51a8d363bee48c41e89fc5ff6b9659d93d9521d94b824df9cf907588c2246f44

Analysis

max time kernel
120s
max time network
179s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/12/2022, 21:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Minecraft Launcher.exe
Size

4.4MB
MD5

62da1cde5869df964fc628ab9d226fb4
SHA1

6b4ebcd1685180d4e4477f5a7e9c36138e2e9aed
SHA256

51a8d363bee48c41e89fc5ff6b9659d93d9521d94b824df9cf907588c2246f44
SHA512

d29dc55c6ef957e624f445ca746db1e0bc4ba543df6e4aea4dc2f0ed8284bab80ff6268dc834722d695044cd1bb32cd6ca2086327aee22312b3d33bbd6b33d97
SSDEEP

98304:9Gz4kB1F8O+ZJpzMkqvc+tymgjSnm2Mwp3CTua:9YBcO+P2kqvchunHMwp3CTua

Score

8^/10

adware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 14 IoCs

pid	Process
1100	JavaSetup8u351.exe
572	JavaSetup8u351.exe
1232	LZMA_EXE
1620	LZMA_EXE
2080	installer.exe
2188	bspatch.exe
2344	unpack200.exe
2392	unpack200.exe
2416	unpack200.exe
2448	unpack200.exe
2472	unpack200.exe
2504	unpack200.exe
2556	unpack200.exe
2604	javaw.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001c90a-139.dat	upx
behavioral1/files/0x000400000001c90a-141.dat	upx
behavioral1/files/0x000400000001c90a-142.dat	upx
behavioral1/files/0x000400000001c90a-146.dat	upx
behavioral1/files/0x000400000001c90a-145.dat	upx
behavioral1/files/0x000400000001c90a-144.dat	upx
behavioral1/memory/2188-150-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2188-155-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Loads dropped DLL 64 IoCs

pid	Process
1100	JavaSetup8u351.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
1304	MsiExec.exe
1304	MsiExec.exe
1304	MsiExec.exe
2080	installer.exe
2188	bspatch.exe
2188	bspatch.exe
2188	bspatch.exe
2080	installer.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2344	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2392	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe
2416	unpack200.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\javafx\public_suffix.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\images\cursors\invalid32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\classlist	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\deploy\messages.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\servertool.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\javafx\glib.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\pkcs11wrapper.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\unicode.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\xerces.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\cldrdata.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\sound.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-core-file-l1-2-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\client\Xusage.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\prism_d3d.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\vcruntime140.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\javafx_font.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\jcup.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\joni.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\jaccess.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\resources.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\jsdt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\management.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\pkcs11cryptotoken.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\santuario.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\release	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\jsse.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\deploy\messages_zh_HK.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\security\public_suffix_list.dat	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\glass.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\JAWTAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\jfxwebkit.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\zip.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\zipfs.jar	installer.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\java.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\verify.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-core-libraryloader-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-crt-convert-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\sunec.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\fonts\LucidaSansDemiBold.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\javafx\jpeg_fx.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\accessibility.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-core-interlocked-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\relaxngcc.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\fonts\LucidaBrightRegular.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\README.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\jfr.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\meta-index	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\nashorn.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\images\cursors\win32_MoveNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\legal\jdk\giflib.md	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\cmm\GRAY.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\cmm\LINEAR_RGB.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\ext\sunpkcs11.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\fontconfig.bfc	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\security\java.security	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-crt-string-l1-1-0.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\lib\security\policy\unlimited\local_policy.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_351\bin\API-MS-Win-core-xstate-l2-1-0.dll	installer.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\Installer\6d2721.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3595.tmp	msiexec.exe
File created	C:\Windows\Installer\6d2725.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d2721.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3066.tmp	msiexec.exe
File created	C:\Windows\Installer\6d2723.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3883.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI38C2.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c8074083401ad901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10465277401ad901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "209"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "266"	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "122"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da000000000200000000001066000000010000200000009914ee14c74b4239707df3a58a90707772b71813ecbb928818bd437553c77096000000000e8000000002000020000000b11a3e08f20eab641daab73b6c5beacb79d787752c8d249e536ffb48a656c00e90000000718e13adfe184653f21f5d501936f84058f6239ee572e17ec9d1a1e26a73feb6e08f20d4c2d0a54897e79036afb74e85ad81b21befee0cfef84de21c13c931f95d5f8b4dc9405e90bd92bd5bec383a7f552c549b10d6b5cae117f9ede7b0866b213e54b9b5e9d22a333486c2dc5409f9d98761a2452cde9b62cdcd549769f4240ef4e58675251453ff11a8e70777ebfc400000000d7ece1e9519ffd4111aa897117067bec71ffb1de7372ac443c896e755a2aa59c7bd7162d8d9bd584fd1c278d02f7ee5a404d5e4d435d37d86ba0bce36761c4c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	JavaSetup8u351.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378944168"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42"	IEXPLORE.EXE

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0134-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_134"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0087-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_79"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_40"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0131-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_131"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0135-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0197-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_77"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_25"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_76"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0192-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0146-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0151-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_151"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0172-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_88"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0214-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_47"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0051-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_69"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0131-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_15"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0163-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0067-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0168-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_175"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0184-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0074-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_140"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0060-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0136-ABCDEFFEDCBB}	installer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_10"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0152-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_32"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0112-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0057-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0120-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_34"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_95"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_162"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0120-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_78"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0076-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_76"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_41"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_80"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0054-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_54"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0096-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0067-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0194-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0044-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_86"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_43"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0216-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll"	installer.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1364	IEXPLORE.EXE
2268	mmc.exe
572	JavaSetup8u351.exe
2584	mmc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	572	JavaSetup8u351.exe
Token: SeIncreaseQuotaPrivilege	572	JavaSetup8u351.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeSecurityPrivilege	1928	msiexec.exe
Token: SeCreateTokenPrivilege	572	JavaSetup8u351.exe
Token: SeAssignPrimaryTokenPrivilege	572	JavaSetup8u351.exe
Token: SeLockMemoryPrivilege	572	JavaSetup8u351.exe
Token: SeIncreaseQuotaPrivilege	572	JavaSetup8u351.exe
Token: SeMachineAccountPrivilege	572	JavaSetup8u351.exe
Token: SeTcbPrivilege	572	JavaSetup8u351.exe
Token: SeSecurityPrivilege	572	JavaSetup8u351.exe
Token: SeTakeOwnershipPrivilege	572	JavaSetup8u351.exe
Token: SeLoadDriverPrivilege	572	JavaSetup8u351.exe
Token: SeSystemProfilePrivilege	572	JavaSetup8u351.exe
Token: SeSystemtimePrivilege	572	JavaSetup8u351.exe
Token: SeProfSingleProcessPrivilege	572	JavaSetup8u351.exe
Token: SeIncBasePriorityPrivilege	572	JavaSetup8u351.exe
Token: SeCreatePagefilePrivilege	572	JavaSetup8u351.exe
Token: SeCreatePermanentPrivilege	572	JavaSetup8u351.exe
Token: SeBackupPrivilege	572	JavaSetup8u351.exe
Token: SeRestorePrivilege	572	JavaSetup8u351.exe
Token: SeShutdownPrivilege	572	JavaSetup8u351.exe
Token: SeDebugPrivilege	572	JavaSetup8u351.exe
Token: SeAuditPrivilege	572	JavaSetup8u351.exe
Token: SeSystemEnvironmentPrivilege	572	JavaSetup8u351.exe
Token: SeChangeNotifyPrivilege	572	JavaSetup8u351.exe
Token: SeRemoteShutdownPrivilege	572	JavaSetup8u351.exe
Token: SeUndockPrivilege	572	JavaSetup8u351.exe
Token: SeSyncAgentPrivilege	572	JavaSetup8u351.exe
Token: SeEnableDelegationPrivilege	572	JavaSetup8u351.exe
Token: SeManageVolumePrivilege	572	JavaSetup8u351.exe
Token: SeImpersonatePrivilege	572	JavaSetup8u351.exe
Token: SeCreateGlobalPrivilege	572	JavaSetup8u351.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe
Token: SeRestorePrivilege	1928	msiexec.exe
Token: SeTakeOwnershipPrivilege	1928	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE
1748	iexplore.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
572	JavaSetup8u351.exe
2268	mmc.exe
2268	mmc.exe
2584	mmc.exe
2584	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 1748	912	Minecraft Launcher.exe	28
PID 912 wrote to memory of 1748	912	Minecraft Launcher.exe	28
PID 912 wrote to memory of 1748	912	Minecraft Launcher.exe	28
PID 912 wrote to memory of 1748	912	Minecraft Launcher.exe	28
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1364	1748	iexplore.exe	30
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1748 wrote to memory of 1100	1748	iexplore.exe	32
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 1100 wrote to memory of 572	1100	JavaSetup8u351.exe	33
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1232	572	JavaSetup8u351.exe	35
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 572 wrote to memory of 1620	572	JavaSetup8u351.exe	37
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 1304	1928	msiexec.exe	40
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 1928 wrote to memory of 2080	1928	msiexec.exe	43
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2188	2080	installer.exe	44
PID 2080 wrote to memory of 2344	2080	installer.exe	47
PID 2080 wrote to memory of 2344	2080	installer.exe	47
PID 2080 wrote to memory of 2344	2080	installer.exe	47
PID 2080 wrote to memory of 2344	2080	installer.exe	47

