089ecfe0ef768b20c4155d52cc71e36ef9205c6ed285a7bbaa4c109676d2521d

Analysis

max time kernel
201s
max time network
204s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-03-2023 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.75-Installer-0.6.9.v2.exe
Size

16.3MB
MD5

081da6578a8763d105a77bac69def6f2
SHA1

340c34a719159d03531af0aed1386f10b0a633b1
SHA256

089ecfe0ef768b20c4155d52cc71e36ef9205c6ed285a7bbaa4c109676d2521d
SHA512

0ab1371c68fd8afd3430e114090aafc0b6e9cf49b6207ebe9e5a54f7f8f0f3ed640892707ac4dca89e10af97390df06cf374917ef6e95765ba6ef194868d4270
SSDEEP

393216:EXRlrghRyfsD441ffz4e4oQL1buPKaIzAtdB7luTdHJAAX5:EhBQQ+1Hz4e4t6PKBzuB7luTdjX5

Score

8^/10

adware persistence stealer upx

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

22 1008 msiexec.exe
24 1008 msiexec.exe
26 1008 msiexec.exe
Downloads MZ/PE file

flow	pid	process
22	1008	msiexec.exe
24	1008	msiexec.exe
26	1008	msiexec.exe

Executes dropped EXE 19 IoCs

Processes:

irsetup.exejre-windows.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exejp2launcher.exejavaws.exejp2launcher.exejavaw.exe

pid	process
1964	irsetup.exe
780	jre-windows.exe
2016	installer.exe
596	bspatch.exe
976	unpack200.exe
1664	unpack200.exe
1160	unpack200.exe
280	unpack200.exe
1504	unpack200.exe
1548	unpack200.exe
1612	unpack200.exe
1296	unpack200.exe
1292	javaw.exe
2036	javaws.exe
2012	javaw.exe
1756	jp2launcher.exe
1944	javaws.exe
564	jp2launcher.exe
1616	javaw.exe

Loads dropped DLL 64 IoCs

Processes:

TLauncher-2.75-Installer-0.6.9.v2.exeirsetup.exemsiexec.exebspatch.exeinstaller.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exejp2launcher.exe

pid	process
1996	TLauncher-2.75-Installer-0.6.9.v2.exe
1996	TLauncher-2.75-Installer-0.6.9.v2.exe
1996	TLauncher-2.75-Installer-0.6.9.v2.exe
1996	TLauncher-2.75-Installer-0.6.9.v2.exe
1964	irsetup.exe
1964	irsetup.exe
1964	irsetup.exe
1964	irsetup.exe
1236
1236
1008	msiexec.exe
596	bspatch.exe
596	bspatch.exe
596	bspatch.exe
2016	installer.exe
976	unpack200.exe
1664	unpack200.exe
1160	unpack200.exe
280	unpack200.exe
1504	unpack200.exe
1548	unpack200.exe
1612	unpack200.exe
1296	unpack200.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
836
836
1292	javaw.exe
1292	javaw.exe
1292	javaw.exe
1292	javaw.exe
1292	javaw.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
2016	installer.exe
836
836
2036	javaws.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2012	javaw.exe
2036	javaws.exe
1756	jp2launcher.exe
1756	jp2launcher.exe
1756	jp2launcher.exe
1756	jp2launcher.exe
1756	jp2launcher.exe
1756	jp2launcher.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/1964-73-0x0000000000380000-0x0000000000768000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/1964-297-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-311-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-333-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-424-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-436-0x0000000000380000-0x0000000000768000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/1964-442-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-519-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-591-0x0000000000380000-0x0000000000768000-memory.dmp	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
behavioral1/memory/596-652-0x0000000000400000-0x0000000000417000-memory.dmp	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
behavioral1/memory/596-657-0x00000000002B0000-0x00000000002C7000-memory.dmp	upx
behavioral1/memory/596-664-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/1964-983-0x0000000000380000-0x0000000000768000-memory.dmp	upx
behavioral1/memory/1964-1020-0x0000000000380000-0x0000000000768000-memory.dmp	upx

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exeunpack200.exejavaw.exemsiexec.exeunpack200.exe

description	ioc	process
File created	C:\Program Files\Java\jre1.8.0_51\LICENSE	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\ssvagent.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\cacerts	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\java.security	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\rt.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa	javaw.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\j2pcsc.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jsound.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\currency.data	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javafx.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\release	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_sv.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\nashorn.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\snmp.acl.template	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\meta-index	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\blacklisted.certs	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\bci.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\JavaAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\lcms.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\flavormap.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.password.template	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\npt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\access-bridge-64.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\rt.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\sunmscapi.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\COPYRIGHT	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_LinkNoDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jfr.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\installer.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_TW.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\java.policy	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glass.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\klist.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll	installer.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\6d59e4.msi	msiexec.exe
File created	C:\Windows\Installer\6d59e6.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6B3C.tmp	msiexec.exe
File created	C:\Windows\Installer\6d59e8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1801.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6d59e6.ipi	msiexec.exe
File created	C:\Windows\Installer\6d59e4.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exeirsetup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_88"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_18"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0051-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0060-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_08"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_14"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_62"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_29"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.0_04"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_15"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_63"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_37"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.1_02"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}	installer.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

irsetup.exejre-windows.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	jre-windows.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	jre-windows.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

jp2launcher.exejp2launcher.exe

pid process

1756 jp2launcher.exe
564 jp2launcher.exe

pid	process
1756	jp2launcher.exe
564	jp2launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

jre-windows.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	780	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	780	jre-windows.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeSecurityPrivilege	1008	msiexec.exe
Token: SeCreateTokenPrivilege	780	jre-windows.exe
Token: SeAssignPrimaryTokenPrivilege	780	jre-windows.exe
Token: SeLockMemoryPrivilege	780	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	780	jre-windows.exe
Token: SeMachineAccountPrivilege	780	jre-windows.exe
Token: SeTcbPrivilege	780	jre-windows.exe
Token: SeSecurityPrivilege	780	jre-windows.exe
Token: SeTakeOwnershipPrivilege	780	jre-windows.exe
Token: SeLoadDriverPrivilege	780	jre-windows.exe
Token: SeSystemProfilePrivilege	780	jre-windows.exe
Token: SeSystemtimePrivilege	780	jre-windows.exe
Token: SeProfSingleProcessPrivilege	780	jre-windows.exe
Token: SeIncBasePriorityPrivilege	780	jre-windows.exe
Token: SeCreatePagefilePrivilege	780	jre-windows.exe
Token: SeCreatePermanentPrivilege	780	jre-windows.exe
Token: SeBackupPrivilege	780	jre-windows.exe
Token: SeRestorePrivilege	780	jre-windows.exe
Token: SeShutdownPrivilege	780	jre-windows.exe
Token: SeDebugPrivilege	780	jre-windows.exe
Token: SeAuditPrivilege	780	jre-windows.exe
Token: SeSystemEnvironmentPrivilege	780	jre-windows.exe
Token: SeChangeNotifyPrivilege	780	jre-windows.exe
Token: SeRemoteShutdownPrivilege	780	jre-windows.exe
Token: SeUndockPrivilege	780	jre-windows.exe
Token: SeSyncAgentPrivilege	780	jre-windows.exe
Token: SeEnableDelegationPrivilege	780	jre-windows.exe
Token: SeManageVolumePrivilege	780	jre-windows.exe
Token: SeImpersonatePrivilege	780	jre-windows.exe
Token: SeCreateGlobalPrivilege	780	jre-windows.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe
Token: SeRestorePrivilege	1008	msiexec.exe
Token: SeTakeOwnershipPrivilege	1008	msiexec.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

irsetup.exejp2launcher.exejp2launcher.exe

pid process

1964 irsetup.exe
1964 irsetup.exe
1964 irsetup.exe
1964 irsetup.exe
1964 irsetup.exe
1964 irsetup.exe
1756 jp2launcher.exe
564 jp2launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

TLauncher-2.75-Installer-0.6.9.v2.exeirsetup.exemsiexec.exeinstaller.exejavaws.exejavaws.exe

description	pid	process	target process
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1996 wrote to memory of 1964	1996	TLauncher-2.75-Installer-0.6.9.v2.exe	irsetup.exe
PID 1964 wrote to memory of 780	1964	irsetup.exe	jre-windows.exe
PID 1964 wrote to memory of 780	1964	irsetup.exe	jre-windows.exe
PID 1964 wrote to memory of 780	1964	irsetup.exe	jre-windows.exe
PID 1964 wrote to memory of 780	1964	irsetup.exe	jre-windows.exe
PID 1008 wrote to memory of 2016	1008	msiexec.exe	installer.exe
PID 1008 wrote to memory of 2016	1008	msiexec.exe	installer.exe
PID 1008 wrote to memory of 2016	1008	msiexec.exe	installer.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 596	2016	installer.exe	bspatch.exe
PID 2016 wrote to memory of 976	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 976	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 976	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1664	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1664	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1664	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1160	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1160	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1160	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 280	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 280	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 280	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1504	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1504	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1504	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1548	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1548	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1548	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1612	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1612	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1612	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1296	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1296	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1296	2016	installer.exe	unpack200.exe
PID 2016 wrote to memory of 1292	2016	installer.exe	javaw.exe
PID 2016 wrote to memory of 1292	2016	installer.exe	javaw.exe
PID 2016 wrote to memory of 1292	2016	installer.exe	javaw.exe
PID 2016 wrote to memory of 2036	2016	installer.exe	javaws.exe
PID 2016 wrote to memory of 2036	2016	installer.exe	javaws.exe
PID 2016 wrote to memory of 2036	2016	installer.exe	javaws.exe
PID 2036 wrote to memory of 2012	2036	javaws.exe	javaw.exe
PID 2036 wrote to memory of 2012	2036	javaws.exe	javaw.exe
PID 2036 wrote to memory of 2012	2036	javaws.exe	javaw.exe
PID 2036 wrote to memory of 1756	2036	javaws.exe	jp2launcher.exe
PID 2036 wrote to memory of 1756	2036	javaws.exe	jp2launcher.exe
PID 2036 wrote to memory of 1756	2036	javaws.exe	jp2launcher.exe
PID 2016 wrote to memory of 1944	2016	installer.exe	javaws.exe
PID 2016 wrote to memory of 1944	2016	installer.exe	javaws.exe
PID 2016 wrote to memory of 1944	2016	installer.exe	javaws.exe
PID 1944 wrote to memory of 564	1944	javaws.exe	jp2launcher.exe
PID 1944 wrote to memory of 564	1944	javaws.exe	jp2launcher.exe
PID 1944 wrote to memory of 564	1944	javaws.exe	jp2launcher.exe
PID 1008 wrote to memory of 1124	1008	msiexec.exe	MsiExec.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.75-Installer-0.6.9.v2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.75-Installer-0.6.9.v2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1996

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1905626 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.75-Installer-0.6.9.v2.exe" "__IRCT:1" "__IRTSS:17101524" "__IRSID:S-1-5-21-3948302646-268491222-1934009652-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:780

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
4⤵
- Executes dropped EXE
PID:1616

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1008

C:\Program Files\Java\jre1.8.0_51\installer.exe
"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" STATIC=1 REPAIRMODE=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2016

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:596

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:976

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1664

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:280

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1160

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1504

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1548

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1612

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1296

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1292

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2012

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:564

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6391A75CC2C938F1E8AA039FCFE14DB6
2⤵
PID:1124

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"
3⤵
PID:1392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6d59e7.rbs
Filesize
788KB

MD5
35dc5efb911c762f697abd29d9068762

SHA1
75ce291b9e0c2e9599038844319308c56da81ca3

SHA256
f25ba184f847633ce8dd3952b5cdfa0e273bf65df6c288ee30358cf3ed8bf025

SHA512
c33002330f5ba58abc1ad654daef2795a7e1212f6d04f3e0dcb322cbea9c46746f701da7746158a71a9b1251e39ba4c7a0e4393858875077dcc580509badec15

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
Filesize
1.1MB

MD5
cb63e262f0850bd8c3e282d6cd5493db

SHA1
aca74def7a2cd033f18fc938ceb2feef2de8cb8c

SHA256
b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012

SHA512
8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe
Filesize
75KB

MD5
f49218872d803801934638f44274000d

SHA1
871d70960ff7db8c6d11fad68d0a325d7fc540f1

SHA256
bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528

SHA512
94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
Filesize
314KB

MD5
5ed6faed0b5fe8a02bb78c93c422f948

SHA1
823ed6c635bd7851ccef43cbe23518267327ae9a

SHA256
60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5

SHA512
5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll
Filesize
8.3MB

MD5
2894ece7b8de355b13978d6b8ec6e68c

SHA1
cec5cd8450498ee6f81eae2f10e56726b6125be2

SHA256
04d85639dacb86c6efca146051681608727f0376ca5293b9f83b232fc4db6a54

SHA512
634e1cedf63d384c072bbd32dbca35982f7b2a7a77ab6d11130f2d45fd164d17ad080206a650854473370e824ec1153c61821c318a2af7954d2031a38d37bfd4

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfg
Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack
Filesize
1.0MB

MD5
45288142b863dc4761b634f9de75e5e5

SHA1
9d07fca553e08c47e38dd48a9c7824e376e4ce80

SHA256
91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac

SHA512
f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack
Filesize
1.8MB

MD5
5cfc3a1b269312f7a2d2f1d7c0497819

SHA1
d048284db9ce7103156f8bbce988b4d9978786b7

SHA256
80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26

SHA512
8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack
Filesize
4.8MB

MD5
8dfebf0b78c6e3bf5aa5002ca9a6da1a

SHA1
1edee53b9e0af5d767d0051c2beccc474035024f

SHA256
0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

SHA512
f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack
Filesize
1.3MB

MD5
2ad7c3462a7494b29edbe3701ebeab4c

SHA1
7358ab9b0c4771efdc0d28764b90a46aac55e865

SHA256
7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db

SHA512
8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack
Filesize
211KB

MD5
5a83bc9b3e4a7e960fd757f3ad7cd263

SHA1
f5f308aec7e93accb5d6714c178b8bf0840fb38d

SHA256
0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5

SHA512
b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack
Filesize
150KB

MD5
168f72fd2f288a96ee9c4e845339db02

SHA1
e25b521b0ed663e2b050af2b454d571c5145904f

SHA256
5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6

SHA512
01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack
Filesize
482KB

MD5
538777ddaa33641aa2c17b8f71eed307

SHA1
ac7b5fdba952ce65b5a85578f2a81b37daed0948

SHA256
9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135

SHA512
7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack
Filesize
13.1MB

MD5
f0177701b36068c9a2bb4924dd409fa5

SHA1
71e4b32c95e20dd565a6603d3de3819eb4f19d33

SHA256
93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec

SHA512
8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8
Filesize
78.7MB

MD5
22646919b87d1a6dfc371464405b373b

SHA1
2296c69b12c3e0244fc59586f794457a4735e692

SHA256
0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11

SHA512
b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\diff
Filesize
9.1MB

MD5
d417682702b140d7131851bae877f046

SHA1
aa78da727e8a62c839a9bb6f7a93b48d3a04be70

SHA256
3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8

SHA512
9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\newimage
Filesize
79.9MB

MD5
ba85f8b5a9bf9b6320a6dae439e0f536

SHA1
fc8dc72b58ed72e910ec605537bd35069db324ee

SHA256
caafa9c10903317fc968b8807c23057173859ab6cc8aae89b77220a9d4ee6777

SHA512
75b000b3e21e4f8f4c57032f4dd4d5c526a7bd3fb65da77356a7911f7281289b5512cc90d48cc43b0897b46e40f1ad8de8d1af30ab427ae16625f6007cf4c149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4389f3e525c270936965e9898472ab8b

SHA1
b8a4393430e958ac082cd8f5f9f31b144da2b22e

SHA256
9143dde96b76d392e833672bdb347e2d2f4cefe1ac31afd22905bc5df822c442

SHA512
c1fd55e05fabc0ab0093411ef02dff8e370dbb7aafaa871764859a5a6740701dece74bbf4eaa90b72bdb3d43bf50b94947c4ba823d72e4b2cab0a457a8b2a7ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ef20503242ce2d67f0b9a6d51bc2d6db

SHA1
74239b552bebfaa2586630928b304a9afb43f136

SHA256
b46878cc23fc04d945dee6692b12b2144b92cfbcbdc34d6330788957770a3624

SHA512
b0c99497e599608f1188da0d919eb870a162b4839bc86c33d4c156d8e98ab458a93c6e1c02adb2d8530af96ee3638ae15c9a7166190a2c252e700f03a915e9ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
Filesize
1KB

MD5
38618946ab0d6a217eee9931a934c339

SHA1
8580268076e39749562608ac29c3537ed58184cf

SHA256
340b22b35bd5108d01dae484cc4a1252dbc09e39ab938fb252fd06c7790e03a4

SHA512
f631ff6a1f26271bd6cbf437463bbc3daebd8814b946f91e114a59166fe1857f2bf021aaf8fc292bf7deed8f43478591612c985d23c090f8dedab8cb3e03792d

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
Filesize
1KB

MD5
42dc792d9665499d5558139158781f92

SHA1
6004221b08d66764daa1cb7563c80a56cf29456d

SHA256
7e4778d493aabccd8a5450c0a4a245bf83a26cdc1846830b84e82b5a311abfe1

SHA512
be58cddcee13e29aa2cd739de49029afbbde8d20c5ad2ea50b1c08cdb539ff6c0f88eb710c647d7b6997246911cedce04f1e9e5cedaac088189115282446cace

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1298.tmp
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar62CA.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
7b515355baeefeed26efd6bf81647fa6

SHA1
a2c4dccbe93b2c760a7d029bf478309ddb66d3ba

SHA256
db00ce8485e15ae76fb5b0b36ba9c750866cb83ae4fdfd56b5802e2f4d40815b

SHA512
e56d437a0097c07eb9a61d098f2431a2174ccabeeafac71349128fa52a0e3a81ee0a33f909a0ff2617001a8b8006a5dc7169987c0a231ef8fe31cb04522d58b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
9cc786211f043d0bf0dbf4d09294a6c5

SHA1
d03b73047a6d80fd4932c1acb99ea3c79837b707

SHA256
408541e97738e54107bbec79275c5601c3237465aa7b9c27b5a9032507a693cc

SHA512
c9a8e93df6250d407a19cf508c3ad8ea3c99f0183b4d915600371fa552f83269755d8778e0c143a0bdea070faf750b781342cd6476ee0e5ce220de1870f04340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
3be2725cf2fd94bff7e49281fa3b5e76

SHA1
9c8cba7ae457f44064b0f12abe3d63d4b12c2e60

SHA256
008a1b71cb66795f79ea9aaa33e8256268a96991b028141ab62259c810de16f9

SHA512
105ebc9e8e484b15db375eb6586f401f69c7623c3942752b60287414bccd62f446f3baeb9e4ec58d736a8db278b6b99890dab048862759fc5e235dd8e5b5074b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG99.PNG
Filesize
438B

MD5
4e568e76c4f055a54ebbf34900121c8f

SHA1
c0c2a4b7f45add0f989f81ecd9af466c0a83a9e7

SHA256
87272ac248b7856459fa8fb231b694b7aca70ed712a75c4c4cd2f12bee0c65f7

SHA512
060eba4caa870d8ea5f3ce891b6d1e92482f0889d7d4aed2680988c06d0d35b1c4449ba9d69214a14bee2549e6bc0070034a7dcdaebd0b72f29d83001ffb4e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
8KB

MD5
61e93d5cb78aa770ee28aec62a3bc7e0

SHA1
51869ba4bbb65eac1616c044bd161c765711df13

SHA256
6f43fad74e5d4d015a3302c6acb5479d086c97a307d0eba143b933a90bd2e100

SHA512
a5c3ae597b961d1db9001dffc2c972266bc6da30cf38cd0f75b5204aa2eddc438e22db23ce99822b233f8cb5b8479e3fb09be28211a66b95444502715320f3a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
18KB

MD5
4701426eae03e5d7b2ff2770b3d35cd3

SHA1
a1aafa4a965509f3f36eec3904a132a36256aac0

SHA256
0f969ae4041b4bf4fa003ecea22148371e6fb6c751d3ad9d38b64831dc85c948

SHA512
9856933d519da32c4a13289a3737e9e0d42ad6c35e17e3456a868445c229740b6a2b154561de05d926b2429928832e91dd2f763b6ab64093c565fb1688bd0335

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
4.1MB

MD5
f592e97f080ae5d323cc0ce2a329a949

SHA1
fe998bf6f2f5321af9f756a7a06a01290a97c55a

SHA256
5a00afa820039b55d570d5cbdae0ce1167272d314592ad9e951257755ea5bac7

SHA512
21b7e4699b357c174288defcae979ad20fbfe83ce56becfeaf44f27fb509c562962a0b61c3d70cb67b07342a393c77547ccbb83d1687cc36a1669151d2fe780b

Download Submit
C:\Windows\Installer\6d59e4.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\javaw.exe
Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
83384ee8ceb1527e269ccb11f61c6363

SHA1
a8304a9d70ad602898de35495c82f318a10c4528

SHA256
bf5d361418d9589c26f49b57acc450fb09fdb087f9ee36926269e249e75be791

SHA512
07dc84c6654fbb1208586f78985b8363e87c8d35a3e64a5654eb2813abc4960d21db7eab8ed04b8360b61f0cf7fe341be3ff4a9029f8b752b5e151384ef16dec

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
memory/564-1124-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1142-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1143-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1137-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1140-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1144-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1131-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1101-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1093-0x0000000000530000-0x000000000053A000-memory.dmp

Filesize
40KB

Download
memory/564-1141-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/564-1149-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/596-658-0x00000000002B0000-0x00000000002C7000-memory.dmp

Filesize
92KB

Download
memory/596-657-0x00000000002B0000-0x00000000002C7000-memory.dmp

Filesize
92KB

Download
memory/596-655-0x00000000002B0000-0x00000000002C7000-memory.dmp

Filesize
92KB

Download
memory/596-652-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/596-664-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/780-542-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/780-518-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1292-940-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/1756-1085-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1756-1081-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1756-1078-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1756-1064-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1756-1045-0x0000000000240000-0x000000000024A000-memory.dmp

Filesize
40KB

Download
memory/1964-311-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-425-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1964-591-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-523-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/1964-519-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-983-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-495-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/1964-943-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1964-73-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-295-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1964-296-0x0000000000990000-0x0000000000993000-memory.dmp

Filesize
12KB

Download
memory/1964-297-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-312-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1964-333-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-334-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1964-424-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-1020-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-436-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1964-442-0x0000000000380000-0x0000000000768000-memory.dmp

Filesize
3.9MB

Download
memory/1996-72-0x0000000002E50000-0x0000000003238000-memory.dmp

Filesize
3.9MB

Download
memory/1996-71-0x0000000002E50000-0x0000000003238000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1031-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2012-1025-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download