f4593f0e05ec03357b61734194bbd9afb82020feea0431c94e6e011c61638a9a

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-en-20211208
submitted
08-01-2022 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

install.exe
Size

20.5MB
MD5

b286b0e653f85c391d91892c7182a6a7
SHA1

2854413d9f1a6bc8439ceeb5f1517fcb1b210c98
SHA256

f4593f0e05ec03357b61734194bbd9afb82020feea0431c94e6e011c61638a9a
SHA512

e07233a19c55366f7614121a7a76615be7e132af42a51e4fbf964e9cde516f622626ddbad1025dfeb857d650b9af196aa07ca02003b6501f167062fa73a87d47

Score

8^/10

adware discovery persistence stealer

Malware Config

Signatures

Executes dropped EXE 18 IoCs

Processes:

jre-8u151-windows-i586-iftw.exejre-8u151-windows-i586-iftw.exeLZMA_EXELZMA_EXEinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejp2launcher.exejavaws.exejp2launcher.exe

pid	process
648	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
992	LZMA_EXE
1912	LZMA_EXE
1196	installer.exe
1732	bspatch.exe
844	unpack200.exe
328	unpack200.exe
1064	unpack200.exe
584	unpack200.exe
660	unpack200.exe
1740	unpack200.exe
1652	unpack200.exe
1580	javaw.exe
1960	javaws.exe
1604	jp2launcher.exe
872	javaws.exe
1020	jp2launcher.exe

Loads dropped DLL 64 IoCs

Processes:

install.exejre-8u151-windows-i586-iftw.exejre-8u151-windows-i586-iftw.exeMsiExec.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejp2launcher.exejavaws.exejp2launcher.exe

pid	process
1684	install.exe
1684	install.exe
1684	install.exe
1684	install.exe
648	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
824	MsiExec.exe
824	MsiExec.exe
1196	installer.exe
1732	bspatch.exe
1732	bspatch.exe
1732	bspatch.exe
1196	installer.exe
844	unpack200.exe
328	unpack200.exe
1064	unpack200.exe
584	unpack200.exe
660	unpack200.exe
1740	unpack200.exe
1652	unpack200.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1580	javaw.exe
1580	javaw.exe
1580	javaw.exe
1580	javaw.exe
1580	javaw.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1196	installer.exe
1960	javaws.exe
1960	javaws.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
1604	jp2launcher.exe
872	javaws.exe
872	javaws.exe
1020	jp2launcher.exe
1020	jp2launcher.exe
1020	jp2launcher.exe
1020	jp2launcher.exe

Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

1652 icacls.exe
1972 icacls.exe

pid	process
1652	icacls.exe
1972	icacls.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msiexec.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""	msiexec.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in System32 directory 4 IoCs

Processes:

installer.exejp2launcher.exejp2launcher.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	jp2launcher.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	jp2launcher.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exemsiexec.exeunpack200.exejavaw.exeunpack200.exe

description	ioc	process
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-crt-locale-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\w2k_lsa_auth.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\security\trusted.libraries	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\splash.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-core-interlocked-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\decora_sse.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\java.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\pack200.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\t2k.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\rmiregistry.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\content-types.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-core-heap-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\java_crw_demo.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\psfontj2d.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\fontmanager.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\hprof.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\cmm\CIEXYZ.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\images\cursors\win32_CopyDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\security\cacerts	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\kcms.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\orbd.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\calendars.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\COPYRIGHT	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-crt-filesystem-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-crt-private-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\j2pkcs11.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\jfxmedia.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\security\java.policy	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\splash@2x.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\splash_11@2x-lic.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\rt.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-crt-conio-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\management\jmxremote.access	installer.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\Welcome.html	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\flavormap.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\hijrah-config-umalqura.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\tzdb.dat	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\jsoundds.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\messages_it.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\client\classes.jsa	javaw.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-core-namedpipe-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npdeployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\ext\sunpkcs11.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\fontconfig.bfc	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\management\snmp.acl.template	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\rt.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\instrument.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\j2pcsc.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\klist.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\fonts\LucidaSansDemiBold.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\javafx.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\messages_zh_CN.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\management-agent.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-core-debug-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\api-ms-win-crt-convert-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\client\Xusage.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\nio.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\bin\sunmscapi.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_151\lib\fontconfig.properties.src	installer.exe

Drops file in Windows directory 18 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\f76a1bd.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA6EB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a1bd.ipi	msiexec.exe
File created	C:\Windows\Installer\f76a1c0.msi	msiexec.exe
File created	C:\Windows\Installer\f76a1c2.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI71B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a1c2.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA853.tmp	msiexec.exe
File created	C:\Windows\Installer\f76a1bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a1c0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76a1bb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI499.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI630.tmp	msiexec.exe
File created	C:\Windows\Installer\f76a1c4.msi	msiexec.exe
File created	C:\Windows\Installer\f76a1bb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA893.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7B9.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exejre-8u151-windows-i586-iftw.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main	jre-8u151-windows-i586-iftw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_16"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_63"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0103-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_10"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0080-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_80"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_30"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0103-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_103"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0159-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0092-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_92"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0083-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_11"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0147-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0149-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0053-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_155"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_45"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_65"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0067-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_119"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0136-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_98"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0092-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_56"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_23"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0118-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_118"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0085-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0062-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_87"	installer.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0090-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0109-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0130-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_119"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_08"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_58"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0170-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0101-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0104-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_104"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0106-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0073-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_76"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_69"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0101-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_101"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0150-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_88"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_45"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0050-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_50"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0146-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_151\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0159-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

jre-8u151-windows-i586-iftw.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	jre-8u151-windows-i586-iftw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	jre-8u151-windows-i586-iftw.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	jre-8u151-windows-i586-iftw.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	jre-8u151-windows-i586-iftw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	jre-8u151-windows-i586-iftw.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

javaws.exejp2launcher.exejavaws.exejp2launcher.exemsiexec.exe

pid process

1960 javaws.exe
1604 jp2launcher.exe
872 javaws.exe
1020 jp2launcher.exe
1624 msiexec.exe
1624 msiexec.exe

pid	process
1960	javaws.exe
1604	jp2launcher.exe
872	javaws.exe
1020	jp2launcher.exe
1624	msiexec.exe
1624	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

jre-8u151-windows-i586-iftw.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeIncreaseQuotaPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeSecurityPrivilege	1624	msiexec.exe
Token: SeCreateTokenPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeAssignPrimaryTokenPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeLockMemoryPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeIncreaseQuotaPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeMachineAccountPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeTcbPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeSecurityPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeTakeOwnershipPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeLoadDriverPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeSystemProfilePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeSystemtimePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeProfSingleProcessPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeIncBasePriorityPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeCreatePagefilePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeCreatePermanentPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeBackupPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeRestorePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeShutdownPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeDebugPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeAuditPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeSystemEnvironmentPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeChangeNotifyPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeRemoteShutdownPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeUndockPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeSyncAgentPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeEnableDelegationPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeManageVolumePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeImpersonatePrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeCreateGlobalPrivilege	1224	jre-8u151-windows-i586-iftw.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe
Token: SeRestorePrivilege	1624	msiexec.exe
Token: SeTakeOwnershipPrivilege	1624	msiexec.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

jre-8u151-windows-i586-iftw.exejp2launcher.exejp2launcher.exe

pid	process
1224	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
1224	jre-8u151-windows-i586-iftw.exe
1604	jp2launcher.exe
1020	jp2launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

install.exejre-8u151-windows-i586-iftw.exejre-8u151-windows-i586-iftw.exemsiexec.exeinstaller.exe

description	pid	process	target process
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 1684 wrote to memory of 648	1684	install.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 648 wrote to memory of 1224	648	jre-8u151-windows-i586-iftw.exe	jre-8u151-windows-i586-iftw.exe
PID 1224 wrote to memory of 992	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 992	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 992	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 992	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 1912	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 1912	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 1912	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1224 wrote to memory of 1912	1224	jre-8u151-windows-i586-iftw.exe	LZMA_EXE
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 824	1624	msiexec.exe	MsiExec.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1624 wrote to memory of 1196	1624	msiexec.exe	installer.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 1732	1196	installer.exe	bspatch.exe
PID 1196 wrote to memory of 844	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 844	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 844	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 844	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 328	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 328	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 328	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 328	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 1064	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 1064	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 1064	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 1064	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 584	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 584	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 584	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 584	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 660	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 660	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 660	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 660	1196	installer.exe	unpack200.exe
PID 1196 wrote to memory of 1740	1196	installer.exe	unpack200.exe

C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1684

C:\Program Files (x86)\ZClassic v1.0.5\java\jre-8u151-windows-i586-iftw.exe
"C:\Program Files (x86)\ZClassic v1.0.5\java\jre-8u151-windows-i586-iftw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:648

C:\Users\Admin\AppData\Local\Temp\jds259393798.tmp\jre-8u151-windows-i586-iftw.exe
"C:\Users\Admin\AppData\Local\Temp\jds259393798.tmp\jre-8u151-windows-i586-iftw.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1224

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\\msi.tmp"
4⤵
- Executes dropped EXE
PID:992

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\jre1.8.0_151full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\\msi.tmp"
4⤵
- Executes dropped EXE
PID:1912

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AD8E5EDC91BB49B20E5C0F811524B633
2⤵
- Loads dropped DLL
PID:824

C:\Program Files (x86)\Java\jre1.8.0_151\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_151\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180151F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1196

C:\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1732

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:844

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:328

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1064

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:584

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:660

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1740

C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_151\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_151\lib/ext/localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1652

C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaw.exe" -Xshare:dump
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1580

C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1960

C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_151" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Windows\SysWOW64\icacls.exe
"icacls.exe" C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
5⤵
- Modifies file permissions
PID:1652

C:\Windows\SysWOW64\icacls.exe
"icacls.exe" C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d809d.timestamp /grant "everyone":(OI)(CI)M
5⤵
- Modifies file permissions
PID:1972

C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:872

C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_151" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2EA617B6A4713285AB518C86A71256A4 M Global\MSI0000
2⤵
PID:1428

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files (x86)\Java\jre1.8.0_151\installer.exe"
3⤵
PID:1688

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E9754E7B93A5897DA8C92C6357A3F94E
2⤵
PID:1568

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A112EC443CF1F5FC46E9A4BADC4AC6C1 M Global\MSI0000
2⤵
PID:1280

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_151\bin\MSVCR100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\installer.exe
MD5
8674418c4e998d00078343d5b9cdcd95

SHA1
b835c24228f43ceea6dc10b8ee9724717df6226e

SHA256
2e4c111b24510b4edbb49d1c898039173844e3483cf0eaf3b7d655bd0360b69a

SHA512
571752d7e13f4468e0ce0b2c2642a49ff746dbadd72093ed070cec53552c38a605d3062198dabbfff724ac290bf2da85d90f50bcfe3172631c1bb0e43291282c

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\charsets.pack
MD5
b3c85c17eef31b250236e55cf4a8d4b7

SHA1
c299562de98e9f82ae27432a029009451b782f41

SHA256
80e6cd59b3df2c32f1a4098e72aaef373fd10ebef533c99f1ebdb96491a852b8

SHA512
d0c91f016999cf943f7bcda1a394bcf06f5d9e8408a92f8860d26f73f11fef071896497ab3e8275daecd0b54e8c0f56fd356e3ea3cd210023b66b4ee9d9f7002

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\deploy.pack
MD5
a6ca146d146052f61c77644d3a5bb5ad

SHA1
61d1ed47d24f3188b9cfea99c93778681be50188

SHA256
cdce48ee53e3ba63bc805b48a53f371ffb386da5c412bce56f0c43af137ababc

SHA512
27dd31a5d1ed963c2cd76d9ac8c1b717ebbddfb5802bf53dcf7a2cbbb50ec4ac9c4fbd00cbe5e8c538b6b3252af9c6380e6cd8fedf464c28f8a3344e2cac5906

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\javaws.pack
MD5
bb01bfc9d21f14390ca1681a7f8b44d7

SHA1
39e8cd45da0efd9b6cff99ebc050dce7ac74ddc2

SHA256
9295e34c42aecc27b6d20e584df1d02d48860a7d725422e41d7fbe6d75b961cf

SHA512
78ce8b6b76dcdc7fe53ceb99e359c00a480fc6c493717c564cc45c4b1cccfcea34ce5d4455dda760612e5608062b47f2fadbcb362810a5a97bd65a5b59030a8b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\jsse.pack
MD5
42f63e52f0cf5cbdb8a27abfa1f7e8f8

SHA1
69be1c34974fa59cd82900667a50ac378659cb6c

SHA256
6f04f2cd9f2b3af59b5bca7778ddcd6b3bc414c16e415b6d9f4fc2f00b5b19b5

SHA512
f88e46a56779821d4fc366a7efdd3f495f2fa7cb79d614053b4a452adaa1cc918fb8eab45491dd30cc75be685374cd6972868b967505d14ff5988b9d84c946e9

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\plugin.pack
MD5
bb56267e39d2a70460465c2378e2a3fd

SHA1
d4348ad9f0451c490fc9aa3c16918b10fbea6e56

SHA256
fa5c7366b88f9975da1be6b59185ca4c8fa4442702bbfcf83e666504e92601af

SHA512
10c75f43c0fcbb12caefb8576aa3a3b78cdf8d0c3ed63936921706439ae6375579f98d4d013e972b2c178b2cb715c54454392990bf619c1cdc65f5e8cd5dcada

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_151\lib\rt.pack
MD5
63c402e011cc83315dc0fc79b731517f

SHA1
75d60ea10a8297411162f552adf274e73c5a15d6

SHA256
42e5ef8c2bd583d62a6b7a438df750ff7e6bd6ce2ea95d722f06a4c1c0b05372

SHA512
cbce0174dcb48593102424987420dfeb752798e57dc18e027f1054d0e115259dcaf35db2840c0d6cf629bec782e37d4ed9aa7f102d7455bf77ef29d5633dd084

Download Submit
C:\Program Files (x86)\ZClassic v1.0.5\java\jre-8u151-windows-i586-iftw.exe
MD5
52d0fa2a1e3f6e7895c534adccbd10eb

SHA1
600e49c32e67dce875322e95b95ecefdf30a6425

SHA256
b4f8f06bfd951210cda7b40f1fc25e4150de514753f719bc7e4c521a22f202bf

SHA512
75cdece0ae82fb8fbd6a1634b22ae0e6c5d4496909bd4714c2c6ebb05d464d5f28eddae9284c4474a6007492c1fb8a0216bee7e0ee515b6bde6b2f88a4aab37d

Download Submit
C:\ProgramData\Oracle\Java\installcache\259436323.tmp\baseimagefam8
MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
C:\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
C:\ProgramData\Oracle\Java\installcache\259436323.tmp\diff
MD5
3cd4cd8f88a125218202a9aa9d0de67f

SHA1
0ca06e263738500c84e5bbf9ea1b06b148fec5fa

SHA256
199a555b310fc45acee90305a36e4f90c32d228e6c851b75fb492671b6f97587

SHA512
4bf7453f611a3f0d072ae669fde2c8219d759cd7d6644b5395daf2f731c63dc1b18c2501a6ad3197005d4f4143d419cda47277da51410c060f362ecc7ebecc57

Download Submit
C:\ProgramData\Oracle\Java\installcache\259436323.tmp\newimage
MD5
a87f113d96744818886ec6ae24b35e71

SHA1
882d72d18962379602c666d47a70da3228fe283a

SHA256
739d0122ebc1cab6aca5cdba13ee623110a61441103a5e5339a69951ec9307db

SHA512
5dc5b4d0b03209b2dfed24c5167e7fc875b0892b14538b4a0cb71672ae3bc9cef54024d706edbe85fc539dc4d861af401db86dabab4ac5584a86b78e86941afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
MD5
ea48eabeeff218492b3f9c2b4073e2b3

SHA1
2875905d30948f3af2b1adacbe7cfc08beacfb3e

SHA256
866391ed9d5d4a3fa03204756ad929f40148334e9bb194242e8cbf2df82742ec

SHA512
e739b108a2e80e2297830361955cca9f031d7fddfe4050b6d4d78752111abdb2433696b96cb4fb03ed022fa1abab86f4175bcf50230aefd1ec9273d5c8f2327c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
MD5
c5fce10fd4d0a34ec44980e49c62325d

SHA1
cc8f79296f40a65f5c2cf367e64ab7cf2d062961

SHA256
4e8b5fc68cf31033fba642c696239716334df469438df74c19c460db48992546

SHA512
eb49898921fb9e8ec7b0cc5810e440e9044eca7493f2fb9436c96685503bdffbd239831a2d6d94bf6c59c8ae23eed71c40903486014a7dde74166514c07021c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
f33dcb6f49583c6d95a099055f11c7c6

SHA1
82e0314a0f20c129e0a4b78a2b27e0204338ece5

SHA256
c86f50fa2ad2c3d02a766644b269069f610f44bb3f9cbabd033f845f988fd1eb

SHA512
173bedbbcbdf2f305b6790fa1595f51a201aea915dbb6c9d42956adfc4e11db97d480d6fd78a26c9518016a6c5d4d1b9a5002d4b96a702876e5b02045f6b46e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
MD5
a93910b1dbeb3bfb51a2cbec78f57305

SHA1
7927fda7af7d836e39294be40d088f4951982848

SHA256
9525b321a3db8c064e1bf03306d82e6cb152bffbd47bf9fd6753d3240fe2969d

SHA512
a70486c12c920e768037375cca27b95d6534998fb625999bf846571266af8cf9ec2fe5be00a56bcd93e5c8500ea4c93b15a626defe762546158464575e842d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
MD5
d5a532f27674e4a94a71f3322a7900e3

SHA1
cf0869ac7f5989c7c9402ec3de0b88ef028d5a6a

SHA256
3c640e691c9f473ceabfd4e4a6949daf065e4757d20de56386423f8f29cff84c

SHA512
63232346d2ed6378a3a76f01dacd6a8ad88316be3af2546aafd7b9e916cf80e4ba480a4b8fb3f49780dccdb4a9a67c598eaa5ff70640d713f55a6598b7bbfceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
8ef3871943c6e209f913c19b10dafd9d

SHA1
8413afa9ac38b17f39f9cc4e45ddd9d9da19c29a

SHA256
eae5f179501341247fd54e4597542e528fc0210286d4efe10fd363e3973811ef

SHA512
dfb26f6a58c9a6d814b90213303348b6fc13cd62883e5b39c8c38d474d9f94469578cc53323b57a1cd2b1c8568c3b9c62f945bb5f8ebb268ebe1d27381a39627

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\au.msi
MD5
32d153e8092d61f7d2a9d2f85b5499a8

SHA1
7e5086362c3df562bffa58204266e9bfd1e832d9

SHA256
dc26128df77b9b9302fc416e861cf96da5ace0d6728bf53b6ceaa86f04bd0432

SHA512
0abf4488807452ff23109d39d37e6651fbb18da58f16b928515c5c4c94faf73917b0c45417ed92920f4d8ce219ab0a6900d65527905d80fa887856da642c7d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\jre1.8.0_151full.msi
MD5
9f18fc6af3c46d1fffc67257aae15008

SHA1
a895f9bd62d47b0696b3556240500b5f2036cbe9

SHA256
ea229a54ebf38ab483ff5fcf7ba4b3af4678df2db35d1d0f95e905c4cf05e011

SHA512
2e83153dbf1edaeb620e0530dcdd7a914cb3646678213d5b824d8e9694eed51458b162e94fa5042dff5719b692288a7dfb571b3e2541011dc6e4345bb0e6c55a

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\msi.tmp
MD5
d181c3ec418b36fd41f61937e31c66a1

SHA1
2ba54477b9909165397836c6d09305aa0f9af047

SHA256
460f3f85ab1d2ed3670ab89ddcbd4a101a38e2d474705061cba1fdb3f03c7f2d

SHA512
ca6675de2111ec4016ca5ea4bf147cab09c1cbfb21481837e4c4230adab2fc8acbfa345be30a20fbefe1dda6f7888b56a11226f109e0d60f5efca2ad72a3b34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\msi.tmp
MD5
9a863e7d1620af0930b7aaf7ce76d753

SHA1
20cfb2cd24d1b476ed54cbb2fd7ebf9c0bcf4ed3

SHA256
44dc4f7ca7ce3ca239de44e13189524e923ffef7439a33db2d1fe1d20d3340fe

SHA512
7d0709c8c120b2d8a2a35257b88ff32e86a9f84ee624cc05da0fd31104e1e6c3aeabbba3a40ac5481cee8f3a3a9105c2cb7d8e634756510a22b1f63d11c7c93d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259393798.tmp\jre-8u151-windows-i586-iftw.exe
MD5
f9cb72fade88741c85a06839c7c6ab69

SHA1
1796ea1688445d3127e4be1136a7f152213d0866

SHA256
e6ba1c5386270288df898e2e4fa73154904cbd49755992f691e0d24746dbc02f

SHA512
0ca59276a01521fcfc08c0300b2f0ec788587ab04a3bbbd80618a1881284c045e8538674210195d3bf6adc66c97e31fe51e78de117d765b97115877e634ef364

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds259393798.tmp\jre-8u151-windows-i586-iftw.exe
MD5
f9cb72fade88741c85a06839c7c6ab69

SHA1
1796ea1688445d3127e4be1136a7f152213d0866

SHA256
e6ba1c5386270288df898e2e4fa73154904cbd49755992f691e0d24746dbc02f

SHA512
0ca59276a01521fcfc08c0300b2f0ec788587ab04a3bbbd80618a1881284c045e8538674210195d3bf6adc66c97e31fe51e78de117d765b97115877e634ef364

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
5d7298de6195603547c690eb9f834394

SHA1
4423d669887312aca0baaf42d30262a9325cc623

SHA256
9978b4f2612b4193a5f8da03302da06b5dbfc3e6add7062143634909020c1ddd

SHA512
9b5ef424d4c7958b9ff07e2508986a0fc9da34bc256d9f46a2e63b86dc9a75a7b53bf1bc2cc666bf66439398354363fea39634012443a31c97a2ace5b39ac827

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
dc566ea35bf0aa1695da75d025b10782

SHA1
05795796745ce9f9deb2d6e43bcb406b69dbe20a

SHA256
fe84c0d8a6731e4f9eba1697b36a8179fde2add3f7d59322745b68566e29a740

SHA512
c7d9333b3ebf8513a5e62888b2905725260af25c263611d2940170232bca393f5a65e406d50689af70acf0319fb943b692f726d481cb43945216a1bc40bb2f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
MD5
8b6eae1196bfa1fffdbe6d2456d17c84

SHA1
b47decb997456ddd220bd48fd2dc5f11012c7eae

SHA256
b2b4526ccfe5698c69e077279d4a137cc35ed68bf9533cca3f9b08098764b5b4

SHA512
413a95482420fff4f0a80575ff7e40d8950c17b12a53a0a53ec997ada85e4090e5068228bd2c7c14c038fdc483258ed3b2714ed136a033d6503a797efcdeafd4

Download Submit
C:\Windows\Installer\MSIA6EB.tmp
MD5
8916a5ab8092ea95610ff18f929ace43

SHA1
9cd64bd7821e054c7b631fcc93569d6b5c11d047

SHA256
3ad56d01e9484ba2846bf1f99a2aaf671e389c2a414560ca1652e0f22e4baf47

SHA512
e2a6f04b3c482fa0e3bcc6647233e2876f86836709e996f828a2d09e458e6eba41d821765f66f538328586d246ce1823a9a0daf741e6c52bdfe5101bd9a765b1

Download Submit
C:\Windows\Installer\MSIA893.tmp
MD5
8916a5ab8092ea95610ff18f929ace43

SHA1
9cd64bd7821e054c7b631fcc93569d6b5c11d047

SHA256
3ad56d01e9484ba2846bf1f99a2aaf671e389c2a414560ca1652e0f22e4baf47

SHA512
e2a6f04b3c482fa0e3bcc6647233e2876f86836709e996f828a2d09e458e6eba41d821765f66f538328586d246ce1823a9a0daf741e6c52bdfe5101bd9a765b1

Download Submit
C:\Windows\Installer\f76a1bf.msi
MD5
9a863e7d1620af0930b7aaf7ce76d753

SHA1
20cfb2cd24d1b476ed54cbb2fd7ebf9c0bcf4ed3

SHA256
44dc4f7ca7ce3ca239de44e13189524e923ffef7439a33db2d1fe1d20d3340fe

SHA512
7d0709c8c120b2d8a2a35257b88ff32e86a9f84ee624cc05da0fd31104e1e6c3aeabbba3a40ac5481cee8f3a3a9105c2cb7d8e634756510a22b1f63d11c7c93d

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\msvcr100.dll
MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Program Files (x86)\Java\jre1.8.0_151\bin\unpack200.exe
MD5
c6ab4fc23c074ece18f81541d964985e

SHA1
ad1bd0c150989fbb59cdd088dda53013c4563529

SHA256
e98b41d0e8d98ec2fe6bc70e96a52dd97fbbaf36b136a2a3215ed93f0123bbc8

SHA512
a6dc061c92edc93cbc73eb8b34b05d81339fae42488d5f58f6a20cd25fa875791ee68b335de8da79a80d04f1c2e416c5f778e160a8f9b86094f56aa03240b8b1

Download Submit
\Program Files (x86)\ZClassic v1.0.5\java\jre-8u151-windows-i586-iftw.exe
MD5
52d0fa2a1e3f6e7895c534adccbd10eb

SHA1
600e49c32e67dce875322e95b95ecefdf30a6425

SHA256
b4f8f06bfd951210cda7b40f1fc25e4150de514753f719bc7e4c521a22f202bf

SHA512
75cdece0ae82fb8fbd6a1634b22ae0e6c5d4496909bd4714c2c6ebb05d464d5f28eddae9284c4474a6007492c1fb8a0216bee7e0ee515b6bde6b2f88a4aab37d

Download Submit
\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
\ProgramData\Oracle\Java\installcache\259436323.tmp\bspatch.exe
MD5
e76d957ac6885bf081878194f44db859

SHA1
1ac280ccb177c9179c9af048c40870bbd66545af

SHA256
6e660254360d0dcdc3909797b2106b212a54f8ab0cdbf62799010cff3956b054

SHA512
4d1c6900073e9893d9762f19f87db475b9e790807042f42bd0c34a81e8868ebb4444a297a7858ff1a86e4539c6f32e3788a9f92721c7e88a51061a3a34878693

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_151\LZMA_EXE
MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\Local\Temp\jds259393798.tmp\jre-8u151-windows-i586-iftw.exe
MD5
f9cb72fade88741c85a06839c7c6ab69

SHA1
1796ea1688445d3127e4be1136a7f152213d0866

SHA256
e6ba1c5386270288df898e2e4fa73154904cbd49755992f691e0d24746dbc02f

SHA512
0ca59276a01521fcfc08c0300b2f0ec788587ab04a3bbbd80618a1881284c045e8538674210195d3bf6adc66c97e31fe51e78de117d765b97115877e634ef364

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD71E.tmp\LangDLL.dll
MD5
30b091668111ab1d6c19f16586a9eee5

SHA1
aea49d81cf9972eaf1604793c04d13ddffe2c475

SHA256
331ca4b3a311324b463167ec43851146e57a2d90500ac3fd57a7683f6b777ffb

SHA512
6dd592af085b2e28c54d7f525916112dbf5cfe134393b0b97f8f1f64739cf90962273c51f02e8ce2c623cf6aa8355eacda5db0b0256d8f05a77ccf0f99d11648

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD71E.tmp\System.dll
MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD71E.tmp\nsDialogs.dll
MD5
d2e45dd852a659e11897df573832f381

SHA1
19990ee627c95b6c18d3b5c5f0ec5c24791d0af5

SHA256
86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676

SHA512
93c9fa1767f3e861fe5765f2940aaba9eee6396d069c443ac6cbaccc88441b2bfc3c3af50a8044161f96bb7eb81af1bc6c1fa754d89740d0a2a8d591fef11073

Download Submit
\Windows\Installer\MSIA6EB.tmp
MD5
8916a5ab8092ea95610ff18f929ace43

SHA1
9cd64bd7821e054c7b631fcc93569d6b5c11d047

SHA256
3ad56d01e9484ba2846bf1f99a2aaf671e389c2a414560ca1652e0f22e4baf47

SHA512
e2a6f04b3c482fa0e3bcc6647233e2876f86836709e996f828a2d09e458e6eba41d821765f66f538328586d246ce1823a9a0daf741e6c52bdfe5101bd9a765b1

Download Submit
\Windows\Installer\MSIA893.tmp
MD5
8916a5ab8092ea95610ff18f929ace43

SHA1
9cd64bd7821e054c7b631fcc93569d6b5c11d047

SHA256
3ad56d01e9484ba2846bf1f99a2aaf671e389c2a414560ca1652e0f22e4baf47

SHA512
e2a6f04b3c482fa0e3bcc6647233e2876f86836709e996f828a2d09e458e6eba41d821765f66f538328586d246ce1823a9a0daf741e6c52bdfe5101bd9a765b1

Download Submit
memory/328-116-0x0000000000000000-mapping.dmp

Download
memory/584-124-0x0000000000000000-mapping.dmp

Download
memory/648-60-0x0000000000000000-mapping.dmp

Download
memory/660-128-0x0000000000000000-mapping.dmp

Download
memory/824-87-0x0000000000000000-mapping.dmp

Download
memory/844-111-0x0000000000000000-mapping.dmp

Download
memory/872-187-0x0000000000000000-mapping.dmp

Download
memory/992-70-0x0000000000000000-mapping.dmp

Download
memory/1020-214-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1020-204-0x0000000002C88000-0x0000000002C90000-memory.dmp

Filesize
32KB

Download
memory/1020-189-0x0000000000000000-mapping.dmp

Download
memory/1020-198-0x0000000002BF0000-0x0000000002C18000-memory.dmp

Filesize
160KB

Download
memory/1020-199-0x0000000002C38000-0x0000000002C40000-memory.dmp

Filesize
32KB

Download
memory/1020-200-0x0000000002C40000-0x0000000002C48000-memory.dmp

Filesize
32KB

Download
memory/1020-212-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1020-201-0x0000000002C28000-0x0000000002C30000-memory.dmp

Filesize
32KB

Download
memory/1020-202-0x0000000002C90000-0x0000000002C98000-memory.dmp

Filesize
32KB

Download
memory/1020-203-0x0000000002C30000-0x0000000002C38000-memory.dmp

Filesize
32KB

Download
memory/1020-213-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1020-205-0x0000000002C98000-0x0000000002CA0000-memory.dmp

Filesize
32KB

Download
memory/1020-206-0x0000000002CA0000-0x0000000002CA8000-memory.dmp

Filesize
32KB

Download
memory/1020-210-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1020-208-0x0000000002CB0000-0x0000000002CB8000-memory.dmp

Filesize
32KB

Download
memory/1020-209-0x0000000002CB8000-0x0000000002CC0000-memory.dmp

Filesize
32KB

Download
memory/1020-207-0x0000000002CA8000-0x0000000002CB0000-memory.dmp

Filesize
32KB

Download
memory/1064-120-0x0000000000000000-mapping.dmp

Download
memory/1196-94-0x0000000000000000-mapping.dmp

Download
memory/1224-63-0x0000000000000000-mapping.dmp

Download
memory/1280-220-0x0000000000000000-mapping.dmp

Download
memory/1428-215-0x0000000000000000-mapping.dmp

Download
memory/1568-218-0x0000000000000000-mapping.dmp

Download
memory/1580-148-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1580-146-0x0000000002120000-0x0000000002148000-memory.dmp

Filesize
160KB

Download
memory/1580-141-0x0000000002148000-0x0000000002150000-memory.dmp

Filesize
32KB

Download
memory/1580-140-0x0000000002120000-0x0000000002148000-memory.dmp

Filesize
160KB

Download
memory/1580-139-0x0000000000000000-mapping.dmp

Download
memory/1604-186-0x00000000029C8000-0x00000000029D0000-memory.dmp

Filesize
32KB

Download
memory/1604-165-0x0000000002928000-0x0000000002930000-memory.dmp

Filesize
32KB

Download
memory/1604-177-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-178-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-179-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-180-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-181-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-182-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-184-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-174-0x0000000002930000-0x0000000002938000-memory.dmp

Filesize
32KB

Download
memory/1604-185-0x00000000029C0000-0x00000000029C8000-memory.dmp

Filesize
32KB

Download
memory/1604-176-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1604-173-0x0000000002990000-0x0000000002998000-memory.dmp

Filesize
32KB

Download
memory/1604-172-0x00000000029B8000-0x00000000029C0000-memory.dmp

Filesize
32KB

Download
memory/1604-171-0x00000000029A8000-0x00000000029B0000-memory.dmp

Filesize
32KB

Download
memory/1604-170-0x00000000029A0000-0x00000000029A8000-memory.dmp

Filesize
32KB

Download
memory/1604-169-0x00000000029B0000-0x00000000029B8000-memory.dmp

Filesize
32KB

Download
memory/1604-175-0x0000000002988000-0x0000000002990000-memory.dmp

Filesize
32KB

Download
memory/1604-167-0x0000000002998000-0x00000000029A0000-memory.dmp

Filesize
32KB

Download
memory/1604-164-0x0000000002940000-0x0000000002948000-memory.dmp

Filesize
32KB

Download
memory/1604-163-0x0000000002938000-0x0000000002940000-memory.dmp

Filesize
32KB

Download
memory/1604-162-0x00000000028F0000-0x0000000002918000-memory.dmp

Filesize
160KB

Download
memory/1604-151-0x0000000000000000-mapping.dmp

Download
memory/1624-79-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

Filesize
8KB

Download
memory/1652-160-0x0000000000000000-mapping.dmp

Download
memory/1652-136-0x0000000000000000-mapping.dmp

Download
memory/1684-55-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download
memory/1688-217-0x0000000000000000-mapping.dmp

Download
memory/1732-100-0x0000000000000000-mapping.dmp

Download
memory/1740-132-0x0000000000000000-mapping.dmp

Download
memory/1912-75-0x0000000000000000-mapping.dmp

Download
memory/1960-149-0x0000000000000000-mapping.dmp

Download
memory/1972-161-0x0000000000000000-mapping.dmp

Download