42d7ae998d701fd6ab9d8bdf8df4a13915a4fb8429578c5a6c5a216e3873b63b

Analysis

max time kernel
90s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
06-05-2022 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u221-windows-i586.exe
Size

66.3MB
MD5

87fbb2392ce499f3873da0bd8711171e
SHA1

f39e99c8480ab9feab4d872e8924599eeb5da398
SHA256

42d7ae998d701fd6ab9d8bdf8df4a13915a4fb8429578c5a6c5a216e3873b63b
SHA512

ac54870117799cd2a4dd4d18a3f865c695fecebeb0c0398df6f5cb5644aa0f651db4110cf0a8dac4dcae4ade7f0f47ef9835bf3fbb826ff588cfa43de2217b65

Score

10^/10

adware persistence stealer upx

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

svchost.exe

description pid process target process

PID 1364 created 4620 1364 svchost.exe installer.exe
Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exe

flow pid process

35 3900 msiexec.exe
37 3900 msiexec.exe

description	pid	process	target process
PID 1364 created 4620	1364	svchost.exe	installer.exe

flow	pid	process
35	3900	msiexec.exe
37	3900	msiexec.exe

Executes dropped EXE 12 IoCs

Processes:

jre-8u221-windows-i586.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exessvagent.exe

pid	process
3784	jre-8u221-windows-i586.exe
4620	installer.exe
4848	bspatch.exe
2300	unpack200.exe
4452	unpack200.exe
1988	unpack200.exe
948	unpack200.exe
1160	unpack200.exe
2280	unpack200.exe
1444	unpack200.exe
1548	javaw.exe
3880	ssvagent.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\bspatch.exe	upx

Loads dropped DLL 21 IoCs

Processes:

MsiExec.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exeinstaller.exessvagent.exe

pid	process
1144	MsiExec.exe
1144	MsiExec.exe
1144	MsiExec.exe
2300	unpack200.exe
4452	unpack200.exe
1988	unpack200.exe
948	unpack200.exe
1160	unpack200.exe
2280	unpack200.exe
1444	unpack200.exe
1548	javaw.exe
1548	javaw.exe
1548	javaw.exe
1548	javaw.exe
1548	javaw.exe
4620	installer.exe
4620	installer.exe
4620	installer.exe
4620	installer.exe
3880	ssvagent.exe
3880	ssvagent.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exeunpack200.exe

description	ioc	process
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-profile-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\jfxswt.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-crt-utility-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\orbd.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\meta-index	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\tnameserv.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy\messages_pt_BR.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\mlib_image.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\logging.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\rt.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-crt-heap-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\fxplugins.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\jsound.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-datetime-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\security\blacklist	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npdeployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\eula.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\JavaAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\ext\jfxrt.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-util-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-crt-filesystem-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\prism_common.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\sunmscapi.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\fonts\LucidaTypewriterBold.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy\splash_11@2x-lic.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\flavormap.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-synch-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\dt_socket.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy\messages_ja.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\ktab.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\jfr.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-localization-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\javacpl.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2native.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\jfr\default.jfc	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\COPYRIGHT	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\instrument.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-crt-private-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\currency.data	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\plugin.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\release	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcp140.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\javafx.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\management-agent.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy\messages.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\fonts\LucidaBrightItalic.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\fonts\LucidaSansRegular.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-processenvironment-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\decora_sse.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\awt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\javaws.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\ext\sunec.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\images\cursors\win32_MoveDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-crt-time-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\JAWTAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\policytool.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\api-ms-win-core-synch-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\charsets.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\jdwp.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\bin\jfxwebkit.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_221\lib\ext\nashorn.jar	installer.exe

Drops file in Windows directory 11 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\e56eef8.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7D1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA72.tmp	msiexec.exe
File created	C:\Windows\Installer\e56eef8.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F32180221F0}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAB1.tmp	msiexec.exe
File created	C:\Windows\Installer\e56eefb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI271.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin"	installer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0086-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0070-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0134-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_43"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0054-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0217-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_60"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0142-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_142"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0189-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_168"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0106-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0053-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_92"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0184-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0112-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_112"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0175-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0196-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_51"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0211-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0135-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0218-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0073-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_218"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0200-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_37"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0205-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0094-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0149-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_23"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0226-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0154-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_154"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0144-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_144"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0218-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe

Modifies registry class 64 IoCs

Processes:

installer.exessvagent.exemsiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0069-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_69"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0093-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0185-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0188-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBB}	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0132-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0133-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0194-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0126-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_30"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0112-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_48"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0103-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0108-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_88"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_31"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_52"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0187-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_187"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0081-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_81"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0125-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0144-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_144"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0210-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_210"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0222-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0062-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_62"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0217-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0120-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_67"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0215-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0108-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0122-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0162-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}	ssvagent.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238120120F\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0149-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_221\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0072-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0052-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_33"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_53"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0139-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0228-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

jre-8u221-windows-i586.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeIncreaseQuotaPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSecurityPrivilege	3900	msiexec.exe
Token: SeCreateTokenPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeAssignPrimaryTokenPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeLockMemoryPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeIncreaseQuotaPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeMachineAccountPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeTcbPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSecurityPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeTakeOwnershipPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeLoadDriverPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSystemProfilePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSystemtimePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeProfSingleProcessPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeIncBasePriorityPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeCreatePagefilePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeCreatePermanentPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeBackupPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeRestorePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeShutdownPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeDebugPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeAuditPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSystemEnvironmentPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeChangeNotifyPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeRemoteShutdownPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeUndockPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeSyncAgentPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeEnableDelegationPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeManageVolumePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeImpersonatePrivilege	3784	jre-8u221-windows-i586.exe
Token: SeCreateGlobalPrivilege	3784	jre-8u221-windows-i586.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe
Token: SeRestorePrivilege	3900	msiexec.exe
Token: SeTakeOwnershipPrivilege	3900	msiexec.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

jre-8u221-windows-i586.exe

pid process

3784 jre-8u221-windows-i586.exe
3784 jre-8u221-windows-i586.exe
3784 jre-8u221-windows-i586.exe
3784 jre-8u221-windows-i586.exe

Suspicious use of WriteProcessMemory 39 IoCs

Processes:

jre-8u221-windows-i586.exemsiexec.exeinstaller.exesvchost.exe

description	pid	process	target process
PID 3048 wrote to memory of 3784	3048	jre-8u221-windows-i586.exe	jre-8u221-windows-i586.exe
PID 3048 wrote to memory of 3784	3048	jre-8u221-windows-i586.exe	jre-8u221-windows-i586.exe
PID 3048 wrote to memory of 3784	3048	jre-8u221-windows-i586.exe	jre-8u221-windows-i586.exe
PID 3900 wrote to memory of 1144	3900	msiexec.exe	MsiExec.exe
PID 3900 wrote to memory of 1144	3900	msiexec.exe	MsiExec.exe
PID 3900 wrote to memory of 1144	3900	msiexec.exe	MsiExec.exe
PID 3900 wrote to memory of 4620	3900	msiexec.exe	installer.exe
PID 3900 wrote to memory of 4620	3900	msiexec.exe	installer.exe
PID 3900 wrote to memory of 4620	3900	msiexec.exe	installer.exe
PID 4620 wrote to memory of 4848	4620	installer.exe	bspatch.exe
PID 4620 wrote to memory of 4848	4620	installer.exe	bspatch.exe
PID 4620 wrote to memory of 4848	4620	installer.exe	bspatch.exe
PID 4620 wrote to memory of 2300	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 2300	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 2300	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 4452	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 4452	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 4452	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1988	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1988	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1988	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 948	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 948	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 948	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1160	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1160	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1160	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 2280	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 2280	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 2280	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1444	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1444	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1444	4620	installer.exe	unpack200.exe
PID 4620 wrote to memory of 1548	4620	installer.exe	javaw.exe
PID 4620 wrote to memory of 1548	4620	installer.exe	javaw.exe
PID 4620 wrote to memory of 1548	4620	installer.exe	javaw.exe
PID 1364 wrote to memory of 3880	1364	svchost.exe	ssvagent.exe
PID 1364 wrote to memory of 3880	1364	svchost.exe	ssvagent.exe
PID 1364 wrote to memory of 3880	1364	svchost.exe	ssvagent.exe

C:\Users\Admin\AppData\Local\Temp\jre-8u221-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u221-windows-i586.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048

C:\Users\Admin\AppData\Local\Temp\jds240551062.tmp\jre-8u221-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jds240551062.tmp\jre-8u221-windows-i586.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3784

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E5866F8CB2BE4010E24490A80A8A47B0
2⤵
- Loads dropped DLL
PID:1144

C:\Program Files (x86)\Java\jre1.8.0_221\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_221\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180221F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4620

C:\ProgramData\Oracle\Java\installcache\240588375.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
PID:4848

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2300

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:4452

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1988

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:948

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1160

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2280

C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_221\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_221\lib/ext/localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1444

C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1548

C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssvagent.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssvagent.exe" -doHKCUSSVSetup
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3880

C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
PID:2968

C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_221" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzIyMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8yMjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzIyMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:2104

C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
PID:2300

C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_221" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzIyMVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8yMjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzIyMVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMjIxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:3312

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6AE6F86A4DCD55DFEE948A3B3AB2D3BD E Global\MSI0000
2⤵
PID:3964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of WriteProcessMemory
PID:1364

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_221\bin\MSVCR100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\client\jvm.dll
Filesize
3.7MB

MD5
176fdd3515cb83f74c7bb9bfa18c5285

SHA1
dd09f397d18c83a908f4bd408f80d061d56bc4b7

SHA256
f4b2aa2f3c5bd170a172c809e98a8aa6bbf8ef32fc3237ad9d335a8fb2ada732

SHA512
d7686bf940f45fb7417fd6b0b62c9e60e31c10ff5a3f17a8b310a7fb2f56d262ec08273b60c9acb28a279166f4611f9f73f65de60f05670cee732037169f4ef2

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\client\jvm.dll
Filesize
3.7MB

MD5
176fdd3515cb83f74c7bb9bfa18c5285

SHA1
dd09f397d18c83a908f4bd408f80d061d56bc4b7

SHA256
f4b2aa2f3c5bd170a172c809e98a8aa6bbf8ef32fc3237ad9d335a8fb2ada732

SHA512
d7686bf940f45fb7417fd6b0b62c9e60e31c10ff5a3f17a8b310a7fb2f56d262ec08273b60c9acb28a279166f4611f9f73f65de60f05670cee732037169f4ef2

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\deploy.dll
Filesize
438KB

MD5
7d877df2752d0a6c4803d745297316f2

SHA1
e0ca439c2cc76ae25d9ad1c9db271be545d16616

SHA256
07a37ed064d830e8fbb129c2987031fb2c6abf4fcb722fcaefda4fc698ba518d

SHA512
528f7f2a10b3159a29e0aa0e0e81b79340ca085e99ac02d0393ad278529e18a1bcf24a2c670c372db3ffd456ed2b818f29cb29baf44f5b44259d38463955ac73

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\java.dll
Filesize
122KB

MD5
3dbb837b16f6773f91995ce05984db5b

SHA1
33416e89092187d411d17c885a6ef465abdc3d69

SHA256
fd9352c0a7fd9dba1f38985c981ed6846fa8ec3f20b3a929f33b6cb67c81b148

SHA512
3d6a91f93bda96b5390a5987cfc2233aab493836d076d9b56b86564e25fecf444cb5644caf2e65f96697865dc0e7a69f7f50695239b542b9be7abb8a02b3ca90

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\java.dll
Filesize
122KB

MD5
3dbb837b16f6773f91995ce05984db5b

SHA1
33416e89092187d411d17c885a6ef465abdc3d69

SHA256
fd9352c0a7fd9dba1f38985c981ed6846fa8ec3f20b3a929f33b6cb67c81b148

SHA512
3d6a91f93bda96b5390a5987cfc2233aab493836d076d9b56b86564e25fecf444cb5644caf2e65f96697865dc0e7a69f7f50695239b542b9be7abb8a02b3ca90