C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1364
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XNRFMOH\JavaSetup8u351.exe
    "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XNRFMOH\JavaSetup8u351.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\jds7130166.tmp\JavaSetup8u351.exe
      "C:\Users\Admin\AppData\Local\Temp\jds7130166.tmp\JavaSetup8u351.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies Internet Explorer settings
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:572
    - - C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE
        
        "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"
        5⤵
        Executes dropped EXE
        
        PID:1232
    - - C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE
        
        "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\jre1.8.0_351full.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp"
        5⤵
        Executes dropped EXE
        
        PID:1620

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B7295C0F91DCD031F84D2724460543C0
  2⤵
  - Loads dropped DLL
  PID:1304
- C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe
  "C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180351F0}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe
    "bspatch.exe" baseimagefam8 newimage diff
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2188
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/plugin.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2344
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/javaws.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2392
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/deploy.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2416
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/rt.jar"
    3⤵
    - Executes dropped EXE
    PID:2448
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/jsse.jar"
    3⤵
    - Executes dropped EXE
    PID:2472
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/charsets.jar"
    3⤵
    - Executes dropped EXE
    PID:2504
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_351\lib/ext/localedata.jar"
    3⤵
    - Executes dropped EXE
    PID:2556
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
    3⤵
    - Executes dropped EXE
    PID:2604
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup
    3⤵
    PID:2724
- - C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe
    "C:\Program Files (x86)\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent
    3⤵
    PID:2740
  - - C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe
      "C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
      4⤵
      PID:2760

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
PID:1712

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2496

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_351\bin\VCRUNTIME140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe

Filesize
174KB

MD5
4dad43f2b4cb8a53eeb96862d35d92b8

SHA1
80e125445706985e0a736f49c964070a5da12cdf

SHA256
ba1e9fb47f6afd7d22e170745cf8cf4641a88357b4e7effccc446b8486e6baed

SHA512
f65fc702e6324db2033f04732adb4172e9ecf737e05a4af90b66b7cd933107338bad0dbb68ccf0abb217058a153e6e9e567337ed3f63264600a775c2edf3f1eb

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_351\installer.exe

Filesize
111.5MB

MD5
df17b88720a2fe52476de4ed530f959e

SHA1
b452a00266f190b8ee9a941d3bb386b53395f1ce

SHA256
060c06fd8e8fea6097fc80949993f9a7580d1501698c7d28b86ff204cc96929d

SHA512
30c8c164f9cc7dca95f49953843d67adb3b1260a10b5395f370773345335367becba766867987a793512ea57e8a1cc51e7a4e66603d107ce0e57306e03ca543e

Download Submit
C:\ProgramData\Oracle\Java\installcache\7161584.tmp\baseimagefam8

Filesize
67.7MB

MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\7161584.tmp\diff

Filesize
42.9MB

MD5
2c4665487dc2e07936d2301e94e4d5b8

SHA1
9a0368248e18378bfaa40991006094fcd1208bb9

SHA256
a8e0403e19829af777cd8f1abe8f9b1d60cc65ac9fdeb3e7e78629cb9e1faf62

SHA512
70c06bd80fb7d90b47f3e1337bbae1206bcd03da9dc2e4f821cf62c8dd84d5350ca15012f109b2a581ed07c7582456c0f187a69a0b15584b04182ddbcc3ceb1b

Download Submit
C:\ProgramData\Oracle\Java\installcache\7161584.tmp\newimage

Filesize
126.6MB

MD5
9446260ab5de2c07c3fe42a9f0285653

SHA1
5bb3b5219129d553d96cf188f96e02ec6d0e58e1

SHA256
d628d97cf441fb8ce26456dfad9c48060d25ab0228673df01975e5209983d925

SHA512
8186456908c70357f762ec895fb81c062e5e3c8000fed2734f85e41f092c319b04c1ebc1c89773e385550710b7af276ca8bd42a31c9f87c4588285bf8b11a99f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
da5a9f149955d936a31dc5e456666aac

SHA1
195238d41c1e13448f349f43bb295ef2d55cb47a

SHA256
79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

SHA512
60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
992b60d86097d291c9051bf119c6a8a7

SHA1
dbe8ba8a529c1bf67b66446b730589eac1970b70

SHA256
f553eafe3e8efbd0d621f7952ae787dee8b9f2234681656884e492ed3a21d45a

SHA512
bc005f850e900d3837a33ece7ef6c0558377ce11627077e5baba59360c2f62918619d05083643252f621d6e60db6e1d86611f1da7d1630abf7d3a9bb66595bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

Filesize
727B

MD5
aac57b446523b4ac3892bc2da33e5855

SHA1
8f5195bf755b5b187682ef8e092c3497add579df

SHA256
3dfce9fd12087dff886d026d4eb156c27b3a8fac509f38c73fcf79789759d852

SHA512
7babcab7ba6d012176923c3be0b68614284c81a768076f813b8e09ac9f80cc945548f93be71a12ed17e33e52bcb19a2b01849d2390f7c95e67fd1741d2bdc881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
d08c40a7e7e25c86a59b163be0e2cc0b

SHA1
3130580bbbbe2d62950594198b5f7507962a5369

SHA256
b08ad68d4379a0e001f635c68ba2c0874efc1b0ae5a777b806f220e9e9cc8dd7

SHA512
31566685662e872461d734ebdc48c5a3c1cb729bfff09479c79fc1c4266d46f2434d01bfbc3c9608cd3854d47eaf9b5554e617e0ffdd8063f55e01954850c729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
ddaabfaeb5297284372f878514b35e01

SHA1
ebc6206a3396ec69635c289ab7dad4fb4715afd7

SHA256
d1b21e9ad22843f78e6f82422505f8396c06416a919bf97bf61383a44690be14

SHA512
24383dc912ec843f686751c3f3ec21d4c52396fbddd255e4990afbfd41c69057c73c580deb792769d766e5aff16c5ad4dbbc8e88a2972f85902dc661a5e41abf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
31f2e205f63d388ad806d774c515e83b

SHA1
583368bb418fc4a212eacf201992e1c7b27c60f0

SHA256
0765f580d87377687ac86aba5c193b6cf20e2e99df45ea5b91ffc977fa4af00d

SHA512
5672c431b1015298d62355eca2f78d92b36c95f88772ed70b98f5a55e5511d9ce199690dd136fbb1180a89a3c8aa9c36ad420659623d822d1d53c5e0ee87ff2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
de64c9d32d577a8ed2d9eeac535172da

SHA1
514f1b198aa68772f0be99369738d9ad1d046651

SHA256
d26f5dd7006765156df60b4b3dff384907fabeba20a254820ab5a688f66f5945

SHA512
f0aefb3b485974173c4331f2814eca9cc90ee953aa1248939777198a80a4a5b8e7a3fb19cbc84869023fa89c979736ab9e9c457e1edbd92a23b3e06a70b6eb4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

Filesize
434B

MD5
372ad33f8b48d057ea67d5d9ace4664b

SHA1
fb8b438db062d114b0971692f60e0433c6744f1f

SHA256
de2384dc710c7367dd6ff84ce4117a4a988f587aabb8c29505179727a6db5c53

SHA512
15e74d66f747c6876db74e1cdcd043b8698a3ea1f01dc37500b8477eaf0b267f44e3c5c48cb69699a4c94280bf131a10290ab5d9c6e78f485fe7c6ff7d4df67d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77d3a1db3b90315e7f15708e4200b968

SHA1
368fbf2479cb00993fd6e7b5e1206e8bab320360

SHA256
c8b96f931e538b8a3ef998c5ea075381e351bcce2200c56236ecb809be819edb

SHA512
689dbc7c5596b8bac4efb003d650474fe98aec58303097a86d3f4ddbf4a90c067910b3359ab1bf2a286b7912999a8ade0f086cd8ae94337ce6a38d3359aa69e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e55fce995103611df396a1ff491cc24

SHA1
0a2527945fa65d16752867bd185101c482587188

SHA256
ae439e1059b91c69187b6ca33b6e704aec1b5dd22ca7dd361a99ff407b5a2501

SHA512
91068860594747757274e0dddf6292feb82be4d04bf5cc034ac1956d5f1334e88fb50c358af9d8fd26b9f8dfe70be5d21b0d7a7f709f89af6036fa417fc388ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e21b11abaa3ece12866c14d4d994904

SHA1
8b340fcd53b8054a0d3fc647c12d6d89bba9d884

SHA256
2d6741c26d398c156c675f8f7b81756afe9bf3cf5d1552d3dcd86cd43905e7d7

SHA512
c05931e2c9d5220f85a67619d54d1245b9a6c37c443c35d99426af960bfbc4df1dfa53fe37cd3836b0ef99f45eda46a2613428dbba25199286cff5da1be4a18f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cae5400f387edc414ca7bac469d99411

SHA1
a0e8200c52ee0cfb7bc9cc393be3813dc044d2c8

SHA256
e04f1845c903a30430c7ef57cd8d585388b3961ff2b173944e938d3dd241d961

SHA512
c5f41d4c191273beb06ecafdbba9c1e6404bb1c2638503c68071c8e09c4cf15b70fa9cdc407aeaaeb204665968eee542ccd2b3522dade86e2a4e5602a25ccf7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
a1ebd96366828f0471d7be60e1af393c

SHA1
7e6339ba464cdac391263625b0dd0ad38dc198d5

SHA256
0128230e2e6d26e7ce876122ce13b0229e5cbe8c57ae44dd24d31c6d2115b7c6

SHA512
8670966cef99c187760f11fabee6d79bd8e191217e7ce7cdf88e3671ca6c55a31f52a5a6837b4178971379d2716409c420db5532cca7182a914dac83daaeee48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
c9af735eb3ff6de3bf6883dc96d7dad3

SHA1
4bac2a245fc95861de5092064aa6c9225fdfd4d8

SHA256
eb3fea02b705f6a964bbfd0dbc9c254e5ce7ae6d587200d6f90c40aa383be69e

SHA512
b752863c21b6b3da7b6f544a23eeeec011b0fb62d8bed07511101b75524260d2358a8bdde6109b307b9e02a9b6ac43557c0178df866d1f540c28f0cd8245c738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bf5162e40d915233d063b1cd5f64f2b6

SHA1
66d47b83fe01013a3bbc4c4cb01a3fd2b9bfd186

SHA256
436e928d7bf2bedb8d0cf2299a884d670e4d62c1042197cd2b81c0524b92990a

SHA512
25d13350d6cb4c52a426c0a77e4e298b6d4b8a60990651ca39fe0fc7f97fc6dd6ff5f0d6ef297a92d618f7d9e9ca4ee93798a797c0f5a30510880ca3e0a49885

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\au.msi

Filesize
845KB

MD5
8eb92668c434cd93215b9981a9683fc4

SHA1
5b087204c1c7e1b985b11b7fcbfcb70e323ff79d

SHA256
bb3234ffa8ab178f621475a9415b46f29571dbb24fd75ddc590f4be6d6369779

SHA512
9e4cccf3ce7bc34c220528b5d206f35fc0a1355531511fbb414af01f09c19e579ff8e027b8125049dfd417ad284661832759ec2f0fb260371e471db02203f058

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\jre1.8.0_351full.msi

Filesize
70.0MB

MD5
2a16688489648f78ee304dce7734d0dd

SHA1
aa4c78aa153215068c52bdaeb0f88a5702f7cca6

SHA256
5fa5ae20eb7d3055f5f70c7bbd89361e299a3573f2bfc09de5f4f9b8f6ba7bc2

SHA512
bb6dbe10a70bc6a84884d71c18b7b3ef333b55eb5aa0c558f5bfc9f6c1cdbf939e1a198903469cb3104051e04ae2418f0b7fdbe4dfb35de5843593a5dac7441f

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp

Filesize
1016KB

MD5
b4db0cceb5714378be3ccd4535d3aa4c

SHA1
7611e868ba040b0936ff56e0c9b6929042d7a49a

SHA256
9687cc0d7d5a60d7e9669d775b2e7255f9f578e3cb7086a3e2c114175f3a87bc

SHA512
f69232951f638247f87403cd3a861c84c084bfa8adb501a4ffa1984c3d2e6a963193d49744e0c59b21a8cf683dddb09f567ce088dabca9f1b163fe1b3cb0324f

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\msi.tmp

Filesize
70.4MB

MD5
46769c6677f963cc4dc772f31350d20b

SHA1
42bc2fe2b629d1f7ad729db2c5bac9009291c961

SHA256
1eb15f60ea7bb0c7b4e5cc7e75fd5e7c0441ad689c90ebc96ab3008a29be2ba7

SHA512
436e0d7f8b281b21228262a848ea712542cee4ce98138bfb57a34c6157eea144dd7430b981b6255c0a301a1787aaee171144fea572e41e934d815ff9706adb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
2KB

MD5
bc3e89c37f6ff9aa36d4e0504104267d

SHA1
1f6620696c0b33d632d62eb83e74ceb7633a0b16

SHA256
6971993b0ab53921a41773984565a4a2a69b8202e314c3e7567edb77ee505acc

SHA512
039fec5117943d1aad883fd63dd50d212e86b3ad129cb106be9cfd4139702d133f6038276fe1e5ad83afcfd11be1b51f2ebfac9b599db2693e011ad09d2a782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
11KB

MD5
686897d7e358a72fbdba2c096f9b3d2c

SHA1
2ab96f797c4f2f2fe7a5472cb54a3555445b26f0

SHA256
60c8f0ed37f9a7e1c4f7e32828468360f1aab902aecb81d1ddb6efdddf110997

SHA512
9698c93951f55e082bd4d70b67798ef44fd98edf1d4449c8996fb569a7311151a303a8410ad76287ffacf28b228644d542a30b8a77a1ca25c7dee2c2ee46fa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
11KB

MD5
686897d7e358a72fbdba2c096f9b3d2c

SHA1
2ab96f797c4f2f2fe7a5472cb54a3555445b26f0

SHA256
60c8f0ed37f9a7e1c4f7e32828468360f1aab902aecb81d1ddb6efdddf110997

SHA512
9698c93951f55e082bd4d70b67798ef44fd98edf1d4449c8996fb569a7311151a303a8410ad76287ffacf28b228644d542a30b8a77a1ca25c7dee2c2ee46fa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
12KB

MD5
0c66bc5adeef32c877e1fe19ed79b415

SHA1
4238b3edfbbff2de5a74b34c68b79d851a5c45cc

SHA256
9618a0b2887b6a4cbb3690e83d482fb6f26b9b1212c341083d3d92fde613b222

SHA512
5493541b76427e3b2d0f12892d23997a7b09b1be1492f611b35a0dfbe23eaed0b4c76dd5567c88ef56097dbc7ba028dd13692cc90dd11a65a0ed033f40514082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XNRFMOH\JavaSetup8u351.exe

Filesize
2.2MB

MD5
82bc7b7e2716e6a631952daa1be4037e

SHA1
83ba6ede5983dd59b8e77439fd84e7b8085ee487

SHA256
3fa3ff57f229e3db478be90f6ce92a39f5043caffac116247b3430eb36f40b96

SHA512
35559edcf9dc2cb4740a1537bec5249ecfe306f7036f736b578fd07b6236ae3453b0a6e4d801e82506fa2ae770d7c80219af056e2313c3484b4474e1320885a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XNRFMOH\JavaSetup8u351.exe.ytrf7cf.partial

Filesize
2.2MB

MD5
82bc7b7e2716e6a631952daa1be4037e

SHA1
83ba6ede5983dd59b8e77439fd84e7b8085ee487

SHA256
3fa3ff57f229e3db478be90f6ce92a39f5043caffac116247b3430eb36f40b96

SHA512
35559edcf9dc2cb4740a1537bec5249ecfe306f7036f736b578fd07b6236ae3453b0a6e4d801e82506fa2ae770d7c80219af056e2313c3484b4474e1320885a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7130166.tmp\JavaSetup8u351.exe

Filesize
1.9MB

MD5
f39998ce3424007f4e5772d547a69fbc

SHA1
071f69e3f29f4d30006358a249c12cda7ac9b636

SHA256
cb9818a058f448dabe8b045ac3ef06ef4973fa3e4996cc035f779672a0397715

SHA512
5b7fb094159170dbc2144678799c6b273b2eb62deef143036b63f7472c41e1a9a9ae991ed8c4b4df411e641cd387e3e3d125d497098d636213cc8915d8d2e853

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7130166.tmp\JavaSetup8u351.exe

Filesize
1.9MB

MD5
f39998ce3424007f4e5772d547a69fbc

SHA1
071f69e3f29f4d30006358a249c12cda7ac9b636

SHA256
cb9818a058f448dabe8b045ac3ef06ef4973fa3e4996cc035f779672a0397715

SHA512
5b7fb094159170dbc2144678799c6b273b2eb62deef143036b63f7472c41e1a9a9ae991ed8c4b4df411e641cd387e3e3d125d497098d636213cc8915d8d2e853

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
40KB

MD5
e058f399c8121fd06b8185112e5bd3cb

SHA1
0a4b1d78ead451d7bbf1ee9d0d5ee54371931cd9

SHA256
f77cfed354ece963c1a1e60f2ac9169492ace8c65c6d78c8f3b3d0a56a5cb57f

SHA512
d26d4f48f7dcdf839b468eee9c91511e72083b881b2f35b98ad9260a50e79f41b4dafb41c077aa423fea0e74c3749c1ccb437595df368a71b010b74a988e4b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
52KB

MD5
fe325271a97834d1cb20402d4051e735

SHA1
a9ffc22e0fb9f1ccc1b5be170db660f52e067b73

SHA256
41f1e5841f4a7a3e95eb7f1043c19af1a7b3133856b30f20011acc55e8de89c2

SHA512
46ff1ae0d0272d36562d708bc25525e63692b137ac92d6fe28acf89eb86a245df777d112ec615a7122e94658496e09db640ced0831577d80ea8ca3a9673a8e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
1KB

MD5
cabffeb36f1b3029fb75a1765f80fda8

SHA1
9ab735fc8f66292ccfd41ce776dec045be5cf7c2

SHA256
a31b9ff12d697d966b387f67cce99a18b63f1b53277689c028a80da4c97ba135

SHA512
85e736d318beada45d1264cf62040e95895f2b2d7259f003849cf719f197ca0404da95f6b3eddc659beddd87e3854c176448bae6564fdd08a9bcda3a1c124335

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AUNIR82W.txt

Filesize
608B

MD5
e9c9fb56632b99e64ae1a9be6257a2af

SHA1
ff47dd70fa69834d1419642bd5e6620c19269b7b

SHA256
24d86339941ca00fae08c2c10081013d3e4d89bb55d7a7aa41e4d04ce88b26a5

SHA512
b39ff754268b4eaa7621b0ccdefe02c0db90e5e0a8fa9e2aeb5286e5dd15d194758fa5810879f2c24ff5dd807de4af4eddf3a96847ed69451eff35276d3110eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W08V9YH7.txt

Filesize
512B

MD5
b085964eb6e2499ea4290da961053144

SHA1
7fdae59564bd386a8b0680d8b86cd0370c7d7f9b

SHA256
62c0b96cf9aecc02b4c3f456f10008636fb7bbddccacd81d9b8fdd7c743e13e3

SHA512
8258c7596991d9ab051c383f8f99e135383fcce968a07073e20a59a4311cff02bc72e0c6c8c4b9cec3b5f8fd8fd650cc38c6cff4f0f88320d96524821c24728d

