ea04fa0a4191001206744c948dbf1a810a633fd760f699c16b60386c66a6b6b7

Resubmissions

04/02/2023, 20:02

230204-yr9cpshg21 8

Analysis

max time kernel
87s
max time network
170s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/02/2023, 20:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Minecraft Launcher.exe
Size

4.4MB
MD5

be214f4374142dfa548ac39eca507e94
SHA1

3e2279a0eb74ae3dcf2d60cd6ed33a3fd45fa304
SHA256

ea04fa0a4191001206744c948dbf1a810a633fd760f699c16b60386c66a6b6b7
SHA512

c16f7b2d8c4fd6b0aad0f4061a8c2b8617f1dc09d696ab6e28ee8e87c661713a5fba34c3916f6477731f36f49ea74cc0c557e73ac05d07807576259eda7c4a00
SSDEEP

98304:XfZt4EJC5UiDvZpHMM+5rFp3tSjiZmJXbICNqI6:XxzJZiDR6M+5roOZkXbICNqI6

Score

8^/10

adware stealer

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
150	2356	msiexec.exe

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
888	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
2128	LZMA_EXE
2176	LZMA_EXE
2600	installer.exe
2632	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
888	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
2476	MsiExec.exe
2476	MsiExec.exe
2476	MsiExec.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2632	javaw.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe
2600	installer.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File opened for modification	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll	installer.exe
File created	C:\Windows\SysWOW64\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-libraryloader-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\java.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\rt.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-console-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\security\public_suffix_list.dat	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\messages_es.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\fonts\LucidaBrightRegular.ttf	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\security\policy\unlimited\local_policy.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\fontconfig.properties.src	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\images\cursors\win32_LinkDrop32x32.gif	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\fxplugins.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\security\java.policy	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\ffjcext.zip	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\deploy.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\verify.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\messages_it.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-console-l1-2-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\messages_zh_TW.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\hprof.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\jdk\relaxngdatatype.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\images\cursors\invalid32x32.gif	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7158698\java.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\jdk\pkcs11cryptotoken.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\COPYRIGHT	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\jfxswt.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\javafx\public_suffix.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\images\cursors\win32_LinkNoDrop32x32.gif	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\jli.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\mlib_image.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\javafx\directshow.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\splash.gif	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\msvcp140.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\management-agent.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\jdk\dom.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-crt-time-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\security\blacklisted.certs	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\cmm\sRGB.pf	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\management\jmxremote.password.template	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\legal\jdk\dynalink.md	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\pack200.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\cmm\GRAY.pf	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\messages_ko.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-handle-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\i386\jvm.cfg	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-crt-utility-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\plugin2\msvcp140.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\deploy\messages_pt_BR.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\dcpr.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssvagent.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\java-rmi.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\ext\access-bridge-32.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2ssv.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\rmiregistry.exe	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\plugin.jar	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\THIRDPARTYLICENSEREADME-JAVAFX.txt	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-util-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\lib\images\cursors\cursors.properties	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\eula.dll	msiexec.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_361\bin\jsound.dll	msiexec.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\Installer\6d10c8.msi	msiexec.exe
File created	C:\Windows\Installer\6d10c4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d10c4.msi	msiexec.exe
File created	C:\Windows\Installer\6d10c6.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI210E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI17A9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1D83.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2061.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 003c0b37dc38d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "266"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42"	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "266"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63081121-A4CF-11ED-8589-FE63F52BA449} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229"	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000a4a3ae3d3e6237495b0eaedfd3804b8ea931e537225635371409f12d0f646911000000000e80000000020000200000007e1f49629c1107ded4a01ccb22deaea9762a680d69cc14b24aa2c5169ab80f93200000005215ba4563f40154d2f0658d2f157a18b5a814088c7cb0292066cecc12e145da4000000070be6be9b8babcaaaeba98f2685d65e2e195ac876c6a50c8396c85aff5eae6a5f36871b160bc0e63d631afda1b5cd803de39506c65759fb2e900cd02117dbba5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe"	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c0dc2edc38d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382309590"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42"	IEXPLORE.EXE