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\javaw.exe
Filesize
186KB

MD5
722aa58c18d0ab72363312521f4860ad

SHA1
49c11dfa65f2a5ade5a390f03130b81d76eb3a5b

SHA256
63ce53f92c8aff6cca8b606059e170525dc3c9bd1826b8db2f7f8d18afcac3f2

SHA512
6097fda0c9a2fe199b9599878c8f7e833f44defb9e5561edcb20a97eff6f30de45809245df8d2bccd646703b8107ddbeafe7c533f4bfcaf6f7cb7740ff68d00a

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\msvcr100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\unpack200.exe
Filesize
156KB

MD5
a94e5abe0eba235627581a897925a858

SHA1
9c17dd300462acd55836d82810163066c33467dd

SHA256
46ee1b27f5dbfe5ac4b768423bc836f0fb02ce6d897cfd0c8d0688408729bda4

SHA512
9ebeb0c0e47963d3a060da19ddc2b9b7ec767e730b688bae6c81674991023ae2fb08781e4c45acd19eb02f97520d36310e8a4bd09ab95d56b684f16686f6831b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\verify.dll
Filesize
38KB

MD5
3cda607bf9fd2b495345931911c8bc2b

SHA1
03c5e642aa642ca0221ea6f6a665924d69d6f355

SHA256
fdf5c87002d9809c976b92e296da76c97f3c8c108baf79ce99d05abb582e3ff5

SHA512
6b00d01efa275a57a56d90681d2eb86ed190f763554bdab6a660f2d0dcc7435567b38f93638a3842e163ae8b2b9284d6ba40a8f43f0261124d01799abece180b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\verify.dll
Filesize
38KB

MD5
3cda607bf9fd2b495345931911c8bc2b

SHA1
03c5e642aa642ca0221ea6f6a665924d69d6f355

SHA256
fdf5c87002d9809c976b92e296da76c97f3c8c108baf79ce99d05abb582e3ff5

SHA512
6b00d01efa275a57a56d90681d2eb86ed190f763554bdab6a660f2d0dcc7435567b38f93638a3842e163ae8b2b9284d6ba40a8f43f0261124d01799abece180b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\zip.dll
Filesize
68KB

MD5
e766430311a532c7103c0eef08678d86

SHA1
cf71c5dcddc935b18b87d26233d46a75aa6a7a82

SHA256
5491337a6a6883e029cebeca681f5bd0f4b246e9f89425c96a8f6ef7a049a465

SHA512
547d1718fe7602cbb37cf10a4f27a8a624ab3ec4bb7ab5fb621443b3ff61465fed515bc5687c1f561f4b38897f70a5fba151c3377ea57d39935ff0bbf2812128

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\bin\zip.dll
Filesize
68KB

MD5
e766430311a532c7103c0eef08678d86

SHA1
cf71c5dcddc935b18b87d26233d46a75aa6a7a82

SHA256
5491337a6a6883e029cebeca681f5bd0f4b246e9f89425c96a8f6ef7a049a465

SHA512
547d1718fe7602cbb37cf10a4f27a8a624ab3ec4bb7ab5fb621443b3ff61465fed515bc5687c1f561f4b38897f70a5fba151c3377ea57d39935ff0bbf2812128

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\installer.exe
Filesize
105.1MB

MD5
33502d83ec30d85a83cf92fa2df4b397

SHA1
b931f907f1ab0e6a2f67f78d39787de4d8a0404f

SHA256
2ba59d331f9555f69c2337367f01525a0f467a55902ae7445e5505dd01a3a4e9

SHA512
4f05da65f471d48006193b84d98be7e8f34afe1f7559e65a81f87a77d446f0c380f18ed4c24caf30ee73bf902ec11884ea5b4b12276f5d771c5e4957e2513ad4

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\installer.exe
Filesize
105.1MB