Download Submit
C:\Windows\Installer\6d2725.msi

Filesize
70.4MB

MD5
46769c6677f963cc4dc772f31350d20b

SHA1
42bc2fe2b629d1f7ad729db2c5bac9009291c961

SHA256
1eb15f60ea7bb0c7b4e5cc7e75fd5e7c0441ad689c90ebc96ab3008a29be2ba7

SHA512
436e0d7f8b281b21228262a848ea712542cee4ce98138bfb57a34c6157eea144dd7430b981b6255c0a301a1787aaee171144fea572e41e934d815ff9706adb07

Download Submit
C:\Windows\Installer\MSI3066.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
C:\Windows\Installer\MSI3595.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
C:\Windows\Installer\MSI38C2.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
\Program Files (x86)\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
\Program Files (x86)\Java\jre1.8.0_351\bin\unpack200.exe

Filesize
174KB

MD5
4dad43f2b4cb8a53eeb96862d35d92b8

SHA1
80e125445706985e0a736f49c964070a5da12cdf

SHA256
ba1e9fb47f6afd7d22e170745cf8cf4641a88357b4e7effccc446b8486e6baed

SHA512
f65fc702e6324db2033f04732adb4172e9ecf737e05a4af90b66b7cd933107338bad0dbb68ccf0abb217058a153e6e9e567337ed3f63264600a775c2edf3f1eb

Download Submit
\Program Files (x86)\Java\jre1.8.0_351\bin\vcruntime140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache\7161584.tmp\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\Local\Temp\jds7130166.tmp\JavaSetup8u351.exe

Filesize
1.9MB

MD5
f39998ce3424007f4e5772d547a69fbc

SHA1
071f69e3f29f4d30006358a249c12cda7ac9b636

SHA256
cb9818a058f448dabe8b045ac3ef06ef4973fa3e4996cc035f779672a0397715

SHA512
5b7fb094159170dbc2144678799c6b273b2eb62deef143036b63f7472c41e1a9a9ae991ed8c4b4df411e641cd387e3e3d125d497098d636213cc8915d8d2e853

Download Submit
\Windows\Installer\MSI3066.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
\Windows\Installer\MSI3595.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
\Windows\Installer\MSI38C2.tmp

Filesize
601KB

MD5
bbed445fd227324054eab65b74115170

SHA1
b84c37d0fa489624cd7b2c50a6ea8ec9d130eb4a

SHA256
5d523cf6795d8ef9503a781e4cfe24a432e3ea15f145264a28b41b8eaba0f1d8

SHA512
4ecb71be9c688c08c1a4099efec117698379f06392bdb87a6a6ad05180872973a8323822bf5bebbc56b382daeee6048328cc71c252ba41ac358d739946afcf05

Download Submit
memory/912-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download
memory/1384-133-0x000000006EA61000-0x000000006EA63000-memory.dmp

Filesize
8KB

Download
memory/1928-115-0x000007FEFC191000-0x000007FEFC193000-memory.dmp

Filesize
8KB

Download
memory/2080-148-0x0000000000190000-0x00000000001A7000-memory.dmp

Filesize
92KB

Download
memory/2080-157-0x0000000000190000-0x00000000001A7000-memory.dmp

Filesize
92KB

Download
memory/2188-150-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2188-155-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2188-152-0x00000000001C0000-0x00000000001D7000-memory.dmp

Filesize
92KB

Download
memory/2188-151-0x00000000001C0000-0x00000000001D7000-memory.dmp

Filesize
92KB

Download
memory/2268-154-0x000007FEF5DB0000-0x000007FEF5DEA000-memory.dmp

Filesize
232KB

Download
memory/2584-182-0x000007FEF6170000-0x000007FEF61AA000-memory.dmp

Filesize
232KB

Download
memory/2760-204-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-210-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-215-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-216-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-218-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-220-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-222-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-224-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-226-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download
memory/2760-228-0x0000000002700000-0x0000000004700000-memory.dmp

Filesize
32.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads