4c1993ff60a9013a1e7226bf737f84beefeb6b69677d6bc1f544959640479e79

Resubmissions

12-03-2023 06:21

230312-g4gd1sfa4y 7

12-03-2023 06:12

22-02-2023 07:56

22-02-2023 07:52

22-02-2023 07:50

18-02-2023 19:33

Analysis

max time kernel
285s
max time network
879s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-03-2023 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.69-Installer-0.5.2.exe
Size

14.3MB
MD5

5d9aaf4088910768120e081fbbffce80
SHA1

fa8643e5bbf4cdebddd0bd1af6568540c630fe46
SHA256

4c1993ff60a9013a1e7226bf737f84beefeb6b69677d6bc1f544959640479e79
SHA512

398c4c2bb0968ee258fb0adb3ebb5516a24c8f5297605ff58aa6de59cb451d480ea289376e7755b66f847abf87ad43c0da310a5a5220c0908c3bde8c878eb886
SSDEEP

393216:MXgumBb5fsD441ffz4e4oQL1CbfvIzAtdB7l7RPupq:Mwu05+1Hz4e4tCEzuB7l7RR

Score

8^/10

adware persistence stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 17 IoCs

Processes:

irsetup.exeTLauncher.exejre-8u51-windows-x64.exeinstaller.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exeTLauncher.exe

pid	process
1716	irsetup.exe
688	TLauncher.exe
1564	jre-8u51-windows-x64.exe
1088	installer.exe
2080	bspatch.exe
1056	unpack200.exe
1512	unpack200.exe
1540	unpack200.exe
2052	unpack200.exe
2120	unpack200.exe
1728	unpack200.exe
2196	unpack200.exe
696	unpack200.exe
2292	javaw.exe
2528	javaws.exe
2540	javaw.exe
2656	TLauncher.exe

Loads dropped DLL 59 IoCs

Processes:

TLauncher-2.69-Installer-0.5.2.exeirsetup.exeiexplore.exemsiexec.exebspatch.exeinstaller.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exe

pid	process
924	TLauncher-2.69-Installer-0.5.2.exe
924	TLauncher-2.69-Installer-0.5.2.exe
924	TLauncher-2.69-Installer-0.5.2.exe
924	TLauncher-2.69-Installer-0.5.2.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
2032	iexplore.exe
1256
1256
948	msiexec.exe
2080	bspatch.exe
2080	bspatch.exe
2080	bspatch.exe
1088	installer.exe
1056	unpack200.exe
1512	unpack200.exe
1540	unpack200.exe
2052	unpack200.exe
2120	unpack200.exe
1728	unpack200.exe
2196	unpack200.exe
696	unpack200.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
852
852
2292	javaw.exe
2292	javaw.exe
2292	javaw.exe
2292	javaw.exe
2292	javaw.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
1088	installer.exe
2528	javaws.exe
852
852
2540	javaw.exe
2540	javaw.exe
2540	javaw.exe
2540	javaw.exe
2540	javaw.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/1716-73-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/1716-127-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
behavioral2/memory/1716-181-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
behavioral2/memory/1716-253-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
behavioral2/memory/1716-260-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
behavioral2/memory/1716-262-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
behavioral2/memory/1716-264-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/1716-317-0x0000000000F00000-0x00000000012E8000-memory.dmp	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
behavioral2/memory/2080-1175-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2080-1203-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exeunpack200.exe

description	ioc	process
File created	C:\Program Files\Java\jre1.8.0_51\bin\dt_socket.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\eula.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jawt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\prism_d3d.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\management.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\splash.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\access-bridge-64.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\tzmappings	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\sRGB.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\currency.data	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jfr\default.jfc	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\content-types.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_it.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_TW.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glass.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jabswitch.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javafx_font_t2k.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\resource.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\sunmscapi.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\splashscreen.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\t2k.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\w2k_lsa_auth.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\WindowsAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\PYCC.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\dt_shmem.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\instrument.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_de.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\meta-index	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\cacerts	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\management.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\npt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\policytool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jaas_nt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\resources.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\calendars.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\classlist	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\cursors.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll	installer.exe

Drops file in Windows directory 6 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\6f8769.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6f8769.msi	msiexec.exe
File created	C:\Windows\Installer\6f876b.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9408.tmp	msiexec.exe
File created	C:\Windows\Installer\6f876d.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c8dff787b254d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeinstaller.exeIEXPLORE.EXEirsetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000ebbc40889fc356850504c05be4047452f6f2cda39778096c4635d7486f4e34b8000000000e800000000200002000000067c3bac3a40b056bf47c8202951a93554847d324201307290556839da391e16220000000e3270cbf7dd63b05ddf34010cb45ecb5b1b11e63860856cb6670c308744805ec40000000f7c9c5393498a74b546b00ef5737eb0cdebc7220f3e7cafa9e22f7a87693b973cb584dee3f644b8ade41bfbf744d7527032a83035d33ecddc7b39ed7fa13e692	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca000000000200000000001066000000010000200000008c279ffad5754b65d00184c602c85185b894bad4d30a066dcb22a9c6f0fee14a000000000e8000000002000020000000a8499571c8f89b8c32e5ccda81641ba82172eada0651a7fe602a4b3c384bc65d900000009f3535b56a3a6a4fa795773e7c5e02911d6e935cef2e727ac57ac64fafe657be71e05efa8ea3eb078de0f1b5bba810a33a54110dccec50f6c6b6724700128b8bb62d35a585088a2f3333ff9b76adc90cc563afdf27647fe4898b9927f469796122df73c3833057ed1dfac48c5e6cb529d6f80a200f2a3557c59e96e4a98669e6575fd9da6b14ac8d4d72a914f11b8e5d400000004f136415abf9e24cb521c9f807bb6f3edfc46c745d61a2decfe0fcb82ef0a9351c38035e79a7a44ef723c2fa14961135ba9f4e00167dd6e699b1f1e74125ec33	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB7E1AB1-C0A5-11ED-AE0F-DEF2FB1055A6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0739f94b254d901	iexplore.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_46"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\MiscStatus\1	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_90"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_45"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_18"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_80"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_08"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_55"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_83"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_30"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_20"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_12"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_51"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_76"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_14"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

jre-8u51-windows-x64.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeSecurityPrivilege	948	msiexec.exe
Token: SeCreateTokenPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeAssignPrimaryTokenPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeLockMemoryPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeMachineAccountPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeTcbPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeSecurityPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeTakeOwnershipPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeLoadDriverPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeSystemProfilePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeSystemtimePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeProfSingleProcessPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeIncBasePriorityPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeCreatePagefilePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeCreatePermanentPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeBackupPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeShutdownPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeDebugPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeAuditPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeSystemEnvironmentPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeChangeNotifyPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeRemoteShutdownPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeUndockPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeSyncAgentPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeEnableDelegationPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeManageVolumePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeImpersonatePrivilege	1564	jre-8u51-windows-x64.exe
Token: SeCreateGlobalPrivilege	1564	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe
Token: SeRestorePrivilege	948	msiexec.exe
Token: SeTakeOwnershipPrivilege	948	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

irsetup.exeiexplore.exejre-8u51-windows-x64.exe

pid process

1716 irsetup.exe
1716 irsetup.exe
2032 iexplore.exe
2032 iexplore.exe
1564 jre-8u51-windows-x64.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

irsetup.exeiexplore.exeIEXPLORE.EXE

pid	process
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
1716	irsetup.exe
2032	iexplore.exe
2032	iexplore.exe
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE
1644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

TLauncher-2.69-Installer-0.5.2.exeirsetup.exeTLauncher.exeiexplore.exemsiexec.exeinstaller.exe

description	pid	process	target process
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 924 wrote to memory of 1716	924	TLauncher-2.69-Installer-0.5.2.exe	irsetup.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 1716 wrote to memory of 688	1716	irsetup.exe	TLauncher.exe
PID 688 wrote to memory of 2032	688	TLauncher.exe	iexplore.exe
PID 688 wrote to memory of 2032	688	TLauncher.exe	iexplore.exe
PID 688 wrote to memory of 2032	688	TLauncher.exe	iexplore.exe
PID 688 wrote to memory of 2032	688	TLauncher.exe	iexplore.exe
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1644	2032	iexplore.exe	IEXPLORE.EXE
PID 2032 wrote to memory of 1564	2032	iexplore.exe	jre-8u51-windows-x64.exe
PID 2032 wrote to memory of 1564	2032	iexplore.exe	jre-8u51-windows-x64.exe
PID 2032 wrote to memory of 1564	2032	iexplore.exe	jre-8u51-windows-x64.exe
PID 948 wrote to memory of 1088	948	msiexec.exe	installer.exe
PID 948 wrote to memory of 1088	948	msiexec.exe	installer.exe
PID 948 wrote to memory of 1088	948	msiexec.exe	installer.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 2080	1088	installer.exe	bspatch.exe
PID 1088 wrote to memory of 1056	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1056	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1056	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1512	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1512	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1512	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1540	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1540	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1540	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2052	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2052	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2052	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2120	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2120	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2120	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1728	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1728	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 1728	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2196	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2196	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2196	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 696	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 696	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 696	1088	installer.exe	unpack200.exe
PID 1088 wrote to memory of 2292	1088	installer.exe	javaw.exe
PID 1088 wrote to memory of 2292	1088	installer.exe	javaw.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:924

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1905626 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.69-Installer-0.5.2.exe" "__IRCT:1" "__IRTSS:14984508" "__IRSID:S-1-5-21-3499517378-2376672570-1134980332-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:688

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
4⤵
- Loads dropped DLL
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe"
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1564

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:948

C:\Program Files\Java\jre1.8.0_51\installer.exe
"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1088

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2080

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1056

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1512

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2052

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1540

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2120

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1728

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:2196

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:696

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2292

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2528

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2540

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
PID:2656

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:2664

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:2828

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:2840

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:2976

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:532

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xmx512m -Dfile.encoding=UTF8 -cp C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extensions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\2.8\picture-bundle-2.8.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar; org.tlauncher.tlauncher.rmo.TLauncher
3⤵
PID:1104

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
Filesize
1.1MB

MD5
cb63e262f0850bd8c3e282d6cd5493db

SHA1
aca74def7a2cd033f18fc938ceb2feef2de8cb8c

SHA256
b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012

SHA512
8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe
Filesize
75KB

MD5
f49218872d803801934638f44274000d

SHA1
871d70960ff7db8c6d11fad68d0a325d7fc540f1

SHA256
bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528

SHA512
94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
Filesize
314KB

MD5
5ed6faed0b5fe8a02bb78c93c422f948

SHA1
823ed6c635bd7851ccef43cbe23518267327ae9a

SHA256
60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5

SHA512
5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack
Filesize
1.0MB

MD5
45288142b863dc4761b634f9de75e5e5

SHA1
9d07fca553e08c47e38dd48a9c7824e376e4ce80

SHA256
91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac

SHA512
f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack
Filesize
1.8MB

MD5
5cfc3a1b269312f7a2d2f1d7c0497819

SHA1
d048284db9ce7103156f8bbce988b4d9978786b7

SHA256
80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26

SHA512
8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack
Filesize
1.3MB

MD5
2ad7c3462a7494b29edbe3701ebeab4c

SHA1
7358ab9b0c4771efdc0d28764b90a46aac55e865

SHA256
7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db

SHA512
8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack
Filesize
211KB

MD5
5a83bc9b3e4a7e960fd757f3ad7cd263

SHA1
f5f308aec7e93accb5d6714c178b8bf0840fb38d

SHA256
0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5

SHA512
b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack
Filesize
150KB

MD5
168f72fd2f288a96ee9c4e845339db02

SHA1
e25b521b0ed663e2b050af2b454d571c5145904f

SHA256
5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6

SHA512
01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack
Filesize
482KB

MD5
538777ddaa33641aa2c17b8f71eed307

SHA1
ac7b5fdba952ce65b5a85578f2a81b37daed0948

SHA256
9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135

SHA512
7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack
Filesize
13.1MB

MD5
f0177701b36068c9a2bb4924dd409fa5

SHA1
71e4b32c95e20dd565a6603d3de3819eb4f19d33

SHA256
93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec

SHA512
8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8
Filesize
78.7MB

MD5
22646919b87d1a6dfc371464405b373b

SHA1
2296c69b12c3e0244fc59586f794457a4735e692

SHA256
0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11

SHA512
b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\diff
Filesize
9.1MB

MD5
d417682702b140d7131851bae877f046

SHA1
aa78da727e8a62c839a9bb6f7a93b48d3a04be70

SHA256
3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8

SHA512
9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\newimage
Filesize
79.9MB

MD5
ba85f8b5a9bf9b6320a6dae439e0f536

SHA1
fc8dc72b58ed72e910ec605537bd35069db324ee

SHA256
caafa9c10903317fc968b8807c23057173859ab6cc8aae89b77220a9d4ee6777

SHA512
75b000b3e21e4f8f4c57032f4dd4d5c526a7bd3fb65da77356a7911f7281289b5512cc90d48cc43b0897b46e40f1ad8de8d1af30ab427ae16625f6007cf4c149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
b8095ea597420c788072cd5932be8cfe

SHA1
22b4e43ffb177841e5ce1d076350607c12dfab3f

SHA256
9aa288ef424642c451824b3cf0eed97a2ba88f6e1ca0f03d818487fb67949271

SHA512
73e2e4af9da2a3ad3d66673f99ce0f66554813ac17d2445a2a39f4499247d0f4af46c385694c5c3fda6fde23ac7aafbd5c59b8ce28f78b5fd79151a6a71f3964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
Filesize
1KB

MD5
66651703196ea8c25b6ef8aba4eddd79

SHA1
eec381477b932018130de6482bd53f1eed1efebe

SHA256
ba51fdfaf217fe902c8f8a703020102cb24bd5e641dead70c754d67f94470fdf

SHA512
339c18a8a56342c42d3b9f063c0ae540f2d70aee5d3c3aadebf50be8bed8f4097c87e221216b949436d85561209660bbd3d87aedfdc58da8812afa3453eb82ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
Filesize
1KB

MD5
43c733836b08c3b61b29be5cf1fdf915

SHA1
094fe8fc3f554998c720f3ca91813dda16fa3b98

SHA256
d3591e005808a7325446c7da5821342f26e8ed2e63ba19cc769d5d29c669725d

SHA512
0dfa39fbc13592e9d4e1d62f8c7280b1a2b2e809a9640d54c25721f557856c548d383999f84cddcd4d3a1ebc62132d0a8f317184fdf700f9c9885d949dcaaa7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
951d9c37b020373995513821a4ba164b

SHA1
e650e07ba53b4b35d7c7b12a847a88c7c981371c

SHA256
07dfa5d148e9d7c8e755df6530244ba53168070a7549851b30e797ca90111b98

SHA512
9e8b1acc05504e089fe0399c0d452d89bdc83a0755fb15c56b25d4fba8bac9cda31e3e4de881e400b93a40044dd022ef616e1e9a6e44f2b2ac8b41cf0ea26262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a31fc73d2a78fa2d88e470bf94f621cd

SHA1
d0e8b7a713e650b4fbe5b974f085c0ebf7652c06

SHA256
2590bbd899d0d80843f160a93c4271fce99cc55e59bba1d03749727105e325b6

SHA512
169bbb41bc360c5ebbd990b4a7f9da0f076fd1776dbc0c42ea859252d05a7122011f3801020b179d37bd8031c00a24b73cee90414c06669580e7d980409daf00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8b4a980b3f27de91192562dbac865816

SHA1
b0682990434e966df117a010da552f8d3d8939ab

SHA256
c8319ae5699a6cac32e0228011a321384801d85bf60f7752134e933babe19dd4

SHA512
c069a9fbb9e002eb24adbfbb3e81e77347c42e45013ecf3df9978d0853d24d4e561d123baaadd89bbb556098dd84b48be9b97d1183e06ec931298331246fd09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4bb1505b6035fe9aa032675b5ac02994

SHA1
8b03d986bf79567e35f8b3e3e05f8170e7172de6

SHA256
2b0b30bfe8dd105ca4eee09ee2691bfbd623fd3bc2280d701d45e9453e89b2a3

SHA512
93b4cd20f084794b42eb62a08a42828656e95e31aaa98465dabd964df95aaacc4a509f9590f1b3b9995525b4e3b0e4601a0f7dea549fabc09abbafba00265ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ca933927ad4ff2d51b96593ce6082d78

SHA1
fc7072acd7525147b300cdc310285c8f17a07892

SHA256
e82780dd2928c675d26e0231b5a035fb278c9e6e520121178ab744224bbafc45

SHA512
840836eeafb16600775a8ff044fa14ebb652ae9a59011649bb0d7f15de4ffe80b81b55a0282bb484d40f807dcc27e1a6e0c3f8e50ed7f6ea3e81ed54d1b9dc05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
fa35d49c9c180dfd0dd90331b93131e0

SHA1
1d879bbb1515196017ea27ac43e463675314c204

SHA256
bcdf7626fa2698ff15269dd46d13e5cee30da638d5249b5a3b6433ed2e5f5599

SHA512
0c077beae352ca3db1e325b32139e88e7907403333f84f04c335286dd16467dba6e930ac18492e5d1405d58b06f48fb07dc922db824e2311338d57a4ccf5958e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
430B

MD5
bb1cb3bb0bb91b8a7c610ddc9aae5e87

SHA1
36214c599fbdc0db237c8402f3fa44c63ec15f8a

SHA256
b6145862177106b384466417d8ae5b775846e9f7e4055e935c6557e3b41de5c3

SHA512
ae9732cf6658812d61321e8947ae8fe64cba8eec3523b473b312b573834b56b9b6ce941478c2a93dc1bdb4f5861e53aded17bb7ab900ecf9c7710b2b03f7502f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
Filesize
398B

MD5
b744d18592e4fec66530f4e15b15a498

SHA1
4f0845dcc785072f79b210e408dcb5674b61b535

SHA256
dcd612f2bf915e55040bad51bf5b79fa82b499f0b0286626f32cfdfc32a43932

SHA512
c3e96e47bf04997e2607e95fa3f1d7662c873cc7da96658a3eaf5312cc3b4e8cbbffd66ac7ff224d5bd55384da1601f6b6fc73cf3dbc82130e2e707d915c7219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
Filesize
402B

MD5
faba72e448fcbab0db375854b79b44ab

SHA1
082bd19a24a82a9371a78d5f86cd56ac6f5404f3

SHA256
e19cc8056579a4ecf3c0c3d21199433a5d16dea6d24b67a8d992a41ae1743cfe

SHA512
e6b7af194e16f08bb1444e7e338815646c3f3401c1f4c3f6ca886adb387e79bad69d333531e2aff56e4900e9b4c9368e46227c32f0e25b6a0dac861726f0b0cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\07asiie\imagestore.dat
Filesize
32KB

MD5
3a8b66fce972973024bdbabc9f46c0bc

SHA1
a907439c39c86ba908028654c01c744d1651cb92

SHA256
1e5befc2f40e84cdf978d17af3968af3a61f91dba10c1ee89b76ae9d032930d5

SHA512
4d39b780a01ffce8cd0bfbb820a96784a8ce8f13ae1db3764c404347995297667d978f897b6aa0c3f0971adbd16289ca906b803580184c58b0c26b7f2db7b806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe.noj6qfn.partial
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF0W5LQL\favicon-196x196[1].png
Filesize
28KB

MD5
a75485f99fd7e589f7a784e87c0eecf7

SHA1
389cc19d374a79ad9779fc0b4165a36b84d55554

SHA256
d38a40b5fe5403a5b6d0a3f6892c99718b31c9a62d3287c1c7292d7ed36ba44a

SHA512
3f594a05e0e6809d47bb1c3d016ae0374b452c0fc6d44f27bc8be447f4dbccdd795e67b5e5356356732708b3ddbf65e1b9479fdddd1ba965618dfa6eed93e11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab25AE.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25AF.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar274A.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
67510c285d37f5baeea565363bd3be76

SHA1
dbd5e91a769a07833e086078067789bf34ecdbd4

SHA256
59deb2dd2435e4b0fbb3aca2b391c124f4c32769dcad7aadb015488f323965f9

SHA512
bf7b109c978a182c5c74d9fe8db0167750e5597403cd5e98666222229b561f069a6eaf1877420abe74f1b2cffde825e56f178834ca59f949319df240a6aefa62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
Filesize
438B

MD5
d4c60c0b841271306df0b670800480ce

SHA1
d4b9acfad9a8dc06f71c59ead9367a00e49300db

SHA256
238558af2083ce123f00649509ffda957b18e36bf378414ce7919c938f9bed39

SHA512
d1b54c1a8b56947770939a4a6ceb9889e4dab6172b03c9030b3708d546f34191df997b3ed5ffe4a089a9e2ba7089eef7dbb49e32e97779e83319e7c5f036848c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
8e1c30a8b847f121aea0d1de0fd2bab3

SHA1
9c41ea0a30d8d149322c2f36aa158bf966cc8d57

SHA256
8deff78bc2e2d6471b64d4d94feadee385eedfa3e78f704c9effd880abd10b95

SHA512
5e2e470fab64f73782d303da1bd155fb4d1cc4bc80fb967f23414a4f9ae1d0cdb41619b584da70747377a84717835c9b6efb42dd6d279d11a3b272a928b3c614

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
d30c4f18d275ba0d682c1aeb8742d52d

SHA1
f67a75000edb681e359d7dfb0d887010ea100ffc

SHA256
24f59e16e5795f33426a676419c6397cf48062b59e6b1535453d9a438d3ad658

SHA512
f3dd23e4b3d69462321c5350edc678c1ee5244a3a19b5dae3fdbc88bcd055887a43c5007da02d31af76c437d2a5199e233c9b62f1d40cbc9f920a4f1bf517351

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
4KB

MD5
b0c745d5455a3a3fef770d0262c2129f

SHA1
339bb1a0718de8969c3d3380388c02d4ccc5f409

SHA256
077b0214fb54383e16f4722549d5c7c98f72c2374e1a71ac272544c8152104b4

SHA512
f14e3789b51bfd410e7abcb68549b1c21f46ddaafe8d2a67ca944fe04f3cff3bcdfeab3653c1cdda5fd06dec61dd2eaa607c920398bc526571897fe4acf1f87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
18KB

MD5
206cf6f29eacc35cf8d4a5b5d290eaeb

SHA1
1c8e5a076bd12adc3475cab2e26fd1af8b31647c

SHA256
a968b92f0a89d2f9548b37b52baa38cad942b9af452a82e44029651032fa208a

SHA512
471f70c4ca5f05d566a88d86af0d028cd508d635d1ad68aff76a4fa0e0a8f6854fab654f962b98755a423431a3d54b1c2c531c0d7b31a47b0efd8d440ee9ff49

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF4EE62C3942D10DF8.TMP
Filesize
16KB

MD5
e3f10f63fbeca4d3dda7e0789c0a6877

SHA1
b6a50bf4e71bfd73a0fd939a68eb5c78cde21c4a

SHA256
d965ccab2322ed15b5510bf7565a294ba9764a0962d1ea0c6cfca96e72c650f1

SHA512
552f0722c84bf7879f058657f389736138cc3ed920d107f48fe7a05e7df55826ddf22ad9733e42a3aca0f4027fa5664405fa09a61e03ab070054bd32e3d7a04e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ULMML826.txt
Filesize
512B

MD5
a29c7186c4c6faecb707636c46a1d470

SHA1
06a3d1dad9c0267868d999d0f273b18ad074417f

SHA256
137d15d5301c49a50ae1784a98f567a720923c429454aeb4098f5700c3324a12

SHA512
c6ee4188c9ef04bf658828bf53ac060d519a0fb5144bcc25ba933e8fa633a57efeb798cfc478c85b8435254f096e6757de59e95881853212f89f57779398ae66

Download Submit
C:\Windows\Installer\6f8769.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\jre-8u51-windows-x64.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
4240de83a3f64b1c933d526bf12ef208

SHA1
a640594deabe61478da767cdec444b8de950c5f1

SHA256
e31afb1d2477da49daa2c4d8c74b3f317becf27bcb46a8e4c58f0439b3c2b5e4

SHA512
0e072b3378cf99832697e80c3ad0585175e5fcdba1b6cc7b92be993f76bb49c88166a24f3a353daa4f08e8757f0a2610769c02495cf855a913345141fd92edbd

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
2.7MB

MD5
cb027aa142f066c4f4fb9de5ff6ff493

SHA1
70a3ecaae4728c2a97c99f5fc7c12268e349ec91

SHA256
682500d7ea4034f74fc2387b77a7a6cd3d6e06d6bd992ebbbb29978a33d1bd01

SHA512
79a973dfd3c1a860a495672a07f6f17286cdbebe04492117d03cbcf9e3a383b8140102f2e6cf700bdbe9821f0ae93e5fe52c3604c1be593040e9cc64e76e576e

Download Submit
memory/532-1603-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/532-1612-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/532-1611-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/532-1602-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/688-318-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/924-72-0x0000000002E40000-0x0000000003228000-memory.dmp

Filesize
3.9MB

Download
memory/924-129-0x0000000002E40000-0x0000000003228000-memory.dmp

Filesize
3.9MB

Download
memory/924-69-0x0000000002E40000-0x0000000003228000-memory.dmp

Filesize
3.9MB

Download
memory/1104-1625-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1104-1644-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1104-1653-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1104-1665-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1104-1678-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1564-1257-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/1564-1085-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/1716-258-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-117-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-118-0x00000000009A0000-0x00000000009A3000-memory.dmp

Filesize
12KB

Download
memory/1716-73-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-127-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-128-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-181-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-182-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-253-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-259-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-260-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-261-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-262-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-264-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/1716-265-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1716-317-0x0000000000F00000-0x00000000012E8000-memory.dmp

Filesize
3.9MB

Download
memory/2080-1178-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/2080-1175-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2080-1177-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/2080-1176-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/2080-1203-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2292-1479-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2540-1559-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2656-1562-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2828-1577-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2840-1588-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2976-1590-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2976-1594-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2992-1597-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2992-1596-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2992-1592-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2992-1591-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download