8662964a0c03e181d3a7cd58824a4367a4e970f333d693a995af83bada214c05

Resubmissions

12-03-2023 18:56

230312-xlck4sha4y 1

12-03-2023 18:50

230312-xhe7tseh92 1

12-03-2023 18:19

230312-wycafaeh35 8

Analysis

max time kernel
249s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2023 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MultiMC/MultiMC.exe
Size

8.8MB
MD5

38c782c12952ecaeb3af973a7338790d
SHA1

3167c8152fde81d9b3aebbb41d38a607ba5b48b7
SHA256

4fc7abd9769e631fe1831b8b0da7b924322b77fee774dba6c5d0ccf6f69242f4
SHA512

e72b69bee5cf6ca2c45d8b84f128126dd1c81f03e7dfae4d03e3d906f79bb7e1f9ecad6030e4447783657e59c75017df72f590ca786edcfd2996c88345542a1a
SSDEEP

196608:LjeHzMAqhnF5SdEy/vgiBkxqSdXh9NWompJIwFsBEeVgVvV3rABVLVVkNWV+O8VU:OHOer/vAUpyRVgVvV3rABVLVVkNWV+On

Score

8^/10

adware persistence stealer

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

185 900 msiexec.exe
Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

jre-8u361-windows-x64.exejre-8u361-windows-x64.exeinstaller.exejavaw.exe

pid process

2164 jre-8u361-windows-x64.exe
3036 jre-8u361-windows-x64.exe
1388 installer.exe
4536 javaw.exe

flow	pid	process
185	900	msiexec.exe

pid	process
2164	jre-8u361-windows-x64.exe
3036	jre-8u361-windows-x64.exe
1388	installer.exe
4536	javaw.exe

Loads dropped DLL 64 IoCs

Processes:

MsiExec.exejavaw.exeinstaller.exe

pid	process
4796	MsiExec.exe
4796	MsiExec.exe
4796	MsiExec.exe
4536	javaw.exe
4536	javaw.exe
4536	javaw.exe
4536	javaw.exe
4536	javaw.exe
4536	javaw.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe
1388	installer.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0096-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0139-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0052-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0074-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBB}\InprocServer32	installer.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exeinstaller.exe

description	ioc	process
File created	C:\Program Files\Java\jre1.8.0_361\lib\images\cursors\win32_LinkDrop32x32.gif	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\jpeg_fx.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\gstreamer.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\messages_ko.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\plugin2\msvcp140.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\javafx.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\jfr\profile.jfc	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\libpng.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-conio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-console-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\unpack200.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\prism_d3d.dll	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_240793000\javaw.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\fonts\LucidaBrightItalic.ttf	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\hijrah-config-umalqura.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\relaxngcc.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\ext\dnsns.jar	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\THIRDPARTYLICENSEREADME.txt	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\hprof.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\splash_11-lic.gif	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\JAWTAccessBridge-64.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jp2ssv.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\ktab.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\amd64\jvm.cfg	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jp2iexp.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\Welcome.html	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\flavormap.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\ssv.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\libffi.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\lcms.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\prism_common.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\policytool.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\management\jmxremote.password.template	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\cmm\PYCC.pf	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\npt.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\colorimaging.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\unicode.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\classlist	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\keytool.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\messages_sv.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\cldr.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\jcup.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\ext\jaccess.jar	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\images\cursors\win32_MoveDrop32x32.gif	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jfxmedia.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\instrument.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\webkit.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\messages_zh_CN.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\javacpl.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\bcel.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\glib-lite.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\santuario.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\fxplugins.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\thaidict.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-console-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jsdt.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processenvironment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll	msiexec.exe

Drops file in Windows directory 11 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF4C7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF70A.tmp	msiexec.exe
File created	C:\Windows\Installer\e59d933.msi	msiexec.exe
File created	C:\Windows\Installer\e59d930.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1A9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF7C7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e59d930.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180361F0}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin"	installer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_23"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_95"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_40"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0095-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0070-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_70"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0060-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_65"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0121-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_45"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0099-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_99"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_17"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_82"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0072-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0057-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0115-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_46"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0047-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0128-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0116-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_89"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0144-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_39"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_143"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_09"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0117-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0048-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_39"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_67"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0046-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0108-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_108"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_28"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0122-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0073-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_129"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_123"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

MultiMC.exe

pid process

1904 MultiMC.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

MultiMC.exechrome.exe

pid process

1904 MultiMC.exe
1904 MultiMC.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MultiMC.exe

pid process

1904 MultiMC.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe
3796 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	4024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4024	AUDIODG.EXE
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

MultiMC.exejre-8u361-windows-x64.exe

pid	process
1904	MultiMC.exe
1904	MultiMC.exe
1904	MultiMC.exe
3036	jre-8u361-windows-x64.exe
3036	jre-8u361-windows-x64.exe
3036	jre-8u361-windows-x64.exe
3036	jre-8u361-windows-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MultiMC.exechrome.exe

description	pid	process	target process
PID 1904 wrote to memory of 4100	1904	MultiMC.exe	javaw.exe
PID 1904 wrote to memory of 4100	1904	MultiMC.exe	javaw.exe
PID 1904 wrote to memory of 3412	1904	MultiMC.exe	javaw.exe
PID 1904 wrote to memory of 3412	1904	MultiMC.exe	javaw.exe
PID 1904 wrote to memory of 4516	1904	MultiMC.exe	javaw.exe
PID 1904 wrote to memory of 4516	1904	MultiMC.exe	javaw.exe
PID 3796 wrote to memory of 4932	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4932	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4940	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 3364	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 3364	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe
PID 3796 wrote to memory of 4980	3796	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:4100

C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:3412

C:\ProgramData\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
2⤵
PID:4516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x4c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcdab99758,0x7ffcdab99768,0x7ffcdab99778
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:2
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3940 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3452 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3656 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5572 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:8
2⤵
PID:4872

C:\Users\Admin\Downloads\jre-8u361-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u361-windows-x64.exe"
2⤵
- Executes dropped EXE
PID:2164

C:\Users\Admin\AppData\Local\Temp\jds240736312.tmp\jre-8u361-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds240736312.tmp\jre-8u361-windows-x64.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1864,i,3839375527322666380,14649346131886253217,131072 /prefetch:2
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4392

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
PID:900

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 7A168330FA425B228798B81D6D328409
2⤵
- Loads dropped DLL
PID:4796

C:\Program Files\Java\jre1.8.0_361\installer.exe
"C:\Program Files\Java\jre1.8.0_361\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_361\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180361F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
PID:1388

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4536

C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe
"C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe" -doHKCUSSVSetup
3⤵
PID:4524

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
PID:3100

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:4072

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
PID:3672

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:2788

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre1.8.0_361\bin\java.dll
Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\java.dll
Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javacpl.exe
Filesize
103KB

MD5
85a777d55b268c8d8bb8b8c0a2244e9b

SHA1
6d0889388e875a654d3f67d171c2ea0009f5f039

SHA256
87adedaca5cc9d483f1bef7e06c12bf223c3db79cb6e2d137167f99fad3948bf

SHA512
c581e410b84846aa2dad4e9a5e3561784513ddf09f450fa7d8278bd635877116fed32f35a31b9716edf18acc333b14ebfb05673e671f8a404aa0ee4146eddabd

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
Filesize
273KB

MD5
dc1ddfa9036cd403e17fb7134aff000f

SHA1
0183543dd2fbb2ff7d0997c56ac624e6b2ebff40

SHA256
9bb8aaa6673ec46e5e9cff88fedefad4b33941b0831f4a7047433a24399e9692

SHA512
ecb7603a5f07a95ce3506ecaf38cb07ee089070cc041ce0c92722cafe8c3545b73dd5bf59f06115291b774d3c034c6e677f6fec2780208fa73e387d7c379cb9f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\msvcp140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\msvcp140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\server\jvm.dll
Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\server\jvm.dll
Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\vcruntime140.dll
Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\vcruntime140.dll
Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\verify.dll
Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\verify.dll
Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\zip.dll
Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\zip.dll
Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Program Files\Java\jre1.8.0_361\installer.exe
Filesize
1.1MB

MD5
dcb07febfc873261ae0c351d327027a0

SHA1
b3855001990bb500212f4f8b421594e91f45d5f3

SHA256
e9d0623547dd40d5ccc42e4718d4e307241fcf2d4a5df93d1ec0fdc9925aafac

SHA512
374d8d4d39e344cc050ea0cde3a51db801ba77b18c85934820e6d1f37101922878b4107dc506f5be7ab3e0f2badbf0ace87bb0ab5713f5bdc27df00731f84dff

Download Submit
C:\Program Files\Java\jre1.8.0_361\installer.exe
Filesize
1.1MB

MD5
dcb07febfc873261ae0c351d327027a0

SHA1
b3855001990bb500212f4f8b421594e91f45d5f3

SHA256
e9d0623547dd40d5ccc42e4718d4e307241fcf2d4a5df93d1ec0fdc9925aafac

SHA512
374d8d4d39e344cc050ea0cde3a51db801ba77b18c85934820e6d1f37101922878b4107dc506f5be7ab3e0f2badbf0ace87bb0ab5713f5bdc27df00731f84dff

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\amd64\jvm.cfg
Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\charsets.jar
Filesize
2.9MB

MD5
82ade56ed7fa67287198802746ee6045

SHA1
2c5ad0a04bd0fae259cf29af346379284c684d42

SHA256
c89895405e63110d69bb37178f0650bf2a4a489ab9e98da613464c61c475b58c

SHA512
cd3c2180e185d1fce354ede366845668ab165ad0ebf7fd9cd9fbb3723ab64c3515c30e772e1577a747468e530d677c7955b41528d39e6d3c8c988b11604e470d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\classlist
Filesize
82KB

MD5
7fc71a62d85ccf12996680a4080aa44e

SHA1
199dccaa94e9129a3649a09f8667b552803e1d0e

SHA256
01fe24232d0dbefe339f88c44a3fd3d99ff0e17ae03926ccf90b835332f5f89c

SHA512
b0b9b486223cf79ccf9346aaf5c1ca0f9588247a00c826aa9f3d366b7e2ef905af4d179787dcb02b32870500fd63899538cf6fafcdd9b573799b255f658ceb1d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jce.jar
Filesize
119KB

MD5
1f4d4fc6b33c30c5782c66b80d92c4f9

SHA1
194df32fb23b470dae4929605d18abd041c743c6

SHA256
81b8de0e148ed3601cf5f1bdf2787c5b15213d842bc537af9ede9635d692b904

SHA512
dfde7e03fc106b785887f2a409b3528c5862663f188c95f6a95c739bdfcc8c6205c03b739de1b259e9a8a0360aa4e10e8d4bce1a57445797a214160b8d98a085

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jfr.jar
Filesize
559KB

MD5
18c5aec1e008f781bf74707662920000

SHA1
c29c11cda5b867b68cba1fa7cb331d54a66b3f56

SHA256
e9eab8ec4712142a3ed9ac833d853e144043699c1712986736f3667a9267c11b

SHA512
9988b510d7e036ef41673edd8e38e2f72b695741da3ef63678b808b5e10a76951d016e27cdd23857de0ed0f3b44be8f7fb3a141021b543f104f2a214e53ca74d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jsse.jar
Filesize
1.7MB

MD5
f095a5ac04775e1093d54822460cc5a7

SHA1
2e0f0ec528c41b437126c506a91fe1ad5e699865

SHA256
784b8df88387ee27383d6db4e184b169a21cb4b8bcb0d8395a7b1ac2b128108a

SHA512
c0b5ca94ead3dffd33e19a2d757b2b653867b4f539a143ef17baeef1015c3845aba4f0666ef1d0c7ce02d156ce826b9c324c8159983a71d19d60415d60e25d36

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\meta-index
Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\resources.jar
Filesize
3.4MB

MD5
0fdcdf2b521c8ffba3fcae32a684358e

SHA1
45a3ae43334b1a0f46d76599d3926c40fa790965

SHA256
2189d10490922562be379da742eedc5e77cac61a6d2a484a3ed4693965dfe290

SHA512
1a1489faa7903bc24d4cc3fbd0ee80e79602a39ea9530f10075a52460e6100c807dbafb17e4b1a7997c23cbe3906808291be7718e6525a79a295e1ddc8ed9eda

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\rt.jar
Filesize
53.2MB

MD5
f9067274f870f513dee2284e9089d2b9

SHA1
6aab77a3bf6c208adf805432f407dea41833e70f

SHA256
9016dc6f643af8b411d38fb6189f6af0e6bb39210e3ca379c8313f666c94aac1

SHA512
510a34d46b0187f8360373df3e023eda6b98c1187e35b24bf4bd9e5fc3774532e1e96d93ee08bb3b7e130404855a3704918038f5df4a614d4f520ea896df52c2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url
Filesize
197B

MD5
faded0d5bdcbad42d8f4826cc3c620fd

SHA1
c49c34f2d2160297b1c0c71c327180ed52ff673e

SHA256
d869d1b0c391cd9ce8f0c633cb8e5731c5073c33f875b32a2a61006a3c1bb24a

SHA512
bc60186037724353460a0f7af8b207ccabe64d80aaff796d9ee082c6cb6573ff214dedc22080fdf23664ce79f7604276e1bab746dcf2407a46e40ff38b7119cb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
Filesize
182B

MD5
472d99cc0c3c745e9d794af2495e1073

SHA1
c1fbb2d17fbcea3d8d76d4516cb099ef89c3d6ce

SHA256
0a07df0e4ca2361cbd92c5c56068d8ea51cf0cfcc755d015cd1034c250cf1f9a

SHA512
bed250fb803323ebef7c6af71912572767a6e36e4ed54886d773758e3470c906ca9995dd54c64b43f297c7de676fc47936ced5c81cdf3fa8ee9688d9c96a6e27

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
Filesize
178B

MD5
629c2e7a4d9e24406873fe2fa7543be7

SHA1
d6c48edc07e35c1b84fc2bf5f74367edcd2bd3d2

SHA256
cf23fccf15c640cda1a383a09246a5a1213ebd5c9a1c077ad5cddb785f4700dd

SHA512
00cd51c0377e9c058c3cafcf4ba03ffbdad37711b4bafe054eba978fb3dc4c178cfec0d292d4fee27aea42a8b39ba8187866ad4d304f8b74662bf1accfaae8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361_x64\jre1.8.0_36164.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
8501302c191bc8618a31b6f0fcec4315

SHA1
ef90caa7855a199c303d33ae5c9f29956e39373f

SHA256
c9cee62171199ae1fd9411da6d445c237be4e6a05054f84b35c827b0f170d0a7

SHA512
3b75d4e250a506e5f7ae07284766b78a282e9db9a84e3a269f32b11e8d52867a09215862fc3ce3c8051189d8b6cb7cc60d917a37b87345bccdc19b7d3aac071f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
bac84514c0c3cacf29487c1f3bf74f48

SHA1
9c998b9f802291c79fef64e0d76a6d53c9ca79ac

SHA256
10d85a238476c17ac0d732fb1b5e72023ccae4e2c824177a4acdec5d9e5f712a

SHA512
419472b875b6bca4936dd442ed223af465eddff163a4f2f6a0d8f899daf8e672dffb2dfd513500f158388a192119134d11556cf8b0b2b4c67238594a98a3ea66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
06ae9b8cd9d32d0782165b2381aad45a

SHA1
695223dbf5515acacd8c8e2fdbcde478468677b0

SHA256
c233efb9aeae40e5142764ca23cc13bb3f887cddc01443d3e0f97f21ddf9644d

SHA512
b256f9a8fd6a35df92a189ff455250dae203e786e725e49d6fe08ddec33502eaf38ed584e30bd6d4d7ec59cd936705fed5510466d9ac72cd9ec68d86b4b82f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
84a9c89d589d51aec06a56fd84c1b563

SHA1
0edecc73842624557388282631d86b5b34e5a51a

SHA256
51251f358c5da70925d126ce826775d901e13477fead6a00d4b2e066b874c165

SHA512
7078ff022713d521a36f72621a17040b03c41f710a7510fa80669f2069f1b435f656fb2ae2b746d53ebd6147b2fc393eb0c565e1a41fdcb16446dbe5723ec283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8d22b78435aed66ff6096ba0e4698e0b

SHA1
870c3a7d85374544363e006f2a82eb4ff2500689

SHA256
56184f15cd97a12a67304d6fa101e794b1df7e28ed8f3ab0d35938bf3e39ec41

SHA512
d052b61f4f45ae56eb798153e0f8bc235d2b78861184e717307f0622753b088cea4cc2fa72035f744abcae692b5577246509587b8eebb962d280d6b3559f91f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5178d0f0cff8cd3cef7df000d3ae5991

SHA1
9e8561c7b3984bb054594ae54bee9e90bc30bc42

SHA256
3b41d14873e4f4d4cc91dd6d0ddddd804d10a8d50239cb7b646c0f2a66e7add0

SHA512
13a17cda753de8f115b0f0f96b36ae77cdc3e32d81fe9d6b53f8a3f837fc5341df4293087e25a0f9a3e98aef886760172d9d1e3414ae3db96fb5ad2ed89b4f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
be9d10508a2a14f0c87c9ceb20e8c450

SHA1
e4ecc6d970338b022c002b4d04db4a6d617bcccd

SHA256
ab218beb3e2512e2e9d4177552c341b8e9084a39868ce7e69901ab1441a8525e

SHA512
75923118d9d4727b7c016eb930bee034b6bd88c7567ff36880794457d6d042e18e458a595ea3ebc034bb4eb72e5e36984988a5eb5914c5507a22287a897acd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
eb0dbd3e6e34582eac34a50741e2abb2

SHA1
c7fb11d7d2b41cf8a2238e544c998dd7e2ee1a9f

SHA256
049f6f017e3bec322e187d946597ab2f5a106088d5b960c478e42b8cdd647ea4

SHA512
a8da168ead8b33d9749dd615e4fed737f157eab5e9fb50cbddc7a33f354c61f4ae7f1260f218e2be3acc6907d174bf3d9d480c3db84f9f136b1acc67bab3ba12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f361f5207982d7742746490057c9ab0c

SHA1
534e314d58f3a59b93fd7805c912c5c7085840ba

SHA256
363957fdd54ae6093c69990ff144b3910e2c8895017e25ad31bd02ac9008b25c

SHA512
f51ef29a8465af1b760b68b41600264652b4d682fd47c108ae3475cf9875348290622f6070d1f85e030c5ce755e2c579c2ef29823958c6455a33d2386dbbd70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
44f983beb15a2d3f610a7a9632b7c5da

SHA1
2ffee2468afbf751f6e7cfc14d04b15e2038fca5

SHA256
d9e461d2136991b3bc29ee7dbc08437f0223abf317d263e65208d09b7a4352e5

SHA512
caf8552a26e711a40b34130f60982c05e421141c243d93a632967b74f18564e9c4aa7376c2f53e960a41f8ae3545bac2525f730d4134c84fb47ddffa4cfae2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
327a64d4665b1504e92bb83bbf7e4bcc

SHA1
b30ee788a50c9e64296d82c24d4171da80677a93

SHA256
2bbdeb7e2c3766469a3577e4659195fddd753a5fce63f86714ebacece28215ed

SHA512
14bb81cfa6d417c790c5a78cef18a9f255f43b4ac4b92a5a2098f36b1c06dbbc22e0d7f58b5a57255758e59b1cdd7bd82144ae2606b54da79ffcc9ff317f39ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
3b86c59369361ec92e74c7eeee10d2a9

SHA1
0e2806a690702755f9e3d5556f9b483ccbf83b61

SHA256
7f7a983b415bf2ea94b39485e9362be3323ddea6acf4b54a615cd9c7cf5ebedf

SHA512
45fb6476f6a5a4bb2422962fc97672f40767197ea90701cd92aa1b6cdd4fcd38a79f07ac80b11b4794be4724eb4717e4ebc4a3d2525902eb319b2abde749ab7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
847e83a8d3072c17ec05c037bd9e7f49

SHA1
155e8a2cdb016900ffcab11b19980ee43dd935cd

SHA256
0486ffa4165cd63587c5f00d9d7e9a3ba7a6f90ead774f638442bbb945dc6fd0

SHA512
30ad4ed4181e507a8eb7ef2e194f8781d3314d02a04321e76905a4ca5af7ee1a4230cc06151fbdf1d390853332733e9305eb8f7a145d3805f64a920297ca0a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
cc68aa6a66c29350d11068b23b607640

SHA1
ec1373eed0d80258bd7bd7f3ecad5c4883d20021

SHA256
993759413ac2247d32a66b0bf98ae2ebac404439f76b6129d37453d914f3317d

SHA512
9f9354e5ec2baacee0ddc2da8f52483d04be1f9351411429ae9987e44b200692dc483ca8abced2ea24d665c064c3135bbfc7494a8fbd742db113a444792d1e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
15dda05017c93f1c1ff1e9804f095e22

SHA1
3a7145a38bc411b1aaa30cce3d628895bc6fb9c1

SHA256
7504e5df49cba1de4faf03821a8b57e99f877a4ba6678e7e735af202b22c07ee

SHA512
c8b17016422536b62a38e0eaa1e5461f667ab274a95006e07f1471ffc36a2e1c641e74b8368a1144f747646f77a3478d4f06a9ebd12b780c29ec3ffa84765de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
b7d740519e47eb0124fcf2ab507862ca

SHA1
d5caf6ff04fb42486d87590dac40b4619b07a4d0

SHA256
f95cae5dcd69689acc7fd93df03d6792e112957126cd0a41803d77edb19e80e3

SHA512
e2b191965eb63d936048ad0edeeb3c0c1ccf47c874bb9ae97d73f5f936e21909a4b49ddf0681adf23ca5407a14db7af43f020ec626407e4b2165d600758c2571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5902c5.TMP
Filesize
97KB

MD5
485a50379ccad66369bbf413da7390ed

SHA1
b35936c53be7c696d7ac973e5c714e7c4e8bf55b

SHA256
be7fc9d9b1d8112b03c54442c7ee5f9a844563b82ee12df0d7a4937546659b17

SHA512
1dc65547443e7eb64f4d940c997414c722f3be44580b649b3c90226d00a4cd8ba488641086a1cf2b68be4553519b2c2eaf405ac208949dea43d0a6c06fb3d8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MultiMC\multimc.cfg.gC1904
Filesize
385B

MD5
c2e90aa215f5aa0a6844f4d6c41bd736

SHA1
240395b3ef87ca56cc3c44a5bd802bb2209ecd7c

SHA256
e6db85ca26144c930bcb0f5da1a9b97d158140f58fefbee626940b29543847f8

SHA512
6af2db798813eda6d95ef8b65ff444434db75f23aa4f9919082188173417102ba3f5af6a1d7f51d138cc9f355e949f14c9271c09ce93ea4b0b8e0dbda8458d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\MultiMC\translations\index_v2.json
Filesize
15KB

MD5
4d18ce01732ff1fe8305af3d74e6cb41

SHA1
43437da4cbc9e0e6adbc88a76e75721963c07d3b

SHA256
284159c2183faff37ff5659330ea42e31acc1ab105f68f9efb5faffc83ca98fe

SHA512
d2e9466bfeb76eb46d9d1cd144ef04c3f51512bf92b2f15d3d62344e90beeabc5b117a5afbcac860cfd4910e66f8716f59a68837bcd125851a15d548bff122af

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240736312.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240736312.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
c3bdb739f98c8eba3059b57d83e19c59

SHA1
4205ba771f4415effdaa30758c63de198e603537

SHA256
8f5e3e9354907732e040750e30a440ae56bdb8d48603c69d34a643fa9a63a5f0

SHA512
02fdf10fdf6784d39d20882165d4979add4d7e79b412a9147b201236406674037595175c3f9c7fba6c2f075aad1090a150c85eeddf5267a62fbf74e4ba128b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
8ca0cce64a1099459b89e735514fa71e

SHA1
92f1cd02f56e011d20f091e049e3e8c9e8f740d8

SHA256
564db62969dc91f11fca576c50ab4c796b61dc03d62dccfef4f4abc5ce1a62f7

SHA512
56c45ee87b078ac9aff4f1c97bbb1379b591311376d0ec9367285bd6089ceca309a552d80a6abbd4f9e788c7470cd246e38ac60cdc3c978deddb86ebb4cc5e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
285KB

MD5
4eaab6e891907490c57ddb2c3bf62d50

SHA1
2d807e766630676aa200c21fb818b75d5c5966ba

SHA256
9d39e1746088395e1244eca1f18485d5e0361b248dce0611d2b9ee4bbcab21f4

SHA512
3760b7cf2e1da6a32fce4ca33aa2392fa83cc25957d7715c8a2dd84f0356ee6bcaedd9bd03a42f5648190b7c76d4e8a0c9f3f276ca07597a1cea42bca3d67f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
304KB

MD5
3b413c7b2b65eaadeaf24da7ff521591

SHA1
9e3323bfc14f067148f0cefa229d55651b9e6a0b

SHA256
1cbf4dc7219f87f318800d4262420c0cafdfb3e5a394965fc2077eca5da5efd8

SHA512
7c862a47d560244c3ff9efb87bdd7af5f6c26fe11ac7c37d499998c137185c0c70723c16e03a578c42771e1c337154b2f7bdbda9734ae3eccb1a049bd4dd95af

Download Submit
C:\Users\Admin\Downloads\jre-8u361-windows-x64.exe
Filesize
62.1MB

MD5
e70de386ebc763932a181fc37a2ad042

SHA1
18e76e452b289ae2fc167667b55a81b11ec2693f

SHA256
419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

SHA512
a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

Download Submit
C:\Users\Admin\Downloads\jre-8u361-windows-x64.exe
Filesize
62.1MB

MD5
e70de386ebc763932a181fc37a2ad042

SHA1
18e76e452b289ae2fc167667b55a81b11ec2693f

SHA256
419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

SHA512
a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

Download Submit
C:\Users\Admin\Downloads\jre-8u361-windows-x64.exe
Filesize
62.1MB

MD5
e70de386ebc763932a181fc37a2ad042

SHA1
18e76e452b289ae2fc167667b55a81b11ec2693f

SHA256
419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

SHA512
a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

Download Submit
C:\Windows\Installer\MSIF1A9.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF1A9.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF4C7.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF4C7.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF7C7.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF7C7.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIF7C7.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\e59d930.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
C:\Windows\Installer\e59d933.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
\??\pipe\crashpad_3796_UBFPANGSICIAWVBE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1904-168-0x00000000001C0000-0x00000000001CC000-memory.dmp

Filesize
48KB

Download
memory/1904-164-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/1904-221-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/1904-224-0x00000000014A0000-0x0000000001A15000-memory.dmp

Filesize
5.5MB

Download
memory/1904-218-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1904-198-0x0000000006840000-0x0000000006851000-memory.dmp

Filesize
68KB

Download
memory/1904-185-0x00000000014A0000-0x0000000001A15000-memory.dmp

Filesize
5.5MB

Download
memory/1904-182-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/1904-368-0x0000000000110000-0x0000000000120000-memory.dmp

Filesize
64KB

Download
memory/1904-179-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1904-133-0x00000000014A0000-0x0000000001A15000-memory.dmp

Filesize
5.5MB

Download
memory/1904-171-0x0000000005420000-0x0000000005632000-memory.dmp

Filesize
2.1MB

Download
memory/1904-170-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/1904-169-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/1904-166-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/1904-167-0x00000000014A0000-0x0000000001A15000-memory.dmp

Filesize
5.5MB

Download
memory/1904-165-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/1904-220-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1904-162-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/1904-163-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1904-161-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1904-160-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1904-158-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/1904-159-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/1904-157-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1904-156-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1904-155-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1904-154-0x0000000000400000-0x0000000000A1E000-memory.dmp

Filesize
6.1MB

Download
memory/1904-149-0x0000000005420000-0x0000000005632000-memory.dmp

Filesize
2.1MB

Download
memory/1904-139-0x0000000000400000-0x0000000000A1E000-memory.dmp

Filesize
6.1MB

Download
memory/1904-138-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1904-137-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1904-136-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1904-135-0x00000000014A0000-0x0000000001A15000-memory.dmp

Filesize
5.5MB

Download