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_43"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_125"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0070-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_137"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0120-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0185-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_219"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_99"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_160"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_188"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0198-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_198"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0209-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_209"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0220-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_37"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0091-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_174"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0085-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_85"	installer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0059-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_07"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0131-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0183-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_183"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0221-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.0_01"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_04"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0164-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_164"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_129"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0215-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_94"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_97"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_34"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_95"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_23"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_64"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_138"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0198-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0198-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_198"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_39"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0081-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_81"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0101-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_30"	installer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1780	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1580	JavaSetup8u361.exe
Token: SeIncreaseQuotaPrivilege	1580	JavaSetup8u361.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeSecurityPrivilege	2356	msiexec.exe
Token: SeCreateTokenPrivilege	1580	JavaSetup8u361.exe
Token: SeAssignPrimaryTokenPrivilege	1580	JavaSetup8u361.exe
Token: SeLockMemoryPrivilege	1580	JavaSetup8u361.exe
Token: SeIncreaseQuotaPrivilege	1580	JavaSetup8u361.exe
Token: SeMachineAccountPrivilege	1580	JavaSetup8u361.exe
Token: SeTcbPrivilege	1580	JavaSetup8u361.exe
Token: SeSecurityPrivilege	1580	JavaSetup8u361.exe
Token: SeTakeOwnershipPrivilege	1580	JavaSetup8u361.exe
Token: SeLoadDriverPrivilege	1580	JavaSetup8u361.exe
Token: SeSystemProfilePrivilege	1580	JavaSetup8u361.exe
Token: SeSystemtimePrivilege	1580	JavaSetup8u361.exe
Token: SeProfSingleProcessPrivilege	1580	JavaSetup8u361.exe
Token: SeIncBasePriorityPrivilege	1580	JavaSetup8u361.exe
Token: SeCreatePagefilePrivilege	1580	JavaSetup8u361.exe
Token: SeCreatePermanentPrivilege	1580	JavaSetup8u361.exe
Token: SeBackupPrivilege	1580	JavaSetup8u361.exe
Token: SeRestorePrivilege	1580	JavaSetup8u361.exe
Token: SeShutdownPrivilege	1580	JavaSetup8u361.exe
Token: SeDebugPrivilege	1580	JavaSetup8u361.exe
Token: SeAuditPrivilege	1580	JavaSetup8u361.exe
Token: SeSystemEnvironmentPrivilege	1580	JavaSetup8u361.exe
Token: SeChangeNotifyPrivilege	1580	JavaSetup8u361.exe
Token: SeRemoteShutdownPrivilege	1580	JavaSetup8u361.exe
Token: SeUndockPrivilege	1580	JavaSetup8u361.exe
Token: SeSyncAgentPrivilege	1580	JavaSetup8u361.exe
Token: SeEnableDelegationPrivilege	1580	JavaSetup8u361.exe
Token: SeManageVolumePrivilege	1580	JavaSetup8u361.exe
Token: SeImpersonatePrivilege	1580	JavaSetup8u361.exe
Token: SeCreateGlobalPrivilege	1580	JavaSetup8u361.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
1580	JavaSetup8u361.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
1600	iexplore.exe
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
1600	iexplore.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe
1580	JavaSetup8u361.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1600	1588	Minecraft Launcher.exe	28
PID 1588 wrote to memory of 1600	1588	Minecraft Launcher.exe	28
PID 1588 wrote to memory of 1600	1588	Minecraft Launcher.exe	28
PID 1588 wrote to memory of 1600	1588	Minecraft Launcher.exe	28
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 1780	1600	iexplore.exe	30
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 1600 wrote to memory of 888	1600	iexplore.exe	32
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 888 wrote to memory of 1580	888	JavaSetup8u361.exe	33
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2128	1580	JavaSetup8u361.exe	35
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 1580 wrote to memory of 2176	1580	JavaSetup8u361.exe	37
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2476	2356	msiexec.exe	40
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2356 wrote to memory of 2600	2356	msiexec.exe	41
PID 2600 wrote to memory of 2632	2600	installer.exe	42
PID 2600 wrote to memory of 2632	2600	installer.exe	42
PID 2600 wrote to memory of 2632	2600	installer.exe	42
PID 2600 wrote to memory of 2632	2600	installer.exe	42

C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1780
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\JavaSetup8u361.exe
    "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\JavaSetup8u361.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\jds7126063.tmp\JavaSetup8u361.exe
      "C:\Users\Admin\AppData\Local\Temp\jds7126063.tmp\JavaSetup8u361.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE
        
        "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp"
        5⤵
        Executes dropped EXE
        
        PID:2128
    - - C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE
        
        "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\jre1.8.0_361.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp"
        5⤵
        Executes dropped EXE
        
        PID:2176

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5F4771C7573891DC7427E1723459C485
  2⤵
  - Loads dropped DLL
  PID:2476
- C:\Program Files (x86)\Java\jre1.8.0_361\installer.exe
  "C:\Program Files (x86)\Java\jre1.8.0_361\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_361\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180361F0}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe
    "C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2632
- - C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssvagent.exe
    "C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssvagent.exe" -doHKCUSSVSetup
    3⤵
    PID:2816
- - C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe
    "C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -permissions -silent
    3⤵
    PID:2828
  - - C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe
      "C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
      4⤵
      PID:2848
- - C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe
    "C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -shortcut -silent
    3⤵
    PID:316
  - - C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe
      "C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
      4⤵
      PID:1280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\client\jvm.dll

Filesize
3.8MB

MD5
9544b9113212187322433e63957facfb

SHA1
aa6a5404a745a6c683b055b26eccec151234ee68

SHA256
8249bcff9a8d9aa7e580076e2c84147571270eb27c74a7dc8df52a447b123d86

SHA512
c65ba9dd79ed41f92515280c9f87b94b5495daafc614b708d62fee2307fe51293c829651db070ca2cfe8eb0122dff013be815c0cf58770bc75eddbc5d2360fc6

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\java.dll

Filesize
139KB

MD5
286bba6f961e7d873d5c84f57cd1118a

SHA1
c659530ae34fabc24dc6fb55f37485a8d0bca2d0

SHA256
4f068301312fab1d1fd3e3ea0bcd87c4f730f69031337decb343b9ecb5028984

SHA512
c03ad585fd3f486448c86831f93118575b3586fac79f55448daa794ba6be95fc2a1595186d6c8b7881303b3cd1226b2eb10b7bdbc59a457384ba1340daabf058

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe

Filesize
243KB

MD5
71ac3db0e1d4363ff8695ca610af1ae4

SHA1
35ee53d9c6b541f4e9422875fb5a246d975afc85

SHA256
fbc762cd79977cee061bc9d2bf19c9687856759afec067121cce58e1cc124d2c

SHA512
53a75165d3a4683573f7d16015bda25cbfdabb8981ca8ffd0789105a6cdbf9a02f4e7a71b47efc581c14a90fd54760e4e7dc6e9786abc325a190c945b67cffb8

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe

Filesize
243KB

MD5
71ac3db0e1d4363ff8695ca610af1ae4

SHA1
35ee53d9c6b541f4e9422875fb5a246d975afc85

SHA256
fbc762cd79977cee061bc9d2bf19c9687856759afec067121cce58e1cc124d2c

SHA512
53a75165d3a4683573f7d16015bda25cbfdabb8981ca8ffd0789105a6cdbf9a02f4e7a71b47efc581c14a90fd54760e4e7dc6e9786abc325a190c945b67cffb8

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\ucrtbase.DLL

Filesize
1.1MB

MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\bin\vcruntime140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\installer.exe

Filesize
853KB

MD5
87706ed4a1182eba06403297a4e82b54

SHA1
1dc5a582f3c636ff4b1d584691b79a2efb1bf971

SHA256
409b73823b06416f140d1c77214788eb33873ba7ce9be2e012826c52cd3339e3

SHA512
796d7df635532a1db788f591ad9226d0e63ce84d306662265d30327536dd1318f91e51663bc0ee7df49569d681c36e802c461cedeccc3826b9f68260a243ac4e

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\lib\i386\jvm.cfg

Filesize
623B

MD5
9aef14a90600cd453c4e472ba83c441f

SHA1
10c53c9fe9970d41a84cb45c883ea6c386482199

SHA256
9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1

SHA512
481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_361\lib\rt.jar

Filesize
53.2MB

MD5
32a3259b2753bf46dd1d6db41bfde524

SHA1
c4deb978992124134cf71d6b48af8fd3dfab8072

SHA256
e37b804af67aee09c8852ee666268970a17b71c3da475b3ffd098236d455367b

SHA512
7fd21fe13ce64009a1440f2992ff955f6934cdc5c43914781f0f994c32be9c8da5cae1b73d07355826905eec6a0a0b604163849ff6d3173120a561059b1451c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
ccf7e6f186d1889a241cafbd2f0c26c7

SHA1
f91c15e2d20470480c762401bc8feea2ea998814

SHA256
98bf54c07b280c0310670a8517ea6b18621e91f825628628179e0f7d3a9f242b

SHA512
c0f10eeb2133b92e78ebf36accc4f28c9813f728abac0339fa288dc667a97d4508f7e352f14952d2548099fdd35502012acd1771679e50415e557f945b74e1b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
08a6f7c1e8bb0ed85894fbd4461e22fa

SHA1
98c9be90c5ae0e2edc190bd828ebbd2890bdd347

SHA256
59dac477a907759c39ad8b5735ef917bf1f7430f1f34097119e95a4f15fad3b6

SHA512
99c2ed04301687cc0bd2d187efefd9e9878c3cf9d734afbaf95edd8f6304f39064ed9ae3f9949df08f9ec7798d74f3c7c7c6654f6f9a9087c228c3a9316212c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

Filesize
727B

MD5
5900a9eb6df1d786885d6511fd2a6fde

SHA1
cc35c1a12cbbe912460f256ad7245e25ef397e55

SHA256
020cd369e82a16f28efcce9318887c8adde7d2566c88dee452d937021922e629

SHA512
ea8ffb8e76df11a6d0239d38ac5295fbf3e7886f46ad89c3f26ffb7e291e4db6c37749539f2c57ef3f915f15aa588a9bb6ba9937e81b802a48c0dbdd996b01e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
53ff7c25d0bdddbc23667b1c7d18039b

SHA1
ff9163d718a4efe595395e90b6a089591c7c782c

SHA256
8c5b987f8c4be76a85ad2bb027a0b821e29b4814813bb97b43490d661355470f

SHA512
206282931c0326e74bcbdd0a3a6c55eabdb064dc57cf7a0e600e71463dd6265046ea6bd9d1742ac7f8b2a254ab7c5845fb7c23b84caa500aaf4e09112089f9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
cf9b84575adb5fe5502dfb6bec503743

SHA1
b79aac9ae63cd438dceface010f2fa92d1945d0e

SHA256
fb39069cade8d61d6719b2dedbe62c44a1c981bc5ee1e97f038a7aad8ba04b14

SHA512
b6d9cf95eb246dd467eb39d5f79cf7aaf8477f2bb8063c4d100e0924b3ce1af085052b652ed5e5dc8d7f984bd258e7138d1dce7d3b8eb1e07e9e9f8c7531696e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
9ae562c276452f60f640140dd2e2c9b4

SHA1
c62b60efc0884da629430c993bc3baf92a83966c

SHA256
6bf7447b70f134b436e3834e3a101adff10ab84e44b09ebccd2f86c306c47d31

SHA512
0f4191e17ebe193ef715b1bf1edd1a898e4210d68ac3e517f7d4afae7934155ab03995c99ff171e19f77a4048ff391eb2f8c75c4ace75e0cb6baec4bc48b8823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
624597a4d6e50b0a8c535a0781c0272b

SHA1
e13de46af7724a106c6bfda178758d4f2ac02192

SHA256
e0a988e68af4605c1e57921148b5189843e30091e360fdefa97f82dfbf8199ac

SHA512
6318328d9536c635b9047d630805564527b610b2b2a269d4ae74375c3b98b9f2e9f9c500626a8844fd9699219a1ff67d698908d467270e4921e9537a0d3c0097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63

Filesize
404B

MD5
4da743c88f661f1aae1ae9236283f164

SHA1
44d0dcf151586476be6977d82b31707d94b6f5ec

SHA256
ca12809c51831315fe25320b4dbba782996c8733eadcc52299f7c7a7cd56c3b0

SHA512
2f32ba2597834175f4d3452c163eadf36c0c4934bccc6f4f68833f83ab7ea524acc4cda380eb79f6b6f4aa1f17273afc3649abe8b15ac6bcbc90d3b6c2975138

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14826dfcc256843eb8c3684b926bf0c0

SHA1
5533cbf87c72bbc62b34792f932020e74a5a18d6

SHA256
718d522cb64e1f8667fdc69abc23717adb5ac5b50fec3374387e2d154d9c246f

SHA512
293515844b692225f4265e25979f21f0e557b834288b4f232c6260333220be091b37e2c201ff4a386896ba16d2f4b5f617f49e803848966f880f754aaa22bd26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb138f36e8b5d51652e459ad5976b55c

SHA1
e63c3ce66af45d02525e7f50b08fa80af4bc0cb4

SHA256
09ed9c64fd83baca1a607c23b0aa6441cc3d958ded8026558c6ac541dc7c4d62

SHA512
1191a3a2cb310af0ca775fe8903dd9ae7861eaa691a3054d53a156aee482b0f1b0fdeebc6395021eea80071cf37107e57f2fcdc546096516df16f71450c340f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
944756c97a1ff9a5cdd38e81ef4e9090

SHA1
a7dd42c7ca7f336d0c0d3867ba4e6a4f0a68cb3b

SHA256
4905eb763895ca6ce97025641b46afe380f164dd7a5383f392c1c5c1668509d4

SHA512
bfb5114af201da98e3f4066777b85c3f0f4bcd1352d180c64f1f99a94ca7c4d0e0c5dc36a6ef7d0fd4087f7bf2b680b4907677bb62a43bdf0f1b3b6b2ceaf342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ef8eb9f6ade9e67d2c55f07a8f5b6c41

SHA1
f3d4c1f54577725e25c2d7b3a0b3dbfbf7076888

SHA256
25b6c7b07d7adcde3f503f4e4cf872083ea011564466c47f97f592e994ea49fc

SHA512
1a25d7753716bb8fbd73bf704fb25bdfb1a35fde8f8fac23749a61e362590cacb224397a639e34f6d1cdbdeaa10e15475bfb7a302d905458b26de3c74c57110b

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\au.msi

Filesize
843KB

MD5
c95a831719a0a8659911c2d961a9e425

SHA1
84e5db605edecd9976f2a7d45b00c2c5deabe11d

SHA256
bb5d1befb8970ee28066d13727056d54e0ee624564556757c26c75d6faafcc9d

SHA512
073f2e9ce88f18ddf6d5e9d1d47a142b68a4935d73854580ca6d5b619473632965051e398bf5485ff0664d2caf2ed13d4260ab64428c7ea2cce78983feed3069

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\jre1.8.0_361.msi

Filesize
52.6MB

MD5
1aa57a5a04ec43b25937efa2a3f0f0ad

SHA1
6121bef34c9c603e8b03140c05e0418096ac7bb6

SHA256
66a697fe354addb90ae4e3c6b617f9ca0e5a65a439435f674e3f6d8c7db85b6b

SHA512
1461ff7fc5d3a1e3fff20bd42324f0dc6f82bbdb9d35cc425535449a0f8e346599c4012802f0a801cce243eea4d878e6430a02db5b24fe6cc99b24cdad31c4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp

Filesize
1016KB

MD5
459a51b2e65d53e4e568215e77317cc5

SHA1
f2308f14d1033f79a1d10b392520cb2459b0e737

SHA256
9da5f7bb7d99c3b8d5c9100a0573e928f48452319989ab026af5fcff1119a5d9

SHA512
7e3b8cb97c4c61eb147473d62dc163205ecd85235e6c711b39c4a76b06e8cee7d70f2594e0710df90e1b949c4bdb442a759912afeb72c6b4f0a34750daf17886

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp

Filesize
53.5MB

MD5
c760bc95af603fec0c41cafd82498a5d

SHA1
6bed421c5268fcd02f3d9439a314fffd84b29235

SHA256
c93f2de2ed4d5420671f5d5ba858b841683183aba9248f9890c4b277c39d2995

SHA512
cc9324416d98cd4ca1ec6e607e684336964d74da5f29f3d56d82b56ac0fe225c1420fbe08f9a559bf80307ea740e9140154f136aa9d3bc473baf60d736b7fd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
2KB

MD5
54d4cfb1b37326b227815776f790a0bc

SHA1
c8979a303a6956a6b96c033f6c37cc2946aaf777

SHA256
17066fc30f6a224a7db2cbcf89e1405b84fb73afe81bc8061caed9c4698a38a2

SHA512
ab08ba417f168c2b72a7f60dde58875798575011ac70aed48ab0ab90a24c750a4b57176b1dad85e6e4dbf69a5c0cdcb06bc820416b870e5ea251076b6c91e4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
11KB

MD5
e295bc93640aa3efca41decf06490932

SHA1
99e756a67e570200155e235742d70404d5e3895a

SHA256
a9dcb4c0ca780aa5b86aca9337ecae66d662a4b3336c9f9daa5aa27bf33c7edb

SHA512
bf8a105bcef3770c475e4e410103b1cd184bc4a3ba43aaa735969c9564891689dc00eba8233caafa2ffd50f1ed787eb60e2f211e9858062eae21595b758f661e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
11KB

MD5
e295bc93640aa3efca41decf06490932

SHA1
99e756a67e570200155e235742d70404d5e3895a

SHA256
a9dcb4c0ca780aa5b86aca9337ecae66d662a4b3336c9f9daa5aa27bf33c7edb

SHA512
bf8a105bcef3770c475e4e410103b1cd184bc4a3ba43aaa735969c9564891689dc00eba8233caafa2ffd50f1ed787eb60e2f211e9858062eae21595b758f661e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

Filesize
12KB

MD5
ce566a93b048e14c73172e7fcc50f101

SHA1
086f0f2b3f96b367e43c2333f0578e97865aba70

SHA256
d632c1d31b988990d296c6ede029d1252d8e703f60982131d3461461de06beff

SHA512
612278ef9ffd7912ee1d10fa2bf0176514e2e0ba60af61d04a076eef31d07cf0ca3662f555ba23c427414404d1124e1bf1e7315b5c5a5c0fe9ff9a7073d47153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\JavaSetup8u361.exe

Filesize
2.2MB

MD5
d3809baddaf7b1e7d94484160043328b

SHA1
e1979f5248d3b20858b11386ce22b1ccb0a9bfb5

SHA256
e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079

SHA512
96350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\JavaSetup8u361.exe.iekj1tb.partial

Filesize
2.2MB

MD5
d3809baddaf7b1e7d94484160043328b

SHA1
e1979f5248d3b20858b11386ce22b1ccb0a9bfb5

SHA256
e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079

SHA512
96350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7126063.tmp\JavaSetup8u361.exe

Filesize
1.9MB

MD5
442dcacd62016db76c61af770301626f

SHA1
1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

SHA256
8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

SHA512
3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7126063.tmp\JavaSetup8u361.exe

Filesize
1.9MB

MD5
442dcacd62016db76c61af770301626f

SHA1
1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

SHA256
8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

SHA512
3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
40KB

MD5
75eab1424c72b9b25ad86bd63e9fce64

SHA1
c2497f7cbf7c0a2c198f0ba0d5f548cb55409885

SHA256
a24f96ef3d61a6bdf6a97bc3610525a0c4517f83360fdb7748343c7f0b0bc2c8

SHA512
2a2f772f24d7d111d1d2ae0800b4ec8b49db5882b8ed45d88923cb7b19197f5d552de2daf0f0caf92c649f2286eb5fd9c16a7ebdac0a0893b6a81d52637eb9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
54KB

MD5
5fa850eb629f4a8c02ab5715130b92e9

SHA1
43200c7ac878e9ced3d0cbbef6e5aa529ec10407

SHA256
7910a12aae2c6998af41255c14370c48a2adff0da225180f484dda962c6b693f

SHA512
ad5e4674fc1322fc57ac26b23b37cf16a3d080993b8fa121254b3027c38d616e6c722cde3f0599778aae5210e1be481aadaf3d00eeed591e9c76cda66ffb514e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
1KB

MD5
fdcb697046e7990655d0c4cea3c7257e

SHA1
fb2824383ee4a388a084c039243ed6e8e457d303

SHA256
04e1f6a567e4f3cd39cd45d3940f3e094f7d4f93a0ac345c3696cbc3efc496ac

SHA512
a077715bb8c3bb493169ff3729a6e8e04135cd75cb57351c79dd005ed4a1df8d8ee4b4f5b692c6355d26e71b1f264cdfb11b66671bdb38aca210468fb2421bf7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J4AE98W9.txt

Filesize
511B

MD5
066a98fec480fde276c5ad85b378168a

SHA1
95530ba7745f58e8df5d3902f67ca81b8ff5d235

SHA256
724a6a505f7d278acc5a29381238d183c085c741bd74272a7d060d1121f26bec

SHA512
b3d83676f8b1d9cbec09030a5e436d259ceb9734ba0fd66a3ff0a144abc71c0929b665dd49c7c066937c74ddbbc07cb482cae4156455a1a373dec008866151a1

Download Submit
C:\Windows\Installer\6d10c8.msi

Filesize
53.5MB

MD5
c760bc95af603fec0c41cafd82498a5d

SHA1
6bed421c5268fcd02f3d9439a314fffd84b29235

SHA256
c93f2de2ed4d5420671f5d5ba858b841683183aba9248f9890c4b277c39d2995

SHA512
cc9324416d98cd4ca1ec6e607e684336964d74da5f29f3d56d82b56ac0fe225c1420fbe08f9a559bf80307ea740e9140154f136aa9d3bc473baf60d736b7fd52

Download Submit
C:\Windows\Installer\MSI17A9.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
C:\Windows\Installer\MSI1D83.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
C:\Windows\Installer\MSI210E.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\java.dll

Filesize
139KB

MD5
286bba6f961e7d873d5c84f57cd1118a

SHA1
c659530ae34fabc24dc6fb55f37485a8d0bca2d0

SHA256
4f068301312fab1d1fd3e3ea0bcd87c4f730f69031337decb343b9ecb5028984

SHA512
c03ad585fd3f486448c86831f93118575b3586fac79f55448daa794ba6be95fc2a1595186d6c8b7881303b3cd1226b2eb10b7bdbc59a457384ba1340daabf058

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\java.dll

Filesize
139KB

MD5
286bba6f961e7d873d5c84f57cd1118a

SHA1
c659530ae34fabc24dc6fb55f37485a8d0bca2d0

SHA256
4f068301312fab1d1fd3e3ea0bcd87c4f730f69031337decb343b9ecb5028984

SHA512
c03ad585fd3f486448c86831f93118575b3586fac79f55448daa794ba6be95fc2a1595186d6c8b7881303b3cd1226b2eb10b7bdbc59a457384ba1340daabf058

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe

Filesize
243KB

MD5
71ac3db0e1d4363ff8695ca610af1ae4

SHA1
35ee53d9c6b541f4e9422875fb5a246d975afc85

SHA256
fbc762cd79977cee061bc9d2bf19c9687856759afec067121cce58e1cc124d2c

SHA512
53a75165d3a4683573f7d16015bda25cbfdabb8981ca8ffd0789105a6cdbf9a02f4e7a71b47efc581c14a90fd54760e4e7dc6e9786abc325a190c945b67cffb8

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\ucrtbase.dll

Filesize
1.1MB

MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
\Program Files (x86)\Java\jre1.8.0_361\bin\vcruntime140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE

Filesize
142KB

MD5
3842c46f2fbc7522ef625f1833530804

SHA1
3615c072ad5bdadba5e5e22e75eefaf7def92312

SHA256
17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7

SHA512
9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

Download Submit
\Users\Admin\AppData\Local\Temp\jds7126063.tmp\JavaSetup8u361.exe

Filesize
1.9MB

MD5
442dcacd62016db76c61af770301626f

SHA1
1ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a

SHA256
8aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7

SHA512
3c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9

Download Submit
\Windows\Installer\MSI17A9.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
\Windows\Installer\MSI1D83.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
\Windows\Installer\MSI210E.tmp

Filesize
602KB

MD5
dbaf31f37c583df88814c6edbfe7f884

SHA1
dc3b941933ebe79301b8a2949316c8bb47e27ccd

SHA256
32ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca

SHA512
6303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb

Download Submit
memory/1588-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/2356-108-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download
memory/2632-154-0x0000000002050000-0x0000000004050000-memory.dmp

Filesize
32.0MB

Download
memory/2848-171-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-178-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-191-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-193-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-198-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-203-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-202-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-201-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-205-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-204-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-206-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-211-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-213-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-215-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-217-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-219-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download
memory/2848-175-0x0000000002670000-0x0000000004670000-memory.dmp

Filesize
32.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads