396402bb7af23445f68cd23efc0e2486cf67ea3fac5f2702c803565ab1f3040a

Analysis

max time kernel
131s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-03-2023 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.83-Installer-0.8.1.exe
Size

18.8MB
MD5

6a2cf94c86c3b07703300abbd75ee66b
SHA1

d7153451f03fbf8044dfe9efede762369434d53c
SHA256

396402bb7af23445f68cd23efc0e2486cf67ea3fac5f2702c803565ab1f3040a
SHA512

83fd9f266d16496c647557af166573cdf2966701c7b9d860d21b6b0c9d28dfd7fb15a17a38c8bf36bee82921b7f59a6632de961f6f23346e9fe888ca73934ddd
SSDEEP

393216:5Xv7fNlJSj0fs/dQETVlOBbpFEj9GZdqV56Hpk6uBYhK0NvSgr:5/XJSgHExiTTqqHptYYYEvSgr

Score

8^/10

adware discovery persistence stealer upx

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

21 1168 msiexec.exe
23 1168 msiexec.exe
25 1168 msiexec.exe
Downloads MZ/PE file

flow	pid	process
21	1168	msiexec.exe
23	1168	msiexec.exe
25	1168	msiexec.exe

Executes dropped EXE 13 IoCs

Processes:

irsetup.exejre-windows.exeinstaller.exebspatch.execonhost.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exe

pid	process
2012	irsetup.exe
484	jre-windows.exe
1324	installer.exe
1536	bspatch.exe
1676	conhost.exe
112	unpack200.exe
1752	unpack200.exe
1536	unpack200.exe
920	unpack200.exe
1156	unpack200.exe
1216	unpack200.exe
1336	unpack200.exe
1940	javaw.exe

Loads dropped DLL 42 IoCs

Processes:

TLauncher-2.83-Installer-0.8.1.exeirsetup.exemsiexec.exebspatch.exeinstaller.execonhost.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exe

pid	process
832	TLauncher-2.83-Installer-0.8.1.exe
832	TLauncher-2.83-Installer-0.8.1.exe
832	TLauncher-2.83-Installer-0.8.1.exe
832	TLauncher-2.83-Installer-0.8.1.exe
2012	irsetup.exe
2012	irsetup.exe
2012	irsetup.exe
2012	irsetup.exe
1240
1240
1168	msiexec.exe
1536	bspatch.exe
1536	bspatch.exe
1536	bspatch.exe
1324	installer.exe
1676	conhost.exe
112	unpack200.exe
1752	unpack200.exe
1536	unpack200.exe
920	unpack200.exe
1156	unpack200.exe
1216	unpack200.exe
1336	unpack200.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
852
852
1940	javaw.exe
1940	javaw.exe
1940	javaw.exe
1940	javaw.exe
1940	javaw.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe
1324	installer.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/2012-182-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-330-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-332-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-385-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-422-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-1159-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-1180-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-1241-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-1307-0x0000000000160000-0x0000000000548000-memory.dmp	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe	upx
behavioral1/memory/1536-1377-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/1536-1378-0x0000000000230000-0x0000000000247000-memory.dmp	upx
behavioral1/memory/1536-1383-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/2012-1714-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral1/memory/2012-1739-0x0000000000160000-0x0000000000548000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exemsiexec.exe

description	ioc	process
File created	C:\Program Files\Java\jre1.8.0_51\COPYRIGHT	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\zip.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\GRAY.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\sunjce_provider.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\pack200.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\ssvagent.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\content-types.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.password.template	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfg	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\j2pkcs11.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\net.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\tnameserv.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\klist.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\management.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\policytool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\jaccess.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\sunmscapi.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javafx.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\currency.data	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\[email protected]	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jfxwebkit.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_TW.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\flavormap.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\rt.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\installer.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\dcpr.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jpeg.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\resource.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\w2k_lsa_auth.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\resources.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\java.policy	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\release	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glass.dll	installer.exe

Drops file in Windows directory 6 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\6d39a7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d39a7.msi	msiexec.exe
File created	C:\Windows\Installer\6d39a9.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5185.tmp	msiexec.exe
File created	C:\Windows\Installer\6d39ab.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

irsetup.exeinstaller.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_53"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_34"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_68"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_62"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_59"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaWebStart.isInstalled.1.8.0.0\CLSID	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_94"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_73"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_67"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0100-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_27"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_54"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_90"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_28"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0079-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_79"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

irsetup.exejre-windows.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	jre-windows.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	jre-windows.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

jre-windows.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	484	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	484	jre-windows.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeSecurityPrivilege	1168	msiexec.exe
Token: SeCreateTokenPrivilege	484	jre-windows.exe
Token: SeAssignPrimaryTokenPrivilege	484	jre-windows.exe
Token: SeLockMemoryPrivilege	484	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	484	jre-windows.exe
Token: SeMachineAccountPrivilege	484	jre-windows.exe
Token: SeTcbPrivilege	484	jre-windows.exe
Token: SeSecurityPrivilege	484	jre-windows.exe
Token: SeTakeOwnershipPrivilege	484	jre-windows.exe
Token: SeLoadDriverPrivilege	484	jre-windows.exe
Token: SeSystemProfilePrivilege	484	jre-windows.exe
Token: SeSystemtimePrivilege	484	jre-windows.exe
Token: SeProfSingleProcessPrivilege	484	jre-windows.exe
Token: SeIncBasePriorityPrivilege	484	jre-windows.exe
Token: SeCreatePagefilePrivilege	484	jre-windows.exe
Token: SeCreatePermanentPrivilege	484	jre-windows.exe
Token: SeBackupPrivilege	484	jre-windows.exe
Token: SeRestorePrivilege	484	jre-windows.exe
Token: SeShutdownPrivilege	484	jre-windows.exe
Token: SeDebugPrivilege	484	jre-windows.exe
Token: SeAuditPrivilege	484	jre-windows.exe
Token: SeSystemEnvironmentPrivilege	484	jre-windows.exe
Token: SeChangeNotifyPrivilege	484	jre-windows.exe
Token: SeRemoteShutdownPrivilege	484	jre-windows.exe
Token: SeUndockPrivilege	484	jre-windows.exe
Token: SeSyncAgentPrivilege	484	jre-windows.exe
Token: SeEnableDelegationPrivilege	484	jre-windows.exe
Token: SeManageVolumePrivilege	484	jre-windows.exe
Token: SeImpersonatePrivilege	484	jre-windows.exe
Token: SeCreateGlobalPrivilege	484	jre-windows.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe
Token: SeRestorePrivilege	1168	msiexec.exe
Token: SeTakeOwnershipPrivilege	1168	msiexec.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

irsetup.exe

pid process

2012 irsetup.exe
2012 irsetup.exe
2012 irsetup.exe
2012 irsetup.exe
2012 irsetup.exe
2012 irsetup.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

TLauncher-2.83-Installer-0.8.1.exeirsetup.exemsiexec.exeinstaller.exe

description	pid	process	target process
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 832 wrote to memory of 2012	832	TLauncher-2.83-Installer-0.8.1.exe	irsetup.exe
PID 2012 wrote to memory of 484	2012	irsetup.exe	jre-windows.exe
PID 2012 wrote to memory of 484	2012	irsetup.exe	jre-windows.exe
PID 2012 wrote to memory of 484	2012	irsetup.exe	jre-windows.exe
PID 2012 wrote to memory of 484	2012	irsetup.exe	jre-windows.exe
PID 1168 wrote to memory of 1324	1168	msiexec.exe	installer.exe
PID 1168 wrote to memory of 1324	1168	msiexec.exe	installer.exe
PID 1168 wrote to memory of 1324	1168	msiexec.exe	installer.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	bspatch.exe
PID 1324 wrote to memory of 1676	1324	installer.exe	conhost.exe
PID 1324 wrote to memory of 1676	1324	installer.exe	conhost.exe
PID 1324 wrote to memory of 1676	1324	installer.exe	conhost.exe
PID 1324 wrote to memory of 112	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 112	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 112	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1752	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1752	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1752	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1536	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 920	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 920	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 920	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1156	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1156	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1156	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1216	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1216	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1216	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1336	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1336	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1336	1324	installer.exe	unpack200.exe
PID 1324 wrote to memory of 1940	1324	installer.exe	javaw.exe
PID 1324 wrote to memory of 1940	1324	installer.exe	javaw.exe
PID 1324 wrote to memory of 1940	1324	installer.exe	javaw.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.83-Installer-0.8.1.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.83-Installer-0.8.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:832

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.83-Installer-0.8.1.exe" "__IRCT:3" "__IRTSS:19711314" "__IRSID:S-1-5-21-1283023626-844874658-3193756055-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:484

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1168

C:\Program Files\Java\jre1.8.0_51\installer.exe
"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" STATIC=1 REPAIRMODE=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1324

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1536

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
3⤵
PID:1676

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1536

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1752

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:112

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:920

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1336

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1216

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1156

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1940

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
PID:1360

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
4⤵
PID:1748

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
PID:1688

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-250502041140605229799012705116803054098396810031936958327-1030933608-4443358"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1676

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
Filesize
1.1MB

MD5
cb63e262f0850bd8c3e282d6cd5493db

SHA1
aca74def7a2cd033f18fc938ceb2feef2de8cb8c

SHA256
b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012

SHA512
8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe
Filesize
75KB

MD5
f49218872d803801934638f44274000d

SHA1
871d70960ff7db8c6d11fad68d0a325d7fc540f1

SHA256
bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528

SHA512
94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
Filesize
314KB

MD5
5ed6faed0b5fe8a02bb78c93c422f948

SHA1
823ed6c635bd7851ccef43cbe23518267327ae9a

SHA256
60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5

SHA512
5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll
Filesize
8.3MB

MD5
2894ece7b8de355b13978d6b8ec6e68c

SHA1
cec5cd8450498ee6f81eae2f10e56726b6125be2

SHA256
04d85639dacb86c6efca146051681608727f0376ca5293b9f83b232fc4db6a54

SHA512
634e1cedf63d384c072bbd32dbca35982f7b2a7a77ab6d11130f2d45fd164d17ad080206a650854473370e824ec1153c61821c318a2af7954d2031a38d37bfd4

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
C:\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfg
Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack
Filesize
1.0MB

MD5
45288142b863dc4761b634f9de75e5e5

SHA1
9d07fca553e08c47e38dd48a9c7824e376e4ce80

SHA256
91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac

SHA512
f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack
Filesize
1.8MB

MD5
5cfc3a1b269312f7a2d2f1d7c0497819

SHA1
d048284db9ce7103156f8bbce988b4d9978786b7

SHA256
80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26

SHA512
8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack
Filesize
4.8MB

MD5
8dfebf0b78c6e3bf5aa5002ca9a6da1a

SHA1
1edee53b9e0af5d767d0051c2beccc474035024f

SHA256
0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

SHA512
f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack
Filesize
1.3MB

MD5
2ad7c3462a7494b29edbe3701ebeab4c

SHA1
7358ab9b0c4771efdc0d28764b90a46aac55e865

SHA256
7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db

SHA512
8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack
Filesize
211KB

MD5
5a83bc9b3e4a7e960fd757f3ad7cd263

SHA1
f5f308aec7e93accb5d6714c178b8bf0840fb38d

SHA256
0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5

SHA512
b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack
Filesize
150KB

MD5
168f72fd2f288a96ee9c4e845339db02

SHA1
e25b521b0ed663e2b050af2b454d571c5145904f

SHA256
5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6

SHA512
01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack
Filesize
482KB

MD5
538777ddaa33641aa2c17b8f71eed307

SHA1
ac7b5fdba952ce65b5a85578f2a81b37daed0948

SHA256
9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135

SHA512
7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack
Filesize
13.1MB

MD5
f0177701b36068c9a2bb4924dd409fa5

SHA1
71e4b32c95e20dd565a6603d3de3819eb4f19d33

SHA256
93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec

SHA512
8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8
Filesize
78.7MB

MD5
22646919b87d1a6dfc371464405b373b

SHA1
2296c69b12c3e0244fc59586f794457a4735e692

SHA256
0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11

SHA512
b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\diff
Filesize
9.1MB

MD5
d417682702b140d7131851bae877f046

SHA1
aa78da727e8a62c839a9bb6f7a93b48d3a04be70

SHA256
3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8

SHA512
9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\newimage
Filesize
79.9MB

MD5
ba85f8b5a9bf9b6320a6dae439e0f536

SHA1
fc8dc72b58ed72e910ec605537bd35069db324ee

SHA256
caafa9c10903317fc968b8807c23057173859ab6cc8aae89b77220a9d4ee6777

SHA512
75b000b3e21e4f8f4c57032f4dd4d5c526a7bd3fb65da77356a7911f7281289b5512cc90d48cc43b0897b46e40f1ad8de8d1af30ab427ae16625f6007cf4c149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1ce9cb511e9b417561e21949e7f59d8e

SHA1
308192b6744512b4fad5cd9dd52e84a27bf232c2

SHA256
e3b3f2d01db2c8d248beb6a4cd7a0300b652a7857e723d5cdfd743467b74d54b

SHA512
57779734595a609eed2143bc5d1bb2f2fb58b2a350091b80113bca42ae5892b3df8350e6e401cbcfac6bcc91ec55a3e69fd33b2536098b901601a919085accfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
99d65b3842f8369bbc6b3e555c6156b5

SHA1
f24c9b3abefe309943d93450e7f359ff7e8a0790

SHA256
fa913e122182ce5facb09b97e1d3ac4556898349c95b9d0c09035ea1b790065d

SHA512
501b1b599f0289411c7d72cd2d01925159a1ed2389a65c2740d71fb8bafda95946beed493921130bb33c65155509c9420fdce15e175fedc2d5a4baf2d6d1abb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C0A.tmp
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42EC.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
a2fea8c677a9245123ad4924511f195b

SHA1
bb73ecec48ed31e41161dd98aa858aa40f7a3c7d

SHA256
377139ee38b37d1641b440ff6de57d5d02faa7122bc423e131608ed68a83a0cc

SHA512
bfc01cdbccd67b6cf2f1a9a5f08e5e6b0ddf053cc72f4e670f3f7bdfd70769e9f8e3bc9caa4db05905189783347aef123accc9db6d732f6bb372859fd647f61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG
Filesize
2KB

MD5
b1602efceb71c87c12578a435848ebdd

SHA1
30f021df2ce43812c232929332bcd0527d8187fa

SHA256
4641843874f5084f293ba3b3b8e9c1d48c443306bc6d50967097fa0c5c5e2be6

SHA512
984d712df34141e4af06aeee7fac9f205c244e3b08aa9664ee6d81f0c497514f427c2606293fab37791541f157a641a985f541f8033521b4b2ff26aaf04604c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG123.PNG
Filesize
40KB

MD5
446ab0231c0ae0f52b18b16dd95d8265

SHA1
7d92f574ed5a85de57801bdd3784562541032886

SHA256
01b6ece82c00d470441b0f3c0c7fc8e88e46247666a9576b5ed599ed5eb2fd11

SHA512
aca36dcbe7996b2506901f96427494e7d644ce667e606d183075340ab37170b641737b8f75ee367ed89fc0b48a38b02ce2aac39da9d25588b782763121a4c19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
318a8e9f19b14cb62c74f99554e2c274

SHA1
4e6a0a8b3a6721ce06f42254b673513c4d6eb5ca

SHA256
405a9a6a82147841d2a75dab9b46c69b83ad81cd40e7b185f07d06f62ebc2cbb

SHA512
e0239af964d55283609d5b51352af0280d2f9c0e1d541e98c694a62fad89e51114bb0387e6b80f52321148fd4781706c85111ef9168a660daee7dd23a2202105

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG
Filesize
1KB

MD5
b955c3b8d6442b9ac1dcdeb4a501a597

SHA1
3f0b86939a944fad61893ff476debf4320f4d087

SHA256
cc15d7d35b7d9bc1c25046d55394c1990bcc00dd51a6bee72c2dc429156a3a04

SHA512
b4ebd4bc1c6b0fdf3043691a6911c1cf2c2c7e31bc5ca1c14712ec72c88c058c892f70a35b35293a095226f902b45ca8b3ee1b8f0f74e79dd5a750a5aa4b040a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
78085d68ce818eb79c55e429986bff8c

SHA1
2c784334a0695ea4fe9da369ef184e71b56dd183

SHA256
27d4bc34e219c64599e4daf81f9061d11bb3a2d3fd336190bb6ce2cd39bf5a1e

SHA512
8cac162bd051e9bf345e108f5f320eaf5680d44693694143f587111033ee75eb9a5b40dbc4dabb3f788141391ba36ced565bcff305d31f3f1ae686c4e30e54cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG45.PNG
Filesize
438B

MD5
3a3b0f24474b8636bb27a2a81199c5de

SHA1
309a7734e2bd793dc1de5affbb8653419c13e4a7

SHA256
131a70cec7c03793a4ec3f235643fbdf2b88a1eda51600fd7960b99248589770

SHA512
bd6f0864f5845b93dc3f9f73b6f9a3b3ea0ea78e479776cfbaa1efb1085c879996e75f853feb61cdb0ce9cb5ada4d734ec6c524e9acd797211deb36e53cf30cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
Filesize
43KB

MD5
124d34fed58e13397c7a16e831d14a95

SHA1
b8f3a79e2701d00fd9e82fcaf24eeb0202e12204

SHA256
69f3ad8aef8386a41cc8c898d1b83003a35c7586612e949d390d6d8c4a418ca3

SHA512
3560459a7c62ce44843135ff09a970155fc21696bf4113c6c87907e76b7c9306cebcb1e30777cb06a28cd8bde5d5f24caa286133fc9dfc152b557c6293b44ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
Filesize
1KB

MD5
438ecc88ab6b42d6eff91a67d14cdcff

SHA1
f343ef96dc80a18c9efed3d1be6f2fde993df4ae

SHA256
9ec144f6495f3b53f4203a944ece4f146678f70bd05e423e545c4db5211daa1f

SHA512
efce4b8136a3fcb29e6dbb6ca2aad409128d5498966ba1547cba468e275e1f5f31a143bd540bbea4812752673e3a3459619631a3c92e9526e5afd664670d8f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
2KB

MD5
247c9088c9a32848258b9afb7c4ad325

SHA1
1b79237e67109ae649bc3d802d3fb8eebdb0a7ee

SHA256
5cacde7b3508dec7769b9f3498b09b7730695786e6aef62fe760306d9187cfd8

SHA512
55d89f5cc106050a55757e6d87cd65ae551026f9f78cb2853bbd1a7a57bea2f272539df4b2b1d1e7b69298538e8c20bbda04599b7b3f35055971fabbe3986b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
7KB

MD5
0281eec0ee03b44c4f38ef3e0446400b

SHA1
8cfb7f44dcce79482718304fa534de574611c422

SHA256
f9ae92349dbf22f9ed9214cb34f115ca3d6f2479f030d45a8f74c611fbf5e4c4

SHA512
7dae6ff864d04941ffdea5f51c8ec0b0f81cc4a944ce28ac87945fc827bcc24a1a7421fed4d858bd5f703982816441418babfd1a88c80f8e80b36458ae94fdf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
18KB

MD5
11a677567d96bc4a9ad5253df91fcc90

SHA1
0eeb882792fd5ef88d6384663d3b0987a546454b

SHA256
06ebba8aa3b7833d444fc302914925979193ece421547f017375b406bee81d9b

SHA512
0215138997079f604caa57fb383c9c84f8801d8ac823f46eaca68b21cc594ca221b308b4dd7a768acf2cf067c70f4958d89227320d3e89a028125c7c8e3ec5d9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
4.3MB

MD5
4dfb92497b75bf3f23cda9b5f6ca89a4

SHA1
503d143dc15ad6a22424fb9aec6117088a049652

SHA256
cf0cf5f70ab77b9b596814b0dd0083afc10cf61f8aed6b240c2e083710c695af

SHA512
e9c578849da7b1cfb19369c15aa062ce365ccf16100ff8be59c9493a6e8ee9480da9fb4176c338ce96e2e66f982f5ee5ca36b7c8fad117abb32558128bfc1195

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
Filesize
1KB

MD5
d50c2a5add32718e5f41e9243b491ad0

SHA1
6763304031e9a1faeee3a9f33596e59ab3cbfc7c

SHA256
72527f4b61f7deeaf422d9f19f2d8887a087c9cf96079420cfd62a556c35b703

SHA512
baaa8dc40bc34be5fefb942a4849aa966b2b9742b610ee88cf285151a66470fa5b87eb35ce1f67575d9d1ae5328dc87fc5a3b403062d5e7985dc7732682d900f

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
Filesize
45KB

MD5
5eeaedadefd92999952ff3123a069240

SHA1
5813ee0aa7978a0eeef189d88b74733398ef8bb4

SHA256
697f25421c911e36b1ec178acc632959927d7778b631579b46b23a6f269dc82d

SHA512
63e799c9d29389af3fe4b5730f47c6b3d79641b845c1c1b52bb00729f01fb0435e80b795a903c58ac924b4d5ce6a7d4453e4a3d57163a057e01ddde2f10c90ac

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
Filesize
457B

MD5
feed84ac064c82f82cd257e9cabaf9eb

SHA1
8e59167120a417a7e3b970e925ec9182cb553eac

SHA256
f1c1285f9347a54cf498bfb8177131a8380f3209bcbae4c11b616f4f99beee37

SHA512
ca5ac8793e12a11107836f22cfa6713c9dca6ce0fb843d3771f9b19d57737001ee4e067284d6dcd9083d1703f874e3c5ef8c41128551c015079c95d6a8f99619

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
Filesize
352B

MD5
62b54fc16be8732a6b5a671376337c18

SHA1
67dafc6124df2fbd01598bdffbc52eede9f29d64

SHA256
fdf739dbe88e288628f79f24876f3245a84af5a02b685df02c4eabb8e7777e35

SHA512
3227ea9c4b4e2928b74c7af808f23f199ac37473d884c10f30db929d65cb90815b33f32fbef0b1022cfb6b6211f9316401ba5f73f6a95eaab36c8ee37e9ef796

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG43.PNG
Filesize
15KB

MD5
51572854c929adfea7f9c45b6a68835b

SHA1
8d968768ae11208bd0e1f55d8cb4129c029af896

SHA256
e0e11316538f26857f4dc0a86ef92ffa7b8b67b7edd8f0a278b92087cc535db2

SHA512
69bd602bcdc9d9375ba20cced6c0a7d8ec2708fb28e6f4aeb914c51d2a1994062676a727b6c1708464a8ca2310f5d4ba21076274fe4077dd3c74d1603f0f2d68

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG44.PNG
Filesize
13KB

MD5
ceb0418e029d65ee11d6423b11fd7d59

SHA1
c198a13b271fb0dac6ffd68eedfb389c2833a90b

SHA256
c42ba773eb6572d15aa5059f004b64a4723b5a939b798afe63ccea12c537f85a

SHA512
6b6cb4c4d1dc86c0394746e9223ca853869d45f87b6a0dadfeadd3861edaa36fffe7ceb051ca1abefa13a3ec5554cd24126a10a45b354ea53a5de1cb68a87768

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
Filesize
206B

MD5
11b1190ace654f873e622424c83bd409

SHA1
2532b581719968e289104078c565127e35fab587

SHA256
ec5ea3983fcae60904e224514fd90054c5cfc04afd7cfb25774bddbf4fe22af8

SHA512
ed989e49c1a2aea7fbf30476d29be4a18ed173eecf053064f13662b470832af6ac66949e55436c91a43a1c262dabe14db95620c1abc5f2ae53e3b86c1e6ba7df

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG47.PNG
Filesize
25KB

MD5
abcc4c1e25a7eb2d3c908753bbfaed14

SHA1
c1f952af6b129b2b080ee98c68fd8c9e7342439c

SHA256
95ae8798732b613019036d1c6b57a214ea4aecf5e3b84c7a9d3ce159a36c30bb

SHA512
0f9785342fc5fa94c012751ad8164b0f74a1910eba05b8e31e60aafd37aaba936106e07ce8d5d0f7fcbf9187f6ce61db57ed37c91768d16cf0187d12e9bc9a24

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
Filesize
1KB

MD5
00aa6d4d823d3ff1116f1f20781a2a0a

SHA1
4fb76e608dc77cb716c9ead214f6a6ff45e4ea6a

SHA256
2a84f96b7580fcbbb733f3cf2c3c3b630fe64dd333a6d0b16194e74be8e67be4

SHA512
883ddf0d35f79b9d70afe8156c471175517e78e6f73abc95cd789b4b905940fbcf5dd4779ee4c4d14e2190bca6aa37cb4c9593255a0dcca7575afc2a2edd837e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
Filesize
1KB

MD5
a6c552d2ca8bf61e97ab0648c66af06d

SHA1
5d2935808ddc03a243eb26dcbaae3b0d528e01e2

SHA256
918c051a98329d27a8cd8d647d277fc327cf3f348acbfd5b93721907b9bc40ea

SHA512
4c278bb3d2589cc6f35f3f7b23cac3161912abb348fbc17c30428c8c7324d39b94652aab0e555652bf046aede0f378872bffae2fc2e3dd592a16d8708f598075

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
Filesize
41KB

MD5
4093758b319e6116a970f03f6a361796

SHA1
f25078201cb54cef3014fbd12d0746068df95905

SHA256
6475429d850cd61f40d7001c0132497ea59f808106fefbd9d18a6ac641fa25c3

SHA512
3285ca9116bfc3aa9b1bde84a1facdd4ffd289054df7d817125a68281eedd64d65c98810ecab20657aa6e2a46b3dfc5aeb3d3923918758b96698a0a28bcc8f65

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
Filesize
1KB

MD5
153a12c9201a53260d50532c30fd9ae4

SHA1
b2f9c03ea872243c5ff39ca189d1a943c5354827

SHA256
61f2678bc409ef399dc4d5a9dc773c095ef9ebe1dbeeae625645417b06998ab4

SHA512
d19670f5e5c615ac47acb108e3c137b526976a0eaa46e78e5759fae363326e7e278ade545fa3e84d6dc9be043d25078135b92daddf26c0d9466396fa1044f41d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
31KB

MD5
f311ddd632806ca6971ef53aed7908ab

SHA1
84deaee365da0927ffb0ba12f6ffb93b3bf32664

SHA256
c63987d1ae48163cb930b6b4563d9d3c5ea12be81981b8b7d12f918d4d31d681

SHA512
ac2bf1c968f633ef32e7679b005faf1ded7f839c66cb1ee7a2477384ea6689cb0730c81bd825e8b6ddf0b3337530c71a45f88c2d4bf55f6f0218910602be02fe

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
6KB

MD5
6c78cfc84844ac3039ad94296fd9e797

SHA1
0afe3b976fa9e27619bc9c7e3759cad1bbe93780

SHA256
1ef90f419c5dd32106c860662d354f44dfbd4c523c0a938e6b46748f2e8b5d6d

SHA512
b71558cc9b0e10edcd7355f2453db7bff5dfc2974b77d165c9e0752bad11a96345ebc2a54b45387e43b56e34d14f94c346ed6ba5f03bb6e1f949a41797974384

Download Submit
C:\Windows\Installer\6d39a7.msi
Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll
Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\javaw.exe
Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
\Program Files\Java\jre1.8.0_51\installer.exe
Filesize
89.1MB

MD5
de052a3a782280dfe0d333bfb894c7d3

SHA1
c6a2c5150e1a6f7d5fccf5927aef1c5b2a94ea74

SHA256
cacefac05b6719d7ec1bd4945de0e58e9233e54d2ba94d68103bcd2bb04cdde3

SHA512
dfd8bfea673f0c1a37199cd76ceb9f7731eb3c502f02b8e81fd72dc6f4d9cec866fb3133b45ff93127a459be75580d1488609ecf2ab337a685a91fe609245935

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
8d9ae6205e34911f301fb3ed0b3b66f7

SHA1
28a495389a81bff296a7a5633da122ab44ee52c0

SHA256
bd4ee449702db8b6b32cd8dbd45aeccf384fb44fc0e2489ad8ef0508394f5164

SHA512
2bed790658a4e1aa64350ea3c19e0b1c3749b1509ec1be18792615d30e0785a06ca5698cc009ef65f7a1059fa3b60999eb7acce236a1976cbf85f1b0e1c777dc

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe
Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
memory/484-1240-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/484-1311-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/832-69-0x0000000002D80000-0x0000000003168000-memory.dmp

Filesize
3.9MB

Download
memory/832-71-0x0000000002D80000-0x0000000003168000-memory.dmp

Filesize
3.9MB

Download
memory/832-72-0x0000000002D80000-0x0000000003168000-memory.dmp

Filesize
3.9MB

Download
memory/1536-1380-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/1536-1379-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/1536-1378-0x0000000000230000-0x0000000000247000-memory.dmp

Filesize
92KB

Download
memory/1536-1383-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1536-1377-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1688-1763-0x0000000000230000-0x000000000023A000-memory.dmp

Filesize
40KB

Download
memory/1748-1752-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1940-1662-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2012-1307-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-328-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2012-329-0x00000000020A0000-0x00000000020A3000-memory.dmp

Filesize
12KB

Download
memory/2012-182-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-330-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-331-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2012-332-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-334-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2012-385-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-386-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2012-422-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1159-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1714-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1160-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2012-1739-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1180-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/2012-1241-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download