dbbcca268003675cdebb0e02afc6fb8e3dce86116cab81a55f229422ebc56dd6a95ac3e5ad474b3ea5f52e8cc86ad7a19df331db663093e91c0aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
f33bb268c9c211be93a6f7ff163b51aa

SHA1
e8c0b32d6690d1a60c831922480d34ced0aedeb7

SHA256
92e66cfaa62db582500936b1cc42902cf30bb1ed4b5e637f7387be8e8ba6530b

SHA512
58348b2793eb7e4623ae883753b6dd778ada418a2508fd558e6af0e947c08ecda837389cf7136453aaed85a4e09d6e83656b89af5b1e77d570968118eb75d4df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_2A1F4CCD74E7AC1EAF9433BC50ADF937
MD5
9f302a41af38aab9f4a9fa582f249db5

SHA1
8e7b1ea8afd970cdb87e29158433a750de5f48b4

SHA256
4dd105d6efb13f6413e279ee334e93348a6588d09e0b20b788946f1dd7730c26

SHA512
0bfc3a35852c47f5762938c75a7cdb8241d61fe599a7938147bc0e70f63fa119480465b0d96df465baa55661b8fd5bcacb8b29e31ccb0fca9a0a77cb4ff53a35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477A
MD5
1cc68fbf0e168080b1bb09db715d09ad

SHA1
1a7db9cd1ebedf3ca244d54808bd30909658ec3a

SHA256
f0ad83c82a61e260f35105c0422b23c3b68474e2368d1f045fe58b0f43d8c8f3

SHA512
3376d6e207efa2fcb21a13b6ed33f97092ff35eb6ca0b09e0f231a115aaeba517d031a9bdd659984c783ce2b70eb37c048a76733745db3048aa9ec23dab28612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
a4fe23ae8b96c75d2c4ab83a4fc0a24f

SHA1
07080fe7a27a25d98c136745f03f404f50f082fc

SHA256
31c57f80abfce3bf7e129fd22bec1dea9305655b38261aa7bee80ad2765900be

SHA512
cdc1172647211c8524dc02de7d6553a35685ba629626154f19a26c63275b6ede454c89b0cd29031ab918d23aaedd2f516c30c8083eca905f4ec7933c9d4fb280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
MD5
2902de11e30dcc620b184e3bb0f0c1cb

SHA1
5d11d14a2558801a2688dc2d6dfad39ac294f222

SHA256
e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

SHA512
efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
6ce4276313fee0f30f9d639d8a00332c

SHA1
535bbb70b7a638d766731f2e1265ac57111dc766

SHA256
5c56fa669d09207180fde6d0d39aebebaf326f3866d3e8832f3eb13f388e669a

SHA512
e1aa2bde2267dae8145eb6c2df37ca94297fd9ccc14fa962db5c680955a24e8ea6ce133d56afb4d2091d6211616db210d81dd09800989bd79b625f22d56822b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_2A1F4CCD74E7AC1EAF9433BC50ADF937
MD5
048e43dd673886d79de54c7e2aa294b2

SHA1
e804060e7d48f8ab6865f002c43fecf2f90265d1

SHA256
ef8e1f10bc6e0a72206acb373db93f49ba9c18e46106ef25700fc46ee9ab16c0

SHA512
fb613f5d49dddff10dc61216de01f43bdb52f64ddb34861bd0ccf6b87a0ccdeae72bcbe3be630e7e7df6fa0d9a89843742c2ae2814efaea6c2960616c9b0eb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477A
MD5
783e09df097f051e27b14d2399a29443

SHA1
3a3d016fde0f286ed4e0e8ea45b98619d0ef0e5c

SHA256
762186ca85628ade4a7cf84dec64bf9f15a3c24067d4fad96ef1cf1b2054006c

SHA512
5f889f22576fefc01c49476da22cb1fa9c71c2657809c967e8fe73ca8d7637379c16d6085b5befa88dae2245c04d9a9cb7bbd87beb48065990db71abb20700dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
acba5c2bdfc7df8f1ffaefc279e66882

SHA1
e4f261c189b8e915ec25e626b5c0098313dd2ae8

SHA256
8759682eaf50e3ef65af45ccd1ca2ed8bb5fbbba539ec32d8988c458bf84ee20

SHA512
add1174f8206c058285108a00e151807654725824b84559501b672f840b77ffc317d0ad4330ebab8cee52a1eca0ae90f21da80ea5cc2c2d99ae386b1a106cf1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
882b95b73d7647aba5f4313db7ed61c6

SHA1
dad50c7d8072c7716ca982b02f121193809e5251

SHA256
4c550740a898bf96ffc9c4dbab78e846eac6e8ec09b824eff79774898a631f6c

SHA512
4057e7fe6b8b41de40d3a66012559d7046a324f0dc2fbd52a6354d61eded72ae3cf36333a3bdc675a8be24cf2de9b55ae89a3d0ce1506ce90a6d577ec8fbc1b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
a50092d4f3273fb2c97b020520d184b0

SHA1
17250eaa9043ff9b205aa1c2de94fdedbb0f6985

SHA256
450d2d1806ba9c9675d1ddd0e75e1596dc209a8ee260c191a7b453d86b173b8b

SHA512
49956a4e99d6257bc93406867dd6aaf1fda44395ad5b2f1b6902b814709cbb41c9e88959e9c330cfa538d4f7c9f61f9f7d79fd9efda63f0e121a02ed8c736a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\au.msi
MD5
6868a4cb095e4b507e80963d4704cb46

SHA1
8261b3600133b4a8eddbe1c9a817695ca6985dc0

SHA256
83ac882dd9ca3ec8851ba1a13836173b535a98fff785099729f0e30c6d34c123

SHA512
0f549d4f1ff17bb6133efca3110df72a4af7870344021eed06c5d59c84f2a8d3a12b7b7cb79914a6ac3e116807d1dbae1441750522c0b6467ff3a797ca0f17f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\jre1.8.0_301full.msi
MD5
9e53bbe592f5f43447aee0c57757a109

SHA1
eef6363f7b2932bf76069836ba09bc3be9287eff

SHA256
b750d528b02f3eee64e479327b513f63e78677de4b47b7a3e5148597fe46fcea

SHA512
54f71fe47e3e98d5b815584350aeee82221d5a377343f9ca1ab1bde6d5072b828b34d22f39f68d23fc35a21edde6c80e396befd2c00ede0f1b356e0616d919d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\msi.tmp
MD5
dbde130171adb22361050c01b83cb9e2

SHA1
8ae6412a46db0eb52487450aa048dd8ddda6b0c4

SHA256
1fb21d2ee197a567007a4b72942ce239a47afa42a2a2f89281b2c61dafa74ad5

SHA512
95c9f347ced0ed565331b6c4e5c50f627cc6fb786b6392a1929a2b56ddfc0ee8a65adbe96ad5180153262bd76750ef69e52f5b617c19894a1698c2fd3fb62d22

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\msi.tmp
MD5
565b4ac7dcbc3a9cc88569d1325cd93e

SHA1
b5ed364b2e78bd7850e8274497e9434a6e123cc3

SHA256
53599eca93fbac6504303a7dedaf9c29830873041b2c46ae891d66650df50230

SHA512
dfc8fd7c9e23d50dfc15b14bfdd6569a537d6665070dba438e5b5402459a2ed6459e1c370b3475eb8bdf8299b9fbdfba7c0baa6dfd35681fbfcf34bf452a38f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bq3gxmw\imagestore.dat
MD5
31020c17de975cd82fb7e4c69f8d7f87

SHA1
9fb9c51e61942e97165f81afb570fdf4eea1de8f

SHA256
b07c5f64b4435579325bf00ef00617f83ee68812ed98d85dc91bac348496b194

SHA512
ce9fb576b1cdccb5cf313b7cb19f94937b972340feb791309ea759006d21858da976b7d528d803a1ffcb199f4d735b0be7f5302c84798b8f48778e3c3e6f4f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1Y3K90W\JavaSetup8u301.exe
MD5
327c6590740c46e1261599023c812ace

SHA1
8268da67e8a17108759cde754e9d79531f1d3588

SHA256
c666b22eb07e4e2fb57da7ec30bf36696f02475f9aeae5253655124042657ae2

SHA512
9f51668fc42cca04954d776d6cc7510bfb818c0b5f236837ca09ee6b2bc4237e8de73494bb65542f1e4e5f9292506558f534f3dd8a3cc64d213fb3c5b6ec21c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1Y3K90W\JavaSetup8u301.exe.li74usb.partial
MD5
327c6590740c46e1261599023c812ace

SHA1
8268da67e8a17108759cde754e9d79531f1d3588

SHA256
c666b22eb07e4e2fb57da7ec30bf36696f02475f9aeae5253655124042657ae2

SHA512
9f51668fc42cca04954d776d6cc7510bfb818c0b5f236837ca09ee6b2bc4237e8de73494bb65542f1e4e5f9292506558f534f3dd8a3cc64d213fb3c5b6ec21c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259305688.tmp\JavaSetup8u301.exe
MD5
6d188b1e9281750215f9096f60a73924

SHA1
c5a61772e64170dfa19ad8c14be60e282a49859e

SHA256
43f752f8c162cbf657834ae44d961417c9d03cb7f29524eef2d180b608618ea0

SHA512
ab4ceb68c6acfa8f23d39a18bdda586e621094e9bcf1363c32aec4620ccb31f168a934842e168fa39646b00848cfc7fb8b108731f6f72aee9bd1a6e981677d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259305688.tmp\JavaSetup8u301.exe
MD5
6d188b1e9281750215f9096f60a73924

SHA1
c5a61772e64170dfa19ad8c14be60e282a49859e

SHA256
43f752f8c162cbf657834ae44d961417c9d03cb7f29524eef2d180b608618ea0

SHA512
ab4ceb68c6acfa8f23d39a18bdda586e621094e9bcf1363c32aec4620ccb31f168a934842e168fa39646b00848cfc7fb8b108731f6f72aee9bd1a6e981677d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
b36a34b6ff03078d75252689ac96137a

SHA1
30c64abdfd709336cc82f2b8b64a2dcb2c735261

SHA256
30745760ffa00ab8ee5aaedbc656bf8eae5d141386772b0df83f64da94027493

SHA512
d824b0e0cc026dc7d014177c98f238a4611721e6f2186e13b6b587797d5cec6440326727d470d22c638a33e8cda96eb646edde434abc19d512f3e760a7ba9928

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
3aa0fcc344e27614a50ca4c35430bab8

SHA1
3a9e333d1fb95b3b8b52f5287b6e7baa90d607af

SHA256
bc5aef1cd275ad5b8d3c64bc154c37ca48e3de4e8cc79e9e0b0caf8368741131

SHA512
643ef500cb3a81175b098be2ba0d528819dd06c951287edeb670c5bcc9bd3c38e182930b957fe5ef4d8b2ebb678a5e43ac90eb340788014a60f0336128484d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
7f7447cbfe9c6d524cd2b10e3b768307

SHA1
efa2e3d47c53ce735781390c1d6264cf989612b6

SHA256
35a6b4de3233c1ade63501e06d317ee518985923d0f5f7f8a08feb0ce4aba9f5

SHA512
09b07303b8edd9763c3ef2eb51d0edb9c6f761f9503ded9485d6bdff7e71b8a02cb2163111bd7b086c77219a884fa8cd061a63d298819959d65ddd5fcd5058b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\09HLLMQX.txt
MD5
77ea605014f721313edc3f65b04eba98

SHA1
de4fad4e1d66632fc0b8976e413d40e927b391f9

SHA256
88ef952ef6d5a79076c8b9f25d0a6f90c3fca31c5e549de3fca416107adfe67f

SHA512
0f7720cbe15b0724c4b88eb30eb77f78ff4993ea02208dbc0565a5895db6dacab90975f3cfceed7cc8faf246c5bc22aac803830cf66eef7e32dc0eb72e1d47ef

Download Submit
C:\Windows\Installer\MSI14CB.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
C:\Windows\Installer\MSI1605.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
C:\Windows\Installer\MSIC14.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
C:\Windows\Installer\f7505cf.msi
MD5
565b4ac7dcbc3a9cc88569d1325cd93e

SHA1
b5ed364b2e78bd7850e8274497e9434a6e123cc3

SHA256
53599eca93fbac6504303a7dedaf9c29830873041b2c46ae891d66650df50230

SHA512
dfc8fd7c9e23d50dfc15b14bfdd6569a537d6665070dba438e5b5402459a2ed6459e1c370b3475eb8bdf8299b9fbdfba7c0baa6dfd35681fbfcf34bf452a38f9

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-file-l1-2-0.dll
MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-localization-l1-2-0.dll
MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-processthreads-l1-1-1.dll
MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-core-timezone-l1-1-0.dll
MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\api-ms-win-crt-runtime-l1-1-0.dll
MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\ucrtbase.dll
MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\unpack200.exe
MD5
e7b61826c1ff5051252c2d29fbd6d91e

SHA1
306ed9ffb342ff103fa8555b0ca72d99e224b043

SHA256
0a5805ff9744287c14af520d95055d49443a784137e670cff18ec5adcce50479

SHA512
715a63e18010e8a82422219c34d181afdc595dc4171bdcbab216dcab0ead96b6fcd624c7bd5f1ec8567f83126a2f3726b33bb797215ce7ddd279292c80a508fe

Download Submit
\Program Files (x86)\Java\jre1.8.0_301\bin\vcruntime140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\259334190.tmp\bspatch.exe
MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_301\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\Local\Temp\jds259305688.tmp\JavaSetup8u301.exe
MD5
6d188b1e9281750215f9096f60a73924

SHA1
c5a61772e64170dfa19ad8c14be60e282a49859e

SHA256
43f752f8c162cbf657834ae44d961417c9d03cb7f29524eef2d180b608618ea0

SHA512
ab4ceb68c6acfa8f23d39a18bdda586e621094e9bcf1363c32aec4620ccb31f168a934842e168fa39646b00848cfc7fb8b108731f6f72aee9bd1a6e981677d00

Download Submit
\Windows\Installer\MSI14CB.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
\Windows\Installer\MSI1605.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
\Windows\Installer\MSIC14.tmp
MD5
100e2f545b857e29dce68f597d962fac

SHA1
13a036189f2daaae613820289ebe5acc79f172fb

SHA256
07e70fe0338313b385df7449c418bfe261c82af07a20bf69fe1be69e754d3ebc

SHA512
0aabfc67d1961e3c7ba66af71d4ad9a4057047b41099fec795e3ed2060203570e3945455f97bab5a33f0a698a37db900601f20c1c150fc268a67a92ef78d029e

Download Submit
memory/344-93-0x0000000000000000-mapping.dmp

Download
memory/552-71-0x0000000000000000-mapping.dmp

Download
memory/572-102-0x0000000000000000-mapping.dmp

Download
memory/868-88-0x0000000000000000-mapping.dmp

Download
memory/1288-67-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/1288-62-0x000007FEFC381000-0x000007FEFC383000-memory.dmp

Filesize
8KB

Download
memory/1288-61-0x0000000000000000-mapping.dmp

Download
memory/1360-85-0x00000000026B0000-0x00000000032FA000-memory.dmp

Filesize
12.3MB

Download
memory/1360-74-0x0000000000000000-mapping.dmp

Download
memory/1792-111-0x0000000000000000-mapping.dmp

Download
memory/1796-60-0x0000000076A01000-0x0000000076A03000-memory.dmp

Filesize
8KB

Download
memory/1852-65-0x0000000000D40000-0x0000000000D42000-memory.dmp

Filesize
8KB

Download
memory/1852-63-0x0000000000000000-mapping.dmp

Download
memory/1892-117-0x0000000000000000-mapping.dmp

Download
memory/2104-128-0x0000000000000000-mapping.dmp

Download
memory/2204-145-0x0000000000000000-mapping.dmp

Download
memory/2228-146-0x0000000000000000-mapping.dmp

Download
memory/2252-147-0x0000000000000000-mapping.dmp

Download
memory/2276-148-0x0000000000000000-mapping.dmp

Download
memory/2300-149-0x0000000000000000-mapping.dmp

Download
memory/2324-150-0x0000000000000000-mapping.dmp

Download
memory/2348-151-0x0000000000000000-mapping.dmp

Download
memory/2428-152-0x0000000000000000-mapping.dmp

Download
memory/2448-154-0x0000000000000000-mapping.dmp

Download
memory/2476-156-0x0000000000000000-mapping.dmp

Download
memory/2496-158-0x0000000000000000-mapping.dmp

Download
memory/2528-160-0x0000000000000000-mapping.dmp

Download
memory/2596-162-0x0000000000000000-mapping.dmp

Download
memory/2644-164-0x0000000000000000-mapping.dmp

Download