MD5
33502d83ec30d85a83cf92fa2df4b397

SHA1
b931f907f1ab0e6a2f67f78d39787de4d8a0404f

SHA256
2ba59d331f9555f69c2337367f01525a0f467a55902ae7445e5505dd01a3a4e9

SHA512
4f05da65f471d48006193b84d98be7e8f34afe1f7559e65a81f87a77d446f0c380f18ed4c24caf30ee73bf902ec11884ea5b4b12276f5d771c5e4957e2513ad4

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\charsets.jar
Filesize
2.9MB

MD5
94b7dc05ef2a09e9b9a482fb6bf4bd5d

SHA1
3e2f38dc1d3b904e98b7113c7fc98d058cd5af1e

SHA256
484f6a80df891a55d19bff3221c95eb2b9baec442fd409d0be5e3ba99de5812f

SHA512
04ab9a7ebf09ea8fac048c3c4fa3e2affa804f02eba7b4780e7f248525db17709cab642211dab4a229202d9ae0cd90b324dda79d7f51ba7e1768eee026da5b69

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\charsets.pack
Filesize
1.0MB

MD5
74658c920cd79f015564923bc04a0b15

SHA1
54fb7607905e89c8313c36055e985aa3aa7a2b00

SHA256
bfd63715b0653373308ab09dc2e2f8ba193cb080b743e7d06c08b47bfd97871b

SHA512
0a7a8e38b413780a4b162b7b8e5cd77332599b129e4d912a31febeab400076fcafa25d0edfb8a2142d31b76240b08a7f93a40b9ff3381172aa8e6d8eb6215456

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\classlist
Filesize
82KB

MD5
7fc71a62d85ccf12996680a4080aa44e

SHA1
199dccaa94e9129a3649a09f8667b552803e1d0e

SHA256
01fe24232d0dbefe339f88c44a3fd3d99ff0e17ae03926ccf90b835332f5f89c

SHA512
b0b9b486223cf79ccf9346aaf5c1ca0f9588247a00c826aa9f3d366b7e2ef905af4d179787dcb02b32870500fd63899538cf6fafcdd9b573799b255f658ceb1d

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\deploy.pack
Filesize
1.8MB

MD5
d735980f6f8cb5e9d0b03d84f9c82366

SHA1
d79d8b448ecc0b29a05acc6539461c897fd34e96

SHA256
7639a304c802bc5b8f6e1bc7ec23c43bd4058ceb150c043047db68e1065e149e

SHA512
d9e46e60c3da50a32d05d0317cb26f51b1e31e89d591b7011b7e7e8772982960aa9d774f9b48380cf9e8973399f2d80dd003bf7e4c0bb7f23d04276459a75b87

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\ext\localedata.pack
Filesize
1.3MB

MD5
127a1fec1c4ebffe0e5b4eaaf8ac3bcb

SHA1
f1ade95a44ebb7f21213e29efbf3bb1bb38a1270

SHA256
f188c580054b56eb2bab4da13616760fee044f5eb870932543c2d90f509b4233

SHA512
a48019dff5e286a3f5bf0a74db5b7fb3cebaed1e8cb905326d6ebd10e33e87906bc03453c8ba686f55d04a16595f431701a8ef6af9db74b0f1c518e5c67cfe65

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\i386\jvm.cfg
Filesize
623B

MD5
9aef14a90600cd453c4e472ba83c441f

SHA1
10c53c9fe9970d41a84cb45c883ea6c386482199

SHA256
9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1

SHA512
481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\javaws.pack
Filesize
209KB

MD5
41aabb69d037c10b25cd0e08bbe7055c

SHA1
695ff07c284884b4e73c1b9db4384589f43b2f62

SHA256
fd50c6fba7424fa613b7fb3b1d25e66eb26cdfc9b750790dbc481847f897f798

SHA512
aa0b6b0386d86c9eda814564a6f8e067f9056cb70739113697e2e209bc0b86d3dc1858a4ba87dbb7960b3868ed77107eac3c8b5a28afe25db1f7e758864db749

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\jce.jar
Filesize
112KB

MD5
8e442747088544e5ffd7505479fe059c

SHA1
5460adee09cc5fc8829c0acfc46c34670a7d70a0

SHA256
da325b8683c9b3b2b68dfd395b2797815cd7d915040a96c459380151f7e4351f

SHA512
7c76da68583fd63c89d50ec8504009f105db0b4bf9a6f2a9f23e903e0f89bf42b9a8b980b1abdab109a0a359d8950a915a8265776ace84975ada0b25203b8eef

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\jfr.jar
Filesize
547KB

MD5
41c6c82904ebd5aaec5db4aa4ca17712

SHA1
5766ffbc90a2ed1939d674ea4e427fdd9c0f6e1c

SHA256
1e6a185e8be10893ccc3216170e04a92a2e302db5b092108a591336298282b38

SHA512
ab653a7089866b8552ca7fe7a43e492f099c6d6a3a14dbc65b0d8763de6d2c91049e7eb4f02263d1c55306e1a4bc2170d62f1533d4a6095ec72b7ad3b4e71e87

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\jsse.jar
Filesize
604KB

MD5
618011d79c1cafee67567a6ef15abed1

SHA1
b2b6eeea77d21f1b39c1d7db946b9baf78780225

SHA256
ee41ee5f39a57ca0e8e80f9b5599df81734d2d141056cdae7c2370009fa02676

SHA512
3b4653db326c0ad6f7074495d2f5e2bad906b989a4a89e9a19247eda9f85e6704eab0f67a587a4b5ad41ee0333ccfb8f22eed217bbada583cb6df183900af9b8

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\jsse.pack
Filesize
166KB

MD5
c9fccafe9feec2599ba75b4c9c92cdab

SHA1
721a11f063400f3cc81a5b71858d17ef74e6fc42

SHA256
3d1babd8c7f16d151c531cf810f440d3524a220f21d9f23d031e2143b2d79a92

SHA512
051d403654034f1cdea9512873925ff8396edfff682c80173f3c543361e9c3acd387fe0a7e9d2b147b412a51ac148e6e5d79e35713f7eb403d8358018f16ac68

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\meta-index
Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\plugin.pack
Filesize
480KB

MD5
ac253f4ebf258cc1812afd228d81f2fd

SHA1
cf144daa841854641cae0d1aafd7edd0abb50819

SHA256
fc87229c93286bd15729b09ca3239ca15c73bd051a2ac1ddc85116e516d00326

SHA512
e4344baabc5e375cb05a787746dee3db94828f58cc3b07c94e8507034fadb937959ef0651ab8961b9e2ff1ac8f0fc5f56870d3276e9b886235f82bafbf5ac830

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\resources.jar
Filesize
3.3MB

MD5
06d6f3c8222fd6a53d8f37e49eb4d4f8

SHA1
3f2b97acb1223300af5c0b287a759dc499e39f87

SHA256
b66cb4f5521e899f26c80a2c487ce0ada72d05d8cafeefd65ceeb30e46869e3f

SHA512
c98176f8c84ff2d29d9e7e60db8524192661e29936b9be9eaa863d04baeba015c51b90664c3bb3fbb7ece29554daf164b23a4f3c277bc3518be08393aec8aaf6

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\rt.jar
Filesize
52.2MB

MD5
0d5e7cb4ad85f3fd510e033c5a290130

SHA1
045b4bb21f6ed18808b6d0965652dafd6773abd9

SHA256
3fd348adc3053cf4d3d0ec0848d027d55a1325a22b03a78e1970d3b18462c6ae

SHA512
3d47db3f252768c889df9b5d1e488485c42b836b6aa16e0469edd24c10194c6499981a47a9d07dfb622a4ebfa6d2ce5cdd602de0c5e653bb6a2f1eab2d71c650

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_221\lib\rt.pack
Filesize
13.3MB

MD5
df252d628344810d7d414dbc1684c1af

SHA1
c19e82661b8e63b2a4434b01c2c5a6e8e5f20d6a

SHA256
62041630d4b2de34b70de88773cffc5523122d56cf62d7c82453500e835e8b16

SHA512
cf3120f5378bbca2ef58cd825eae77a7ce4fa1c1b46dd791249356eda38be072739337aecce04acb8e4cc0c833913b20d166fae3f5c2eb2d1d00025d84ed970c

Download Submit
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\baseimagefam8
Filesize
67.7MB

MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\diff
Filesize
36.5MB

MD5
ab2d3475040b89074a28df3670aafac0

SHA1
f3139f07fdb2a8c5e13a72be8fbe532a6edb9834

SHA256
6651d22962749b6c10c515d6b5f63b46fd3b848d77a50d6e20d8e09b34b2aca6

SHA512
39ea590a5585167659b76d4194b29ae4c706962aeda7be2c92179d4fa8b34d4c7957e34efedb9ef8ad1201ac53b72829d1ad4391c3661ecabaa6f6eb1559d77b

Download Submit
C:\ProgramData\Oracle\Java\installcache\240588375.tmp\newimage
Filesize
121.4MB

MD5
f8085164a7a7903dea47ab099a9072f7

SHA1
a5265dabbc91d07881f592d8076caff9d49491ec

SHA256
0edaf4482ca75567afb7c8a8d603c49f14cc7f5838ba6f9abd443e30484a4fa6

SHA512
18e6adb67ece37a5e42fe8543a4f70dfcd5d82e74bc238e59ee3a0abd20a0d019e24fca9315e4d945cca7f43eb628de6cc7d49dde8d19363564f66c667f78e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_221\jre1.8.0_221.msi
Filesize
63.6MB

MD5
9dd8fcc25267015c5e58b7e97d0936f2

SHA1
004a39647b5132f16bf3912db88079d8d3fa7622

SHA256
1bed7925e011a3e861ebcfaab8b82823ee35e1677d45224b1f20a3f8b9da56cc

SHA512
4244adceeb1088a339d0e3f1859e190e37581f3b0884514100237cd0994f60c2fd5b876488f38e67982d2500a74c88f38a938dc6f52f1717ca2fb36f5c76f5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240551062.tmp\jre-8u221-windows-i586.exe
Filesize
66.0MB

MD5
e777b423a9a6502f0bb0e18188a4ec5d

SHA1
4bb023aca22c60906f6f54345733a8fa041e50ba

SHA256
5d638977f3c788bd86a550f1ac973511fd20edcb60b6ce5fe232250822434e8b

SHA512
97f45140c0288e8790ff39fdc0d80902727c8560415d8fe4346a489a0d38f3895c1797500fa784e8b3d0ea856d59940ecc9a4580a2c686f268e45b0890bd7814

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240551062.tmp\jre-8u221-windows-i586.exe
Filesize
66.0MB

MD5
e777b423a9a6502f0bb0e18188a4ec5d

SHA1
4bb023aca22c60906f6f54345733a8fa041e50ba

SHA256
5d638977f3c788bd86a550f1ac973511fd20edcb60b6ce5fe232250822434e8b

SHA512
97f45140c0288e8790ff39fdc0d80902727c8560415d8fe4346a489a0d38f3895c1797500fa784e8b3d0ea856d59940ecc9a4580a2c686f268e45b0890bd7814

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
d811a5543a2240733d0547eb89518f80

SHA1
223c72877890aaeedcc49a2ccaa99c7908e01bd6

SHA256
ce60f76f7707f3bc6f17343824a01e0b9a59d8ab8f198b173d44a6b67a326ce2

SHA512
29356e565a35c76af15aab5eb30371422c780d7d2682798068892800765df885658af8c72b70a00fbf04e8231484c46ceb1dde3fc87d1de8417e8eb4bb61e0ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
285KB

MD5
f5e1ff82b29fbe9f900ecf8c0d1327da

SHA1
b300f21e97bf5c4be8ad838cec4f93814c4196ec

SHA256
545446c6f178dcf712476974e289681a7246bf3768b68011f550a5b323cd540a

SHA512
b553e80385225aafb8ff9494fefd93032ff1c8c02c97bf57d30f1d791ffb08a5d044c29831a07085e502539741cd02393e352a6b0ee66db29d47640b46fc4309

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
305KB

MD5
2398d18ff02ceb9c2409f52bcd2427d8

SHA1
e13185f3e1e64797ef5b057c7f8a62118d0a9155

SHA256
3059550967c44d042b13f641df1c7e0914674c6a8019d5da18dedfc618db49a1

SHA512
c08c1bfaf49f84393c081734cc39b3dbed1bbfc82dd9ef079831b4c5318a68aa2eabb72a4c12080ddaa577cc9acdc8cd09bdbdc69b8c3a65e0f12047454c2121

Download Submit
C:\Windows\Installer\MSI271.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\MSI271.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\MSI7D1.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\MSI7D1.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\MSIAB1.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\MSIAB1.tmp
Filesize
391KB

MD5
5454e5dc2c2372fbebdee13524c1e86a

SHA1
f1e9a48ff7c472a9b8d46ca564736c8629ad1347

SHA256
7b05ad40944cc142b2ac22bd83c2573557cedbd32abd6becc3a5849a8b961878

SHA512
6320401d8eb3113bddab6e8ee04c77310ceaac2b42087101fd323e62e4eb6c480ecac8618e8fd98a7f5c2b5a6e6bcf1802c305e54ce786852af88ffc57b60af3

Download Submit
C:\Windows\Installer\e56eefb.msi
Filesize
63.6MB

MD5
9dd8fcc25267015c5e58b7e97d0936f2

SHA1
004a39647b5132f16bf3912db88079d8d3fa7622

SHA256
1bed7925e011a3e861ebcfaab8b82823ee35e1677d45224b1f20a3f8b9da56cc

SHA512
4244adceeb1088a339d0e3f1859e190e37581f3b0884514100237cd0994f60c2fd5b876488f38e67982d2500a74c88f38a938dc6f52f1717ca2fb36f5c76f5c3

Download Submit
memory/948-168-0x0000000000000000-mapping.dmp

Download
memory/1144-135-0x0000000000000000-mapping.dmp

Download
memory/1160-172-0x0000000000000000-mapping.dmp

Download
memory/1444-180-0x0000000000000000-mapping.dmp

Download
memory/1548-184-0x0000000000000000-mapping.dmp

Download
memory/1548-211-0x0000000002D10000-0x0000000004D10000-memory.dmp

Filesize
32.0MB

Download
memory/1988-164-0x0000000000000000-mapping.dmp

Download
memory/2104-263-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-260-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-232-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-259-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-256-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-243-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-238-0x0000000003740000-0x0000000005740000-memory.dmp

Filesize
32.0MB

Download
memory/2104-217-0x0000000000000000-mapping.dmp

Download
memory/2104-221-0x0000000001489000-0x000000000148E000-memory.dmp

Filesize
20KB

Download
memory/2104-223-0x0000000001489000-0x000000000148E000-memory.dmp

Filesize
20KB

Download
memory/2104-224-0x0000000001489000-0x000000000148E000-memory.dmp

Filesize
20KB

Download
memory/2104-226-0x0000000001489000-0x000000000148E000-memory.dmp

Filesize
20KB

Download
memory/2280-176-0x0000000000000000-mapping.dmp

Download
memory/2300-261-0x0000000000000000-mapping.dmp

Download
memory/2300-154-0x0000000000000000-mapping.dmp

Download
memory/2968-216-0x0000000000000000-mapping.dmp

Download
memory/3312-301-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-304-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-303-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-302-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-262-0x0000000000000000-mapping.dmp

Download
memory/3312-278-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-283-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-289-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3312-298-0x0000000002F10000-0x0000000004F10000-memory.dmp

Filesize
32.0MB

Download
memory/3784-130-0x0000000000000000-mapping.dmp

Download
memory/3880-215-0x0000000000000000-mapping.dmp

Download
memory/3964-305-0x0000000000000000-mapping.dmp

Download
memory/4452-160-0x0000000000000000-mapping.dmp

Download
memory/4620-143-0x0000000000000000-mapping.dmp

Download
memory/4848-148-0x0000000000000000-mapping.dmp

Download