5e5a2d7b08565282d3ead5e5a7dc98efcea1da71559b8caf2b3518765f117aac

Analysis

max time kernel
193s
max time network
401s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2023 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft Test.zip
Size

86.3MB
MD5

13ef4e058af33f2112046df90ba27af4
SHA1

70e79b5bc26d997b68cb95efd4216e3024364248
SHA256

5e5a2d7b08565282d3ead5e5a7dc98efcea1da71559b8caf2b3518765f117aac
SHA512

3bc3eac6e408755a3640c24f33de8870509b4562dba87574c8c0eca1e9b5e4449b9cc00c7e73a00a27f97cee894acafe79c803449363c62b665105c3870cb05b
SSDEEP

1572864:A4FJfqreEhGke4MLFLjJMWUNy4fLDRoXm8SKWSnOxNp0boFHaLmrCiCn1HgDrDwd:DFJfgeCYhd1MWayWMmcfOPOowuCz5gD0

Score

8^/10

adware discovery persistence stealer upx

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exe

flow pid process

74 676 msiexec.exe
76 676 msiexec.exe

flow	pid	process
74	676	msiexec.exe
76	676	msiexec.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-2.876-Installer-1.0.6-global.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	TLauncher-2.876-Installer-1.0.6-global.exe

Executes dropped EXE 13 IoCs

Processes:

jre-8u361-windows-x64.exejre-8u361-windows-x64.exeinstaller.exejavaw.exessvagent.exejavaws.exejp2launcher.exejavaws.exejp2launcher.exejavaw.exeTLauncher-2.876-Installer-1.0.6-global.exejavaw.exeirsetup.exe

pid	process
1872	jre-8u361-windows-x64.exe
4732	jre-8u361-windows-x64.exe
3564	installer.exe
3500	javaw.exe
2580	ssvagent.exe
856	javaws.exe
3088	jp2launcher.exe
2988	javaws.exe
4988	jp2launcher.exe
3396	javaw.exe
4584	TLauncher-2.876-Installer-1.0.6-global.exe
2276	javaw.exe
2348	irsetup.exe

Loads dropped DLL 64 IoCs

Processes:

MsiExec.exejavaw.exeinstaller.exe

pid	process
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
3500	javaw.exe
3500	javaw.exe
3500	javaw.exe
3500	javaw.exe
3500	javaw.exe
3500	javaw.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe
3564	installer.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exe

pid process

5948 icacls.exe

pid	process
5948	icacls.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exessvagent.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0169-ABCDEFFEDCBB}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0058-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0356-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0301-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0228-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0153-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0287-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0357-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\INPROCSERVER32	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0291-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0079-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0255-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0293-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0355-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0179-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0346-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0231-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0149-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0171-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0326-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0254-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0277-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBB}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBA}\INPROCSERVER32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0263-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0026-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0142-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0328-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0207-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0308-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/2348-1300-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
behavioral1/memory/2348-1677-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
behavioral1/memory/2348-1679-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral1/memory/4568-1718-0x0000000000300000-0x00000000006E8000-memory.dmp	upx
behavioral1/memory/4568-1722-0x0000000000300000-0x00000000006E8000-memory.dmp	upx
behavioral1/memory/2348-1723-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
behavioral1/memory/2348-2353-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
behavioral1/memory/2348-2719-0x0000000000C70000-0x0000000001058000-memory.dmp	upx
behavioral1/memory/2348-3223-0x0000000000C70000-0x0000000001058000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in System32 directory 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files\Java\jre1.8.0_361\lib\images\cursors\cursors.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\security\javaws.policy	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\servertool.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\cmm\sRGB.pf	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\kinit.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\rt.jar	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\zip.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\xerces.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jp2iexp.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-math-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\orbd.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\pkcs11wrapper.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\security\java.policy	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\wsdetect.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\jpeg.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\meta-index	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\jopt-simple.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\psfontj2d.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\java-rmi.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\directshow.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jaas_nt.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jfxwebkit.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\jcup.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\glib-lite.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\dt_shmem.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\webkit.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\prism_d3d.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\jawt.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\rmid.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\java_crw_demo.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-namedpipe-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\ktab.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\messages_ja.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\tzdb.dat	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\vcruntime140.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\sound.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\dom.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\javafx\gstreamer.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\tnameserv.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\deploy\splash.gif	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\ext\dnsns.jar	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\splashscreen.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\content-types.properties	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\msvcp140_1.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\server\jvm.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\giflib.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\javafx_iio.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\asm.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\fonts\LucidaBrightRegular.ttf	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\mlib_image.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\w2k_lsa_auth.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\legal\jdk\cryptix.md	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\sunec.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\decora_sse.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\j2pcsc.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\bin\glass.dll	msiexec.exe
File created	C:\Program Files\Java\jre1.8.0_361\lib\net.properties	msiexec.exe

Drops file in Windows directory 12 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e5787dd.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA3C3.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180361F0}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA77E.tmp	msiexec.exe
File created	C:\Windows\Installer\e5787e0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5787dd.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA066.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA635.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID59F.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0130-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0308-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0342-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_342"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0171-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_171"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0195-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0326-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0177-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0196-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0149-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0236-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0362-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0301-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_03"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0115-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_115"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0342-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_85"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0175-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_53"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0124-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0203-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_203"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0201-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_201"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0087-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0182-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_182"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_130"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0319-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_03"	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0346-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_07"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0112-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0240-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0238-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_98"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0193-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_07"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0200-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBA}	installer.exe

Modifies registry class 64 IoCs

Processes:

ssvagent.exeinstaller.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0318-ABCDEFFEDCBC}\InprocServer32	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0187-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_187"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0158-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_158"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0116-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBC}	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBB}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0222-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0136-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0027-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0256-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0061-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0209-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0116-ABCDEFFEDCBC}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0298-ABCDEFFEDCBA}	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0270-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_261"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\INPROCSERVER32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_124"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0164-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_164"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0074-ABCDEFFEDCBA}	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_201"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0165-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0257-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}\INPROCSERVER32	ssvagent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0100-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBA}\InprocServer32	ssvagent.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBB}	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0178-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0297-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0147-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_272"	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_95"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\INPROCSERVER32	ssvagent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_167"	ssvagent.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBA}	ssvagent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll"	installer.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

javaws.exejp2launcher.exejavaws.exejp2launcher.exe

pid process

856 javaws.exe
856 javaws.exe
3088 jp2launcher.exe
3088 jp2launcher.exe
2988 javaws.exe
2988 javaws.exe
4988 jp2launcher.exe
4988 jp2launcher.exe

pid	process
856	javaws.exe
856	javaws.exe
3088	jp2launcher.exe
3088	jp2launcher.exe
2988	javaws.exe
2988	javaws.exe
4988	jp2launcher.exe
4988	jp2launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zG.exejre-8u361-windows-x64.exemsiexec.exe

description	pid	process
Token: SeRestorePrivilege	3692	7zG.exe
Token: 35	3692	7zG.exe
Token: SeSecurityPrivilege	3692	7zG.exe
Token: SeSecurityPrivilege	3692	7zG.exe
Token: SeShutdownPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSecurityPrivilege	676	msiexec.exe
Token: SeCreateTokenPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeAssignPrimaryTokenPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeLockMemoryPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeMachineAccountPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeTcbPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSecurityPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeTakeOwnershipPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeLoadDriverPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSystemProfilePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSystemtimePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeProfSingleProcessPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeIncBasePriorityPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeCreatePagefilePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeCreatePermanentPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeBackupPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeRestorePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeShutdownPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeDebugPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeAuditPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSystemEnvironmentPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeChangeNotifyPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeRemoteShutdownPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeUndockPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeSyncAgentPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeEnableDelegationPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeManageVolumePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeImpersonatePrivilege	4732	jre-8u361-windows-x64.exe
Token: SeCreateGlobalPrivilege	4732	jre-8u361-windows-x64.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe
Token: SeRestorePrivilege	676	msiexec.exe
Token: SeTakeOwnershipPrivilege	676	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zG.exe

pid process

3692 7zG.exe

pid	process
3692	7zG.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

jre-8u361-windows-x64.exejp2launcher.exejp2launcher.exeTLauncher-2.876-Installer-1.0.6-global.exeirsetup.exe

pid	process
4732	jre-8u361-windows-x64.exe
4732	jre-8u361-windows-x64.exe
4732	jre-8u361-windows-x64.exe
4732	jre-8u361-windows-x64.exe
4732	jre-8u361-windows-x64.exe
3088	jp2launcher.exe
4988	jp2launcher.exe
4584	TLauncher-2.876-Installer-1.0.6-global.exe
2348	irsetup.exe
2348	irsetup.exe
2348	irsetup.exe
2348	irsetup.exe
2348	irsetup.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

jre-8u361-windows-x64.exemsiexec.exeinstaller.exejavaws.exejavaws.exeTLauncher-2.876-Installer-1.0.6-global.exe

description	pid	process	target process
PID 1872 wrote to memory of 4732	1872	jre-8u361-windows-x64.exe	jre-8u361-windows-x64.exe
PID 1872 wrote to memory of 4732	1872	jre-8u361-windows-x64.exe	jre-8u361-windows-x64.exe
PID 676 wrote to memory of 1792	676	msiexec.exe	MsiExec.exe
PID 676 wrote to memory of 1792	676	msiexec.exe	MsiExec.exe
PID 676 wrote to memory of 3564	676	msiexec.exe	installer.exe
PID 676 wrote to memory of 3564	676	msiexec.exe	installer.exe
PID 3564 wrote to memory of 3500	3564	installer.exe	javaw.exe
PID 3564 wrote to memory of 3500	3564	installer.exe	javaw.exe
PID 3564 wrote to memory of 856	3564	installer.exe	javaws.exe
PID 3564 wrote to memory of 856	3564	installer.exe	javaws.exe
PID 856 wrote to memory of 3088	856	javaws.exe	jp2launcher.exe
PID 856 wrote to memory of 3088	856	javaws.exe	jp2launcher.exe
PID 3564 wrote to memory of 2988	3564	installer.exe	javaws.exe
PID 3564 wrote to memory of 2988	3564	installer.exe	javaws.exe
PID 2988 wrote to memory of 4988	2988	javaws.exe	jp2launcher.exe
PID 2988 wrote to memory of 4988	2988	javaws.exe	jp2launcher.exe
PID 676 wrote to memory of 1372	676	msiexec.exe	MsiExec.exe
PID 676 wrote to memory of 1372	676	msiexec.exe	MsiExec.exe
PID 4584 wrote to memory of 2348	4584	TLauncher-2.876-Installer-1.0.6-global.exe	irsetup.exe
PID 4584 wrote to memory of 2348	4584	TLauncher-2.876-Installer-1.0.6-global.exe	irsetup.exe
PID 4584 wrote to memory of 2348	4584	TLauncher-2.876-Installer-1.0.6-global.exe	irsetup.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Minecraft Test.zip"
1⤵
PID:1612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1668

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap4305:86:7zEvent23640
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3692

C:\Users\Admin\Desktop\jre-8u361-windows-x64.exe
"C:\Users\Admin\Desktop\jre-8u361-windows-x64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1872

C:\Users\Admin\AppData\Local\Temp\jds240594437.tmp\jre-8u361-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds240594437.tmp\jre-8u361-windows-x64.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4732

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_361\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
3⤵
- Executes dropped EXE
PID:3396

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_361\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
3⤵
- Executes dropped EXE
PID:2276

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:676

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 6A7B1CF7D38086579701382C7BE036D3
2⤵
- Loads dropped DLL
PID:1792

C:\Program Files\Java\jre1.8.0_361\installer.exe
"C:\Program Files\Java\jre1.8.0_361\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_361\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180361F0}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3564

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3500

C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe
"C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe" -doHKCUSSVSetup
3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:2580

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:856

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3088

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2988

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4988

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding F53DF84BC9DDD8DF7F0806BB786F1AE7 E Global\MSI0000
2⤵
PID:1372

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 08FA656AA88A636B372FB3AC75477EF3
2⤵
PID:3476

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B0E044D9A3D7158A4EA0B2251E5ABA48 E Global\MSI0000
2⤵
PID:2972

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2BF26790B8FA7E26748B559B5C80A8AB
2⤵
PID:1372

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 61FE0EB599425EDA7581AD14BCC7AE82 E Global\MSI0000
2⤵
PID:3988

C:\Users\Admin\Desktop\TLauncher-2.876-Installer-1.0.6-global.exe
"C:\Users\Admin\Desktop\TLauncher-2.876-Installer-1.0.6-global.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4584

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Desktop\TLauncher-2.876-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:23643746" "__IRSID:S-1-5-21-2275444769-3691835758-4097679484-1000"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
3⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2275444769-3691835758-4097679484-1000"
4⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ad.tlauncher.org/link/hight-gpu-settings-en
3⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffa922946f8,0x7ffa92294708,0x7ffa92294718
4⤵
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
4⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
4⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
4⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
4⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
4⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
4⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
4⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5857830363931557163,14943490771115611972,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
4⤵
PID:6100

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
3⤵
PID:4424

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
4⤵
PID:5404

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
5⤵
- Modifies file permissions
PID:5948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:5224

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:5248

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /C chcp 437 & wmic qfe get HotFixID
3⤵
PID:4912

C:\Windows\system32\chcp.com
chcp 437
4⤵
PID:1456

C:\Windows\System32\Wbem\WMIC.exe
wmic qfe get HotFixID
4⤵
PID:4684

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
PID:5572

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:5588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
PID:4580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4580.0.326458706\1965964829" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa320c70-ae51-467f-9fd5-9cc8391320cf} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" 1888 1b027f19b58 gpu
3⤵
PID:1028

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5956

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5787df.rbs
Filesize
984KB

MD5
3350761e57e51f6a104ff6659eb78b6d

SHA1
a189d820442b9762cd25bff8e7ae6b3b8dea7dbb

SHA256
e51a7c0c2e6f80d816fb6a84482ee3cbeb5f02a9c8b1f5f914cb5562fb3e492f

SHA512
4f3dc08ada496c6bebd2cbe8d3c091f73101db4ca71a568e7c02a6bbc849ebc74d01b47fb59de8b2d168e1a884b01b0709889eadb23b05742b5f6b7b65e2d817

Download Submit
C:\Config.Msi\e5787e2.rbs
Filesize
7KB

MD5
0cda30035839e6999c7f0d57522763c6

SHA1
e2e57776533da5d37b53269f99c75907c8e4677b

SHA256
3fc0516d16afc93a9c55671b5dcd2bf572f22fdb14288454162f37271d554fdc

SHA512
0ee156c227ec923c952adc2a8c615504b22ce364d3144bc7a10123cf1fafcb1e29fc3a868848442220d1f39c04513b8533431b31a78349c566550637d0b7e56e

Download Submit
C:\Config.Msi\e5787e8.rbs
Filesize
8KB

MD5
513ef4e16e1e4dff345c13a0e0afdc71

SHA1
0222ba0124a908af39c897210eebce0ea2092555

SHA256
5940f2a523791375eb8b51d211ba87b99a691061e8ec9c54593f9a67cf46a91f

SHA512
063331514c2081e7c41a391dcec2a8b2bcf4571bf725a6a754be14bb801fcd8978a3f092170ea22c6eef7a4057aa5eda9ab26932894ad361c9630e4e1ae9002e

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\WindowsAccessBridge-64.dll
Filesize
190KB

MD5
a29afdfa9183650e1bdd2308df510fb5

SHA1
22c507916bef3d16903d3be32dcd106edd3cc7fa

SHA256
2284dd976c8d56db535e4eaf51c99107f136d59dff1e028a3651919800780364

SHA512
8e9844ec99c6c1a5b22877282f2065864313bac755d028970cd2374a641b9a30c9876fd880cc0593a96ac0356da0817f1a8e16beb411ae4241ae4ec46bfd90f7

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll
Filesize
11KB

MD5
b0e0678ddc403effc7cdc69ae6d641fb

SHA1
c1a4ce4ded47740d3518cd1ff9e9ce277d959335

SHA256
45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

SHA512
2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll
Filesize
11KB

MD5
b0e0678ddc403effc7cdc69ae6d641fb

SHA1
c1a4ce4ded47740d3518cd1ff9e9ce277d959335

SHA256
45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

SHA512
2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll
Filesize
11KB

MD5
b0e0678ddc403effc7cdc69ae6d641fb

SHA1
c1a4ce4ded47740d3518cd1ff9e9ce277d959335

SHA256
45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

SHA512
2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
11KB

MD5
94788729c9e7b9c888f4e323a27ab548

SHA1
b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

SHA256
accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

SHA512
ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
11KB

MD5
94788729c9e7b9c888f4e323a27ab548

SHA1
b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

SHA256
accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

SHA512
ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
11KB

MD5
94788729c9e7b9c888f4e323a27ab548

SHA1
b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

SHA256
accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

SHA512
ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-heap-l1-1-0.dll
Filesize
11KB

MD5
3a4b6b36470bad66621542f6d0d153ab

SHA1
5005454ba8e13bac64189c7a8416ecc1e3834dc6

SHA256
2e981ee04f35c0e0b7c58282b70dcc9fc0318f20f900607dae7a0d40b36e80af

SHA512
84b00167abe67f6b58341045012723ef4839c1dfc0d8f7242370c4ad9fabbe4feefe73f9c6f7953eae30422e0e743dc62503a0e8f7449e11c5820f2dfca89294

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-heap-l1-1-0.dll
Filesize
11KB

MD5
3a4b6b36470bad66621542f6d0d153ab

SHA1
5005454ba8e13bac64189c7a8416ecc1e3834dc6

SHA256
2e981ee04f35c0e0b7c58282b70dcc9fc0318f20f900607dae7a0d40b36e80af

SHA512
84b00167abe67f6b58341045012723ef4839c1dfc0d8f7242370c4ad9fabbe4feefe73f9c6f7953eae30422e0e743dc62503a0e8f7449e11c5820f2dfca89294

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-heap-l1-1-0.dll
Filesize
11KB

MD5
3a4b6b36470bad66621542f6d0d153ab

SHA1
5005454ba8e13bac64189c7a8416ecc1e3834dc6

SHA256
2e981ee04f35c0e0b7c58282b70dcc9fc0318f20f900607dae7a0d40b36e80af

SHA512
84b00167abe67f6b58341045012723ef4839c1dfc0d8f7242370c4ad9fabbe4feefe73f9c6f7953eae30422e0e743dc62503a0e8f7449e11c5820f2dfca89294

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
12KB

MD5
d75144fcb3897425a855a270331e38c9

SHA1
132c9ade61d574aa318e835eb78c4cccddefdea2

SHA256
08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

SHA512
295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
12KB

MD5
d75144fcb3897425a855a270331e38c9

SHA1
132c9ade61d574aa318e835eb78c4cccddefdea2

SHA256
08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

SHA512
295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
12KB

MD5
d75144fcb3897425a855a270331e38c9

SHA1
132c9ade61d574aa318e835eb78c4cccddefdea2

SHA256
08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

SHA512
295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
12KB

MD5
f43286b695326fc0c20704f0eebfdea6

SHA1
3e0189d2a1968d7f54e721b1c8949487ef11b871

SHA256
aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43

SHA512
6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
12KB

MD5
f43286b695326fc0c20704f0eebfdea6

SHA1
3e0189d2a1968d7f54e721b1c8949487ef11b871

SHA256
aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43

SHA512
6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
13KB

MD5
e173f3ab46096482c4361378f6dcb261

SHA1
7922932d87d3e32ce708f071c02fb86d33562530

SHA256
c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

SHA512
3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
13KB

MD5
e173f3ab46096482c4361378f6dcb261

SHA1
7922932d87d3e32ce708f071c02fb86d33562530

SHA256
c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

SHA512
3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
13KB

MD5
e173f3ab46096482c4361378f6dcb261

SHA1
7922932d87d3e32ce708f071c02fb86d33562530

SHA256
c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

SHA512
3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-1-0.dll
Filesize
13KB

MD5
6c3fcd71a6a1a39eab3e5c2fd72172cd

SHA1
15b55097e54028d1466e46febca1dbb8dbefea4f

SHA256
a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

SHA512
ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-1-0.dll
Filesize
13KB

MD5
6c3fcd71a6a1a39eab3e5c2fd72172cd

SHA1
15b55097e54028d1466e46febca1dbb8dbefea4f

SHA256
a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

SHA512
ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-synch-l1-1-0.dll
Filesize
13KB

MD5
6c3fcd71a6a1a39eab3e5c2fd72172cd

SHA1
15b55097e54028d1466e46febca1dbb8dbefea4f

SHA256
a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

SHA512
ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\java.dll
Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\java.dll
Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\java.exe
Filesize
273KB

MD5
47b34557cbf069e0ad9807305cb5c36a

SHA1
58abfbefc486427175b15e69e8e8f4e346318c34

SHA256
cabcfcf1aebf926bbe03b2aded9e7bbb57f4e10600578a6f2acafbf83b7423d4

SHA512
f9354ec19c3bad2a3a9e95211a306e54ebe559127d8ae660ce75c88839afd558821a0a858366db8820517cb12f7fe0056bb5c09199c1fe1a9083e299b02a148d

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javacpl.exe
Filesize
103KB

MD5
85a777d55b268c8d8bb8b8c0a2244e9b

SHA1
6d0889388e875a654d3f67d171c2ea0009f5f039

SHA256
87adedaca5cc9d483f1bef7e06c12bf223c3db79cb6e2d137167f99fad3948bf

SHA512
c581e410b84846aa2dad4e9a5e3561784513ddf09f450fa7d8278bd635877116fed32f35a31b9716edf18acc333b14ebfb05673e671f8a404aa0ee4146eddabd

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
Filesize
273KB

MD5
dc1ddfa9036cd403e17fb7134aff000f

SHA1
0183543dd2fbb2ff7d0997c56ac624e6b2ebff40

SHA256
9bb8aaa6673ec46e5e9cff88fedefad4b33941b0831f4a7047433a24399e9692

SHA512
ecb7603a5f07a95ce3506ecaf38cb07ee089070cc041ce0c92722cafe8c3545b73dd5bf59f06115291b774d3c034c6e677f6fec2780208fa73e387d7c379cb9f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe
Filesize
273KB

MD5
dc1ddfa9036cd403e17fb7134aff000f

SHA1
0183543dd2fbb2ff7d0997c56ac624e6b2ebff40

SHA256
9bb8aaa6673ec46e5e9cff88fedefad4b33941b0831f4a7047433a24399e9692

SHA512
ecb7603a5f07a95ce3506ecaf38cb07ee089070cc041ce0c92722cafe8c3545b73dd5bf59f06115291b774d3c034c6e677f6fec2780208fa73e387d7c379cb9f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe
Filesize
446KB

MD5
19f42aa6335878775e6f623792b5c367

SHA1
cb0e0570690ddefb6cda86230be2cd4224758aa3

SHA256
ce8a6e8de2af68a1d8865a13eb54d6bee403624105c2b1e5c0def4c2225fbe04

SHA512
cc859623cd60344a4fd96505533a6873dcc5f313a6c4dd70c716bafd18f41fbf2d4a3630ccc4f8f4007f99b788af0c562f274c1d4a47faaf1660dc5df030c172

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\msvcp140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\msvcp140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\server\jvm.dll
Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\server\jvm.dll
Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\vcruntime140.dll
Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\vcruntime140.dll
Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\verify.dll
Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\verify.dll
Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\zip.dll
Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Program Files\Java\jre1.8.0_361\bin\zip.dll
Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Program Files\Java\jre1.8.0_361\installer.exe
Filesize
1.1MB

MD5
dcb07febfc873261ae0c351d327027a0

SHA1
b3855001990bb500212f4f8b421594e91f45d5f3

SHA256
e9d0623547dd40d5ccc42e4718d4e307241fcf2d4a5df93d1ec0fdc9925aafac

SHA512
374d8d4d39e344cc050ea0cde3a51db801ba77b18c85934820e6d1f37101922878b4107dc506f5be7ab3e0f2badbf0ace87bb0ab5713f5bdc27df00731f84dff

Download Submit
C:\Program Files\Java\jre1.8.0_361\installer.exe
Filesize
1.1MB

MD5
dcb07febfc873261ae0c351d327027a0

SHA1
b3855001990bb500212f4f8b421594e91f45d5f3

SHA256
e9d0623547dd40d5ccc42e4718d4e307241fcf2d4a5df93d1ec0fdc9925aafac

SHA512
374d8d4d39e344cc050ea0cde3a51db801ba77b18c85934820e6d1f37101922878b4107dc506f5be7ab3e0f2badbf0ace87bb0ab5713f5bdc27df00731f84dff

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\amd64\jvm.cfg
Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\charsets.jar
Filesize
2.9MB

MD5
82ade56ed7fa67287198802746ee6045

SHA1
2c5ad0a04bd0fae259cf29af346379284c684d42

SHA256
c89895405e63110d69bb37178f0650bf2a4a489ab9e98da613464c61c475b58c

SHA512
cd3c2180e185d1fce354ede366845668ab165ad0ebf7fd9cd9fbb3723ab64c3515c30e772e1577a747468e530d677c7955b41528d39e6d3c8c988b11604e470d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\classlist
Filesize
82KB

MD5
7fc71a62d85ccf12996680a4080aa44e

SHA1
199dccaa94e9129a3649a09f8667b552803e1d0e

SHA256
01fe24232d0dbefe339f88c44a3fd3d99ff0e17ae03926ccf90b835332f5f89c

SHA512
b0b9b486223cf79ccf9346aaf5c1ca0f9588247a00c826aa9f3d366b7e2ef905af4d179787dcb02b32870500fd63899538cf6fafcdd9b573799b255f658ceb1d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jce.jar
Filesize
119KB

MD5
1f4d4fc6b33c30c5782c66b80d92c4f9

SHA1
194df32fb23b470dae4929605d18abd041c743c6

SHA256
81b8de0e148ed3601cf5f1bdf2787c5b15213d842bc537af9ede9635d692b904

SHA512
dfde7e03fc106b785887f2a409b3528c5862663f188c95f6a95c739bdfcc8c6205c03b739de1b259e9a8a0360aa4e10e8d4bce1a57445797a214160b8d98a085

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jfr.jar
Filesize
559KB

MD5
18c5aec1e008f781bf74707662920000

SHA1
c29c11cda5b867b68cba1fa7cb331d54a66b3f56

SHA256
e9eab8ec4712142a3ed9ac833d853e144043699c1712986736f3667a9267c11b

SHA512
9988b510d7e036ef41673edd8e38e2f72b695741da3ef63678b808b5e10a76951d016e27cdd23857de0ed0f3b44be8f7fb3a141021b543f104f2a214e53ca74d

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\jsse.jar
Filesize
1.7MB

MD5
f095a5ac04775e1093d54822460cc5a7

SHA1
2e0f0ec528c41b437126c506a91fe1ad5e699865

SHA256
784b8df88387ee27383d6db4e184b169a21cb4b8bcb0d8395a7b1ac2b128108a

SHA512
c0b5ca94ead3dffd33e19a2d757b2b653867b4f539a143ef17baeef1015c3845aba4f0666ef1d0c7ce02d156ce826b9c324c8159983a71d19d60415d60e25d36

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\meta-index
Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\resources.jar
Filesize
3.4MB

MD5
0fdcdf2b521c8ffba3fcae32a684358e

SHA1
45a3ae43334b1a0f46d76599d3926c40fa790965

SHA256
2189d10490922562be379da742eedc5e77cac61a6d2a484a3ed4693965dfe290

SHA512
1a1489faa7903bc24d4cc3fbd0ee80e79602a39ea9530f10075a52460e6100c807dbafb17e4b1a7997c23cbe3906808291be7718e6525a79a295e1ddc8ed9eda

Download Submit
C:\Program Files\Java\jre1.8.0_361\lib\rt.jar
Filesize
53.2MB

MD5
f9067274f870f513dee2284e9089d2b9

SHA1
6aab77a3bf6c208adf805432f407dea41833e70f

SHA256
9016dc6f643af8b411d38fb6189f6af0e6bb39210e3ca379c8313f666c94aac1

SHA512
510a34d46b0187f8360373df3e023eda6b98c1187e35b24bf4bd9e5fc3774532e1e96d93ee08bb3b7e130404855a3704918038f5df4a614d4f520ea896df52c2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url
Filesize
197B

MD5
faded0d5bdcbad42d8f4826cc3c620fd

SHA1
c49c34f2d2160297b1c0c71c327180ed52ff673e

SHA256
d869d1b0c391cd9ce8f0c633cb8e5731c5073c33f875b32a2a61006a3c1bb24a

SHA512
bc60186037724353460a0f7af8b207ccabe64d80aaff796d9ee082c6cb6573ff214dedc22080fdf23664ce79f7604276e1bab746dcf2407a46e40ff38b7119cb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
Filesize
182B

MD5
472d99cc0c3c745e9d794af2495e1073

SHA1
c1fbb2d17fbcea3d8d76d4516cb099ef89c3d6ce

SHA256
0a07df0e4ca2361cbd92c5c56068d8ea51cf0cfcc755d015cd1034c250cf1f9a

SHA512
bed250fb803323ebef7c6af71912572767a6e36e4ed54886d773758e3470c906ca9995dd54c64b43f297c7de676fc47936ced5c81cdf3fa8ee9688d9c96a6e27

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
Filesize
178B

MD5
629c2e7a4d9e24406873fe2fa7543be7

SHA1
d6c48edc07e35c1b84fc2bf5f74367edcd2bd3d2

SHA256
cf23fccf15c640cda1a383a09246a5a1213ebd5c9a1c077ad5cddb785f4700dd

SHA512
00cd51c0377e9c058c3cafcf4ba03ffbdad37711b4bafe054eba978fb3dc4c178cfec0d292d4fee27aea42a8b39ba8187866ad4d304f8b74662bf1accfaae8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361_x64\jre1.8.0_36164.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3eeed1ab093b29a20d862e5cc4f29cbc

SHA1
2d9f5a47840de99c5b04d5333a17877e6a8c0ad6

SHA256
29f57efa06c582f3fb9c1e30d8d94e653551e210011c6c6c0a1430dc1eef446d

SHA512
d4df4ca964a0d8da6b854ebe59593c20e34f0b0de15b4bffe05f7cabef125250632cbea3a26188850c25e0ff76f432e2ceacc8fe5671b432bcdbb525a40e9b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a3d97.TMP
Filesize
48B

MD5
1bf29a018e4e2469272d1570ea4aa92c

SHA1
60195e5a633a89164a58d72d895799f117d7ed75

SHA256
c28af0453f268a65e5da33c15f766f3f420e9e919721ecdb69e88051dc81d3e4

SHA512
f1ab4d0984ce41dcc28dfd0300d9e5043df8893c8b77364e40280b3cf4d1c4814dacbdde016e5a4ed69cda0ff9be4a71a249214e7127bee8d76a3704fc9e09b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
ce97639fa87f6581a2f44f630cf0e9d3

SHA1
9b6fe79fdc4bfdaa3ee8b721aca3c9b2af8602f2

SHA256
1feb002ba5eb74d1aa9ef092771bf11f575793f16f2e9ee9ef7a1d66a3808c8c

SHA512
fdfc5548f26f7e2ece094b515f51497df82fa14f14ec913e713221bb3f509e7b4948c97a2b10ce29cb60d4ac7db6cffdc649bf883c9cf641b4fe033d96ddac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ad7e6a39647d28e02cbc289ff1f9dfdd

SHA1
a878eb828ce6eb3aead37cd275a2979bea43c9f6

SHA256
007f8ca14e371ec531e484bb2627a74b1f8cf440cc35550f20c45e3b86ae6331

SHA512
3a9fac8f896fa35a2645eaa6125b9814ab832d99708f5d82f2b74e9ff7ee282c097ca956937306c3021a36e3db4a2bc586e2c9f4f5eea76f263bcffe718ada13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6c53938a50e0e1fbab6b44872a9e9e26

SHA1
ca5d3a3eb8c06fced13769d0fc6c778b880ed505

SHA256
f05bd51918c030a6d61806154850657c13487afcc0d8acbb9b711743a70424c5

SHA512
b8fb8a8cc9a1e9919da9db25b7f3d23ca9d72cd14b64a8bcdf688bfb2916e9338f29e304eb083b69ae1dce36dd929afdb3e22ce3546fed844bd99a2c03823e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
abfcc317278d08246d1f0b859cc2aaa1

SHA1
cff373fe78df8652ca383f2664293f3537bc076f

SHA256
ce04ed3b67497c8b6d851852f4d3e48a53e7aefd275b12eccf99a7dcf4961575

SHA512
87fde1d14b01c3856afa00829eca69e4e7f53ca5c9e82e211f7eceacc1352c27b5cda9ee64aebba7356f107efa14bf5f06454756349b050d9b31643ddc0294cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4e36c9660b2dcf3b1818c741b9303fe4

SHA1
adfd51cf147c74e5ccf0dec1a66ef514b083e2b3

SHA256
02cba0ab85f89a16f4c1f97c6eff70462c8d0c7ee1b82652cca87d8c0e2a0ac4

SHA512
d8fd44b9507163bc2972fab5da88f5d3498e558d1f2cca8e6f8b220ac7920e1d3ccd13c2243699f36077687611f22363dff17dc5ffc13c132078066c7603fdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
59a42adec701007f1d3064d09540b0ca

SHA1
b45a9958cf87f5526e9104030adb3f8ff662bd62

SHA256
e06089fba7885787366af885cdbe9cb9b48d4d61aa237677a5bb366dceac7c8f

SHA512
7f926c021577d78090f968d273f1aa2185e5d401f719ab6d40a7d1cf803768869ee0357540cbcd0f8d9902f364b17491ba829c6cf3efa19d2ca358c512840d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a3e72.TMP
Filesize
1020B

MD5
e93cfc2feae9185ae245560e75213eb5

SHA1
c947fb3ef5efae548103db3e36c031e8ccb7994f

SHA256
87abeccf232c62cd2e724ee21ed17d6777a4d160d0ec64b3859470584870fa57

SHA512
54ff3481da1382fb42efe27f62b7f01839eee694bfbf66e91f51ab3b395695f0233e048888ac279ce7b656ed8fbe37a3f46adbb30bda211221ae188d9fd731e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
b46151610665fcf8ae07b429e789f106

SHA1
7f0ee7457772da193e4bf1d03e2d2466a3d72c08

SHA256
84663c6f3f3d8dfaa70347192445104de6119d165a90f3ecd72b5e8311f57bef

SHA512
c9e89c3c234b4731891bb87390b83cbce376947a2d262c815324dff47700815421b02c7acf104184a34944ec6123c6356120462c395d642bcc766c0cf856759e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
45be805da70d5fed0a3f4a51dbae23b2

SHA1
af49fc3388622780d367ce1a7199b72291e21642

SHA256
c390a935d3f5b85a3750becc4141284564e27be2ea2850626dd271f0c9897c94

SHA512
c6db5a719a01b3a5294692355ed0f96dc1744c07596056fb6b1ac481c4e541f0026e3a8bad6bf5e363ab4186a9ff9165bb2f70949657cb293fff1637b8eb4c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\l10n[1]
Filesize
4KB

MD5
1fd5111b757493a27e697d57b351bb56

SHA1
9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711

SHA256
85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f

SHA512
80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\masthead_fill[1]
Filesize
1KB

MD5
91a7b390315635f033459904671c196d

SHA1
b996e96492a01e1b26eb62c17212e19f22b865f3

SHA256
155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00

SHA512
b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\rtutils[1]
Filesize
244B

MD5
c0a4cebb2c15be8262bf11de37606e07

SHA1
cafc2ccb797df31eecd3ae7abd396567de8e736d

SHA256
7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1

SHA512
cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\runtime[1]
Filesize
41KB

MD5
5d8ba774645709c0fe80b366ba4957dd

SHA1
a43863cf572730d880892984e2d9491e662d8ade

SHA256
885c6d677901821d6bcfcb10069675f9cda6cac58bc9f82fdde02f54dd07380c

SHA512
f09def78f8162142060c6f6f1b9e7e7821278cfa439f1d37422a7ed01e89039d1167e9b1467f94d88dfbd5d20b1a440493add14fa767c75ea1bde7f9b5610818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\host[1]
Filesize
1KB

MD5
a752a4469ac0d91dd2cb1b766ba157de

SHA1
724ae6b6d6063306cc53b6ad07be6f88eaffbab3

SHA256
1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3

SHA512
abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\layout[1]
Filesize
2KB

MD5
cc86b13a186fa96dfc6480a8024d2275

SHA1
d892a7f06dc12a0f2996cc094e0730fe14caf51a

SHA256
fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058

SHA512
0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\masthead_left[1]
Filesize
4KB

MD5
b663555027df2f807752987f002e52e7

SHA1
aef83d89f9c712a1cbf6f1cd98869822b73d08a6

SHA256
0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879

SHA512
b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\common[1]
Filesize
1KB

MD5
f5bb484d82e7842a602337e34d11a8f6

SHA1
09ea1dee4b7c969771e97991c8f5826de637716f

SHA256
219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a

SHA512
a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
27e7f3d4f0383f5aa2747a73b2247056

SHA1
bab94178cde996a35dfaa905cede8015da321552

SHA256
71d7808cae47025784d1a5a759d80c07704d5c745661c07d2bb5f883e821a7b7

SHA512
56f486ca2dff3a94db51696f402d73b43b9f7adc576299c7fca1472dd1194c03cc36c9933dccb94579aaf87d6943c0b108a26a09b269f8fab07bec26067a9ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
Filesize
644B

MD5
d0283575c47a16d567f02b70550e22a9

SHA1
189ce85ca43d3aa4336c2e7719cf206691257999

SHA256
44464fa74b703a959540202a83383c33cee05f7affc69898e0d3b541b1e87970

SHA512
5b70a22b0a48aa3c6e88123c4d3ff928b02bbe158d63e565bd558aa990482a4d9a98e710ec3dded8fef6042eedb5a1ed62ffc632fe9d102a9cb49342727c515d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG
Filesize
40KB

MD5
add45fcce9e1d8992e60401842562c2e

SHA1
7869dc6ad6116e2c864f32b959a489ee4100aa2e

SHA256
4c9e68ac4cebbfde2f2f5a9318b597825f3d7a41f32cd288e3fa964b95a69fff

SHA512
2f98fc864d4bf46c8595f94c4296e6d4213d90591ee197679b2c4f5f4a27b248a52a941b811fceca2f8d32044d42dfe589ec981baaba86a7e4d844d687d048fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG
Filesize
1KB

MD5
e321fee6bb1a5aa942de8f0c33a47acc

SHA1
ed9d1f96abbe8cb1d4d073982aba790941b8e412

SHA256
e1de043473910537b81a7b533a401eb5abf09951bd595a943b2fae399156fcca

SHA512
a331bb6fcb1180405e85001a5809eca98dea401e770ab1767d9c7d46cc5a87ea40d54ab3ceec2f81a80ca06c7033d132f80b0fbdcc26431a2e3920f2de8863ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG
Filesize
2KB

MD5
8691619d3729db635b36abf4cb92b722

SHA1
5f65a27c0b8d2a25a3c107eadcde937a6c9620b1

SHA256
386db08587c847acba938e16a37f345f8d95cc1c77ed562b3c2cc71c1ccbfc1c

SHA512
0f2e192e6f23a512c7e0b75ecf54bfe8cdfcd4c18f48cb4a4ccbb879881ece3308e1fb97891583f1248c2a833c36509e8e1b81bf39958189676b05d9bd9605a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
Filesize
1KB

MD5
1c9e24d780e12c81094546db7dba85ac

SHA1
9a21b5304a8326f4d115f1aeed413191969f82ca

SHA256
06fd6ea5ff0c58b5dd1ee0ff062e79f66f40a2ab4a0cb3937949781db90b0ad7

SHA512
a0d66cdf4e11fcb991acf2faae92f91dbb2144694a353a41e450ede37c9de605cedf5772744c90967eddcd88055023ba6e4a9bf1a8a6875f8750aedffcf6618a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
342916f21c1e06bea05bbf019607713c

SHA1
93a20cbead12b1d710aa30b7ad11f322b6e253fc

SHA256
93fb9f9ed1a680f419d545084a11db8a1ff1a9466cedec71ac33d78f39c367d1

SHA512
321a5b6120008c510cbb43813b56eefeacbba3cc67fe1d9fc579579a6b8577999ac1a14e17301c4a3bdf3c98644a1c3519c63b6d079d06e614eca4b79fdc7518

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
3e4f9ad22e78d1916883ba8ec1b40391

SHA1
4eb8e83f9e4f24d6252c83640061cf6fbf8daf08

SHA256
20ed02f9caeab1a1947e436aa39f99f8e69653e6f9ba5da3b88e31a461676e88

SHA512
d80793d15dc318fa2ab89252d153398ee5924391b0d3ff63b1063bea076c6681f9692284b6e744dd68abdca240c3c1b3eaa224a0449eddadd2c7bd7e943e8190

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG45.PNG
Filesize
438B

MD5
343b2dec000aeb270da2da3d091cccee

SHA1
8ab8987520beb6f4ee7ecf85f5d3caf88afb4c9c

SHA256
36d9a038c082d934df2209fccdd5ddf7bfd15b393581bfd48f510cc161db5232

SHA512
3ab0006fe9be943285f8294752d9ee14959284103676af7418fa2f59c967056bb2646fd48432af0e97be00c608ba493f08b160aa725898084bc726c904ffaa0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG46.PNG
Filesize
206B

MD5
bd8b796fabf29bce107b327cd690807f

SHA1
edde96dc69ec4c6a8374069e56b27cfa98b50694

SHA256
8f65c8b2c3c27ce8bb37fc64aba53eb01ded825f26f9f09bd4b03c6bc41b6ca2

SHA512
b4091792afe29bb346350928b7726c1a4411bbae732f4d7a862faa909453b6efb79417053a10db1c70f11315a2064682842655bdbd2c374cb6564693f5f1fbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
Filesize
43KB

MD5
e0901ba1513ace1b39991bfa0b911498

SHA1
4ce82072212487c2f484bacf1de20e179b3fac6e

SHA256
c571b49df24291011ff427f5f450b673531409c7b4576c34ca3f284ef3c55493

SHA512
7ff181c9ea32ca2828ef7d1e34c96c6855dac906108eb680a90da5dd9f2008d815c96969263b3314b7db1a83bf7032da631c878dfa4a99976d8cabf79ea62b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
Filesize
1KB

MD5
be778d72fc00a94c08f8d34a7f4808eb

SHA1
6a9ac4c50c259f13c811aec861b7d8a178226a2a

SHA256
6b87aaec39e8dcaa1ff58dd1ce9b4ff963111281197efb498feda447374ca362

SHA512
4ea18bb91fdf830d55250a245af0c5777657844ee1d9293a35cdb2f56e50ceafdeaf49135e9266bb7615c8f0a57a1ee26b7d74c6d4e98b2cab38dae5085c8a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
Filesize
106KB

MD5
51be149c8e20df63087c584165516ecd

SHA1
feabbb95b65e6929f086266b06ee1cfef83539a7

SHA256
b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33

SHA512
6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240594437.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240594437.tmp\jre-8u361-windows-x64.exe
Filesize
61.7MB

MD5
e920cf3e63612868ed4b6cd9612bae77

SHA1
ef64fb46f8e955430d6fbd3778ff03e4c1f0e1b0

SHA256
a45104f8bf9a356b538f74aec9c7d25b92bef2d8e97cc27ed6d7232294a8ed82

SHA512
b02af44d9a87e06b0309e842d550b54b92575ba36a3ea74184bba40d4665751d91c8547ddd9c1c009d413f56829f7fcc604592ba51118c916cd1e039930571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
9abc223f7aa7493ec415fd1a2c1c95fd

SHA1
ae6a636f50229d5f022a254a50ec229580e46fca

SHA256
5e8e2a91640764142141cd99057929017ae46a5e18c381f773acae4a4df3f9fe

SHA512
59c94f05a78c6d1be79aee3a95fb42e7f08b0177f4b5aba0f9badef6757a05e86074d648c26b0e33b7293310f27f1b5904289ac810a69c4e57abcac4082cb646

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
140d802f63e30ed883a59df19f27866a

SHA1
46e32eadd6f849be17506c375dc205ee10bde228

SHA256
0cbe88dbe06ffd3e3a203a2783a1258c41772a3943151c0d05dddefa5fe4b28d

SHA512
6c54989b826d2444183d940f290d366fe83d18d895a3d8f16aa327f2cd45dd319b38e2c257cc12309df012c5226511641086d4aabd028154429b4b7ceb3b02f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
292KB

MD5
c330c35992fbc0e6281bb3783971a9e8

SHA1
9d36c7f9414101d16abad1d65b1efe889d90a1ac

SHA256
1223915b218b5ea48c42121b59c864b743d308cf68c58bcd727b6a8fea3b97c5

SHA512
b1693b16dec1daf1096861bc7b78d3fe3561048eaa50f77017f240ec68c8fe1a027d24450c47386a27b35007ad362fd242ff4cf19011ef4cff70135b7045f8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
293KB

MD5
ffa07669603cb62f1aebc3c019872df7

SHA1
5fde51634ab79d17f09df4042d54c9034bd709bd

SHA256
24cc6263f0f79685597560bf25916ac682584c4cfaad6ab1eb768b0f95aa7097

SHA512
028ea04b009fec1af967a0cb834a5ce44746cd8ceed87fd29681692826815ffbff4f5b45636eac915be90e7b9c752dc2ceb3ae2239e189d117a366b89eea30af

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
Filesize
1KB

MD5
15bfc779ca849b269af035c19524f515

SHA1
4a82eff7f31c2d688a00376ed36403d4d52d538c

SHA256
18c77fc1a6092e0169f574e46d72636578abe3744b76f632ad7430d576519353

SHA512
ce05807a115b2e8fd7c5874c3a01155501ee37095c02c5679f6e3b848093caad05e45086a88b16128da0e3d95c204e6810667463d08e411529ffde0e79b2ec51

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
Filesize
45KB

MD5
c00a190340711134584dc004bf18b506

SHA1
72bbbf9ab0e5b3fbf825b0a46da1b25641fbf346

SHA256
db127cc179eb800b489b1d0d014d6d5b5bf04988b23b55ce7b2d108a4852f343

SHA512
597ce1ae67201158e554f2e85218f2bb3321d0b47593c845d5130d80f7817b5ad4b92f30053ef0809315c4f02299edfe09fa67870e11cdc6095390683c0b4d56

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
Filesize
457B

MD5
96df483076fe5b82a193e0f74ae9427c

SHA1
e2914a84864c5a0507406b7e013c915eb64c5d88

SHA256
b08c9f5d1d5375498e555889886992e45c805658e7fb18def814a4ea6539c096

SHA512
732dc92695e193f359b42bd0eea7310406fade281ab3965727ca22b707ccedbae4c7f7706597b8b23ba93f9c259229e9c14a1d1efd959c6acb17905b36d52769

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
Filesize
352B

MD5
82b5905aadccafd519f5baaba8b4235c

SHA1
ac20c24c050d67ac9cf6d5d012f6c4e3e109dc6d

SHA256
7b0e92663780a8c412e31cde6f5abc18ed58bb19e3791208e8bd77ff9df2a4e7

SHA512
28a04532b8416eec31022493b725150711036cab5b87a7e4a39284ff4799e024abb34b808fc2182318cdad282c75958210d68368222ecc583ac139e6c1f0b802

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
Filesize
1KB

MD5
fd59d734aeb9fc2e4b9fb8953f1030f2

SHA1
4eeaa16cfcdae90383fb4e38fd6cc52180201705

SHA256
509323570038a79f2f494cb2323e141ba345bd5f0af6316b334553b411a4efac

SHA512
5319c35e80f13be56b8f450a364802ae922352baa2ed7858bdf0e43c66f44da3af8b9f4485a04e8c83f985c492543be6665e25edb650ed4ddb6a48d6d60d5397

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
Filesize
1KB

MD5
d2462eb1e0591d5128d496df81adb09b

SHA1
71bfe6ef2f6b42950b9504ea9f3be42a9274e1ea

SHA256
a9592b4657867255adb69ee757da5858a0cb005b7388b4dd9ed4a814a31cc3f7

SHA512
cb22e19cb876bf3111434bbeb0243265b9899a40cf346ebd5b12d40db324cd776494f43f8570a64fada10f86d76644184e6982fb6bbd0af251c170f107ac50f5

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
Filesize
41KB

MD5
f2664610dabb317dfe1120518e323887

SHA1
33f8a173d6a0d4b7ecd4b5be9fd052795d689919

SHA256
67d18f4a1cdf8906751fed972deb353a773101fea9c62929e434cf4a31124cc9

SHA512
16ef6bd74c99e4c805ddc53d2cfb6ea3913f8e78ca674e3f61c3b49510c40d7b2b7a96f80e72dd428a28334deebe6859f59d3fdd40e44a0356224695c8cb8eb9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
Filesize
1KB

MD5
4065249457c60ff8868e439399f9a3b5

SHA1
1432b33e9704b0346899e6897103e4a9a29f7dde

SHA256
c230c0787a4a68aab9175ac6630abc6cf012aa74dc67229554a4d9853aeb62f6

SHA512
9cd3387d8191305d7954cb32055c3dd8f7cbcec481c949d9873fe5c9533ccce3e6d73c6f30613e9495493f513beea9e7059d3fbcd3ad480885bdafd0b2dcc3c3

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
6KB

MD5
4f7be9736242579cb8afa1af86980dfe

SHA1
1c486393847996db4f6b78532dd7bd9a0a924549

SHA256
9cecc28716f392d2394829f4cc3f307d08f5aecaf3e2124bdaaa0d6d9c3400b4

SHA512
4c55bc2698d8934713e791c015480248198e22efa66dd5ca79ea834b9835c9e85ca8c2869c9b40dc394ae7e27da039f79c392f88472dedc1adfa83dd1e94f1c9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
33KB

MD5
e56e3a476f45facee2fcbb049ddf04b2

SHA1
c96ac6fdb4258e227e04c48e9b7e03ecc279fbff

SHA256
6631288699d905d32e53ca152eeeb96b93b6ca841eed4931455985be7b1c702e

SHA512
0b2ae28b03624f29e66175db14c8cb1742cb8ce0b05acc1d853b3f701cbcf1a4b5a40dacf314c8e1d1cf6248238487cc72812a09a5ec5c58b340faada897d25f

Download Submit
C:\Users\Admin\Desktop\jre-8u361-windows-x64.exe
Filesize
62.1MB

MD5
e70de386ebc763932a181fc37a2ad042

SHA1
18e76e452b289ae2fc167667b55a81b11ec2693f

SHA256
419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

SHA512
a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

Download Submit
C:\Users\Admin\Desktop\jre-8u361-windows-x64.exe
Filesize
62.1MB

MD5
e70de386ebc763932a181fc37a2ad042

SHA1
18e76e452b289ae2fc167667b55a81b11ec2693f

SHA256
419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

SHA512
a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

Download Submit
C:\Windows\Installer\MSI78E7.tmp
Filesize
198KB

MD5
c7018628101e1bb69437b4ab2f6b7465

SHA1
e185b2a7685490f74e11e794bf8e54bd9b21e295

SHA256
8c33499755edda822c1ed58354f0353134707f143ea0290758510781e515c8d8

SHA512
374f90ca6ae78e784967f314715cd282ea49332de1c1a59b3ed27389799f84eaae8ed9950a0b67ccc383c1ff872984114c2d43538cc39b50e9646e958dbf95f4

Download Submit
C:\Windows\Installer\MSIA066.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA066.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA3C3.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA3C3.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA77E.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA77E.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\MSIA77E.tmp
Filesize
759KB

MD5
216acbc40fb42eb247260a1feb124114

SHA1
3f16a8479e9e467a200c9fc6d98ffe56cfa642ec

SHA256
bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9

SHA512
001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

Download Submit
C:\Windows\Installer\e5787dd.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
C:\Windows\Installer\e5787e0.msi
Filesize
58.7MB

MD5
407d36101348022e67342b44292d2b39

SHA1
1811ab3993672a9f329868622d96014043bd5f4a

SHA256
213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e

SHA512
cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

Download Submit
C:\Windows\Installer\e5787e6.msi
Filesize
1016KB

MD5
d82092d71622d5121dac785254a53707

SHA1
6e26aef9fbc34eda9b099e03242c2ee4a8e3a845

SHA256
1f6b3176e5e7ecfd7d262e9470eec2ac1a7fe9401bb064c87810af9a0aa7bb82

SHA512
e1f54163b242d8b3149d536d7bc3d3da896da229a8fc298e613bcbf75b3a77129d07b99df3008a30f95a80a91c17fe0feeaa8ad0e2ebfe4deb8678751258eca0

Download Submit
memory/2276-1210-0x0000014B5C3B0000-0x0000014B5C3B1000-memory.dmp

Filesize
4KB

Download
memory/2276-1219-0x0000014B5C3B0000-0x0000014B5C3B1000-memory.dmp

Filesize
4KB

Download
memory/2348-2353-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1300-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1679-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1678-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2348-1677-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-2720-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2348-2719-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-3223-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1538-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2348-1539-0x00000000065D0000-0x00000000065D3000-memory.dmp

Filesize
12KB

Download
memory/2348-1724-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2348-1723-0x0000000000C70000-0x0000000001058000-memory.dmp

Filesize
3.9MB

Download
memory/3088-965-0x0000014A03C40000-0x0000014A03C41000-memory.dmp

Filesize
4KB

Download
memory/3088-958-0x0000014A03C40000-0x0000014A03C41000-memory.dmp

Filesize
4KB

Download
memory/3088-926-0x0000014A03C40000-0x0000014A03C41000-memory.dmp

Filesize
4KB

Download
memory/3088-939-0x0000014A03C40000-0x0000014A03C41000-memory.dmp

Filesize
4KB

Download
memory/3088-957-0x0000014A03C40000-0x0000014A03C41000-memory.dmp

Filesize
4KB

Download
memory/3396-1195-0x000001D4630A0000-0x000001D4630A1000-memory.dmp

Filesize
4KB

Download
memory/3500-733-0x000002131E510000-0x000002131E511000-memory.dmp

Filesize
4KB

Download
memory/4424-3212-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4568-1722-0x0000000000300000-0x00000000006E8000-memory.dmp

Filesize
3.9MB

Download
memory/4568-1718-0x0000000000300000-0x00000000006E8000-memory.dmp

Filesize
3.9MB

Download
memory/4732-357-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-1188-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-1664-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-1196-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-1606-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-909-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-1093-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-731-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4732-251-0x000001E55EB90000-0x000001E55F047000-memory.dmp

Filesize
4.7MB

Download
memory/4988-1027-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-1025-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-984-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-989-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-1028-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-979-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-990-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-991-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-996-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-998-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-1002-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-1003-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/4988-1004-0x000001A6A3E30000-0x000001A6A3E31000-memory.dmp

Filesize
4KB

Download
memory/5224-3457-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5404-3255-0x0000023F643E0000-0x0000023F643E1000-memory.dmp

Filesize
4KB

Download
memory/5404-3253-0x0000023F643E0000-0x0000023F643E1000-memory.dmp

Filesize
4KB

Download
memory/5404-3431-0x0000023F643E0000-0x0000023F643E1000-memory.dmp

Filesize
4KB

Download
memory/5404-3465-0x0000023F643E0000-0x0000023F643E1000-memory.dmp

Filesize
4KB

Download