59b134a5e245582cf832732bca256a3c39b50d81ace3e2c6b37c71dfba99e077

Analysis

max time kernel
124s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Java-8u51-Windows-i586.exe
Size

35.6MB
MD5

8f061e42a33d2017af3f0f7d5245d4eb
SHA1

e0e42aaeedbb77a19809004a576496dcdcf99ed5
SHA256

59b134a5e245582cf832732bca256a3c39b50d81ace3e2c6b37c71dfba99e077
SHA512

41279f05588bda2627677402aa4e56af4eeb6c92c9804f8e5e092daa21868649ad29d64efe9059e150b29a01a8510e27781833c23d3e02d81323524d2971e1b6
SSDEEP

786432:xAP94qj9fGRpAJkolSM03oq8D80oz96O4oUTXM6ioA+hxsQdmPEU5gCzL:xZqjIpANWY989zAoUOozuQd+xL

Score

8^/10

adware persistence stealer upx

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exe

flow pid process

32 2664 msiexec.exe
34 2664 msiexec.exe

flow	pid	process
32	2664	msiexec.exe
34	2664	msiexec.exe

Executes dropped EXE 16 IoCs

Processes:

installer.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exejp2launcher.exejavaws.exejp2launcher.exe

pid	process
3580	installer.exe
3892	bspatch.exe
3876	unpack200.exe
4264	unpack200.exe
2084	unpack200.exe
3320	unpack200.exe
4880	unpack200.exe
3904	unpack200.exe
212	unpack200.exe
1156	unpack200.exe
1392	javaw.exe
1444	javaws.exe
532	javaw.exe
3720	jp2launcher.exe
1580	javaws.exe
1924	jp2launcher.exe

Loads dropped DLL 45 IoCs

Processes:

unpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exeinstaller.exejavaws.exejavaw.exejp2launcher.exejavaws.exejp2launcher.exeMsiExec.exe

pid	process
3876	unpack200.exe
4264	unpack200.exe
2084	unpack200.exe
3320	unpack200.exe
4880	unpack200.exe
3904	unpack200.exe
212	unpack200.exe
1156	unpack200.exe
1392	javaw.exe
1392	javaw.exe
1392	javaw.exe
1392	javaw.exe
1392	javaw.exe
3580	installer.exe
3580	installer.exe
3580	installer.exe
3580	installer.exe
1444	javaws.exe
532	javaw.exe
532	javaw.exe
532	javaw.exe
532	javaw.exe
532	javaw.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
3720	jp2launcher.exe
1580	javaws.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe
3976	MsiExec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0022-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0060-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4924-133-0x0000000000400000-0x0000000002975000-memory.dmp	upx
behavioral2/memory/4924-196-0x0000000000400000-0x0000000002975000-memory.dmp	upx
behavioral2/memory/4924-254-0x0000000000400000-0x0000000002975000-memory.dmp	upx
C:\ProgramData\Oracle\Java\installcache\bspatch.exe	upx
behavioral2/memory/3892-261-0x0000000000400000-0x0000000000417000-memory.dmp	upx
C:\ProgramData\Oracle\Java\installcache\bspatch.exe	upx
behavioral2/memory/3892-266-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/3892-268-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/4924-1038-0x0000000000400000-0x0000000002975000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

LauncherFenix-Java-8u51-Windows-i586.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	LauncherFenix-Java-8u51-Windows-i586.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe"	LauncherFenix-Java-8u51-Windows-i586.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeunpack200.exe

description	ioc	process
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.cpl	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\zipfs.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\images\cursors\win32_LinkNoDrop32x32.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\release	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\deploy.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\javaws.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\currency.data	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\npt.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\w2k_lsa_auth.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\lcms.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\messages_zh_TW.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\glass.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\psfont.properties.ja	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.jar	unpack200.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\nio.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\content-types.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\messages_es.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\access-bridge-32.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\sunec.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\management-agent.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME-JAVAFX.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\glib-lite.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\logging.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\security\java.policy	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\security\US_export_policy.jar	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.pack	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\prism_es2.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\prism_sw.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\messages_it.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\splash@2x.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\javafx.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\net.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\JavaAccessBridge-32.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\splash.gif	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\security\cacerts	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\zip.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\java_crw_demo.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\jfxwebkit.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\jpeg.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\WindowsAccessBridge.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\README.txt	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\fontmanager.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\jfr\default.jfc	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\lib\tzmappings	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\sunmscapi.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\dt_socket.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\javafx_font.dll	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe	installer.exe
File created	C:\Program Files (x86)\Java\jre1.8.0_51\bin\javafx_font_t2k.dll	installer.exe

Drops file in Windows directory 11 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\e56bca2.msi	msiexec.exe
File created	C:\Windows\Installer\e56bc9e.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID016.tmp	msiexec.exe
File created	C:\Windows\Installer\e56bca1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE437.tmp	msiexec.exe
File created	C:\Windows\Installer\e56bca2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e56bc9e.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F83218051F0}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

Processes:

installer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe

Modifies registry class 64 IoCs

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_97"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_03"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0092-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_21"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBB}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_15"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_22"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_14"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0082-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_82"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0028-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_04"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_42"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0013-0001-0094-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_09"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_35"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0050-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_50"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\WOW6432Node\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_14"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

jp2launcher.exejp2launcher.exe

pid process

3720 jp2launcher.exe
3720 jp2launcher.exe
1924 jp2launcher.exe
1924 jp2launcher.exe

pid	process
3720	jp2launcher.exe
3720	jp2launcher.exe
1924	jp2launcher.exe
1924	jp2launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

LauncherFenix-Java-8u51-Windows-i586.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeIncreaseQuotaPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSecurityPrivilege	2664	msiexec.exe
Token: SeCreateTokenPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeAssignPrimaryTokenPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeLockMemoryPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeIncreaseQuotaPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeMachineAccountPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeTcbPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSecurityPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeTakeOwnershipPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeLoadDriverPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSystemProfilePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSystemtimePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeProfSingleProcessPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeIncBasePriorityPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeCreatePagefilePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeCreatePermanentPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeBackupPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeRestorePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeShutdownPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeDebugPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeAuditPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSystemEnvironmentPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeChangeNotifyPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeRemoteShutdownPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeUndockPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeSyncAgentPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeEnableDelegationPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeManageVolumePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeImpersonatePrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeCreateGlobalPrivilege	4924	LauncherFenix-Java-8u51-Windows-i586.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe
Token: SeRestorePrivilege	2664	msiexec.exe
Token: SeTakeOwnershipPrivilege	2664	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

jp2launcher.exejp2launcher.exe

pid process

3720 jp2launcher.exe
1924 jp2launcher.exe

pid	process
3720	jp2launcher.exe
1924	jp2launcher.exe

Suspicious use of WriteProcessMemory 57 IoCs

Processes:

msiexec.exeinstaller.exejavaws.exejavaws.exeMsiExec.exeLauncherFenix-Java-8u51-Windows-i586.exe

description	pid	process	target process
PID 2664 wrote to memory of 3580	2664	msiexec.exe	installer.exe
PID 2664 wrote to memory of 3580	2664	msiexec.exe	installer.exe
PID 2664 wrote to memory of 3580	2664	msiexec.exe	installer.exe
PID 3580 wrote to memory of 3892	3580	installer.exe	bspatch.exe
PID 3580 wrote to memory of 3892	3580	installer.exe	bspatch.exe
PID 3580 wrote to memory of 3892	3580	installer.exe	bspatch.exe
PID 3580 wrote to memory of 3876	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3876	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3876	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4264	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4264	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4264	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 2084	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 2084	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 2084	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3320	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3320	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3320	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4880	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4880	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 4880	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3904	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3904	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 3904	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 212	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 212	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 212	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 1156	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 1156	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 1156	3580	installer.exe	unpack200.exe
PID 3580 wrote to memory of 1392	3580	installer.exe	javaw.exe
PID 3580 wrote to memory of 1392	3580	installer.exe	javaw.exe
PID 3580 wrote to memory of 1392	3580	installer.exe	javaw.exe
PID 3580 wrote to memory of 1444	3580	installer.exe	javaws.exe
PID 3580 wrote to memory of 1444	3580	installer.exe	javaws.exe
PID 3580 wrote to memory of 1444	3580	installer.exe	javaws.exe
PID 1444 wrote to memory of 532	1444	javaws.exe	javaw.exe
PID 1444 wrote to memory of 532	1444	javaws.exe	javaw.exe
PID 1444 wrote to memory of 532	1444	javaws.exe	javaw.exe
PID 1444 wrote to memory of 3720	1444	javaws.exe	jp2launcher.exe
PID 1444 wrote to memory of 3720	1444	javaws.exe	jp2launcher.exe
PID 1444 wrote to memory of 3720	1444	javaws.exe	jp2launcher.exe
PID 3580 wrote to memory of 1580	3580	installer.exe	javaws.exe
PID 3580 wrote to memory of 1580	3580	installer.exe	javaws.exe
PID 3580 wrote to memory of 1580	3580	installer.exe	javaws.exe
PID 1580 wrote to memory of 1924	1580	javaws.exe	jp2launcher.exe
PID 1580 wrote to memory of 1924	1580	javaws.exe	jp2launcher.exe
PID 1580 wrote to memory of 1924	1580	javaws.exe	jp2launcher.exe
PID 2664 wrote to memory of 3976	2664	msiexec.exe	MsiExec.exe
PID 2664 wrote to memory of 3976	2664	msiexec.exe	MsiExec.exe
PID 2664 wrote to memory of 3976	2664	msiexec.exe	MsiExec.exe
PID 3976 wrote to memory of 2504	3976	MsiExec.exe	cmd.exe
PID 3976 wrote to memory of 2504	3976	MsiExec.exe	cmd.exe
PID 3976 wrote to memory of 2504	3976	MsiExec.exe	cmd.exe
PID 4924 wrote to memory of 4480	4924	LauncherFenix-Java-8u51-Windows-i586.exe	msiexec.exe
PID 4924 wrote to memory of 4480	4924	LauncherFenix-Java-8u51-Windows-i586.exe	msiexec.exe
PID 4924 wrote to memory of 4480	4924	LauncherFenix-Java-8u51-Windows-i586.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Java-8u51-Windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Java-8u51-Windows-i586.exe"
1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4924

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi"DISABLE=1 ALLUSERS=1 /qn
2⤵
PID:4480

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664

C:\Program Files (x86)\Java\jre1.8.0_51\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_51\\" WEB_ANALYTICS=Disable EULA=Disable INSTALL_SILENT=Enable AUTO_UPDATE=Disable SPONSORS=Disable REPAIRMODE=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3580

C:\ProgramData\Oracle\Java\installcache\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
- Executes dropped EXE
PID:3892

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3876

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\javaws.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4264

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\plugin.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2084

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\rt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3320

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\charsets.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4880

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\jsse.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3904

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\localedata.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:212

C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1156

C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1392

C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1444

C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:532

C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3720

C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1580

C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 73D9001637A4B2FCF0C1850AB757CB65
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3976

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files (x86)\Java\jre1.8.0_51\installer.exe"
3⤵
PID:2504

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e56bca0.rbs
Filesize
618KB

MD5
574954baf2cbd84dfbb884cbef1005bb

SHA1
0f93412933f3cbe119ae4790e1ae01e1f9414589

SHA256
74b897cfbfbf621398fc054887e2fdf884e01eebe825c056a2f1bf7d6480804c

SHA512
b98ec00f0374382d72bb241d74cb76d312652f886358c791f85e794eeafc532820eb5bf8f4fe85135a029d3c4f97d6c73d8621558976c32f5238211d0b3c4905

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\client\classes.jsa
Filesize
11.5MB

MD5
5c11b6e353c4622625cb3c89a36f6d98

SHA1
f5c07b1eeb3ebf7fcd30d12562e8bfcdcad10cf7

SHA256
e3009e6a60084766dc68ab1aaf0dc0c1ccc111991697a948843a9ca9b657c023

SHA512
c0a8e72fb12157184f3d5b7abf89fefa26336c6837155379277cd836b75d5d1f1e02c5416632eab37cfa216b2e7e06d8a5302b4b9ccc4c8e16cbd63832921d7b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\client\jvm.dll
Filesize
3.6MB

MD5
3ea890eb92277d00c33b1b95bf0ae363

SHA1
cbd99756f3a79f15805868be5e177dc122351f5c

SHA256
dcd4b8ba604ffa3c26b64a957b33f37939286cdb5d331cfdede997e38a6e916f

SHA512
e03eca9da3d8879385fb50db919f751bbc32ee57f1a19bdb725c2669d3818fb51bf0effe9b8b7499eb3dbd5bc91869b87a5b61f21d82694785176cb44b6ee8a4

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\client\jvm.dll
Filesize
3.6MB

MD5
3ea890eb92277d00c33b1b95bf0ae363

SHA1
cbd99756f3a79f15805868be5e177dc122351f5c

SHA256
dcd4b8ba604ffa3c26b64a957b33f37939286cdb5d331cfdede997e38a6e916f

SHA512
e03eca9da3d8879385fb50db919f751bbc32ee57f1a19bdb725c2669d3818fb51bf0effe9b8b7499eb3dbd5bc91869b87a5b61f21d82694785176cb44b6ee8a4

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\deploy.dll
Filesize
433KB

MD5
75ceb49ec8f3f9ba29c7cf26ed6f3d3b

SHA1
1d6f3e9c4222890b02f44d3f56356bf07d59a3c6

SHA256
ff4cabd6fb2e4bbd04305bf42f0122d72648fa0309ce12940175cad7c3fdbe16

SHA512
9ba890ad913913ea2cf26698e1bc6489a0c6e27d930bcbe14e8bcdf773366ff29b2f77f00d5a8d41539a129030471cb479532682b27c45bec57fc4eb9f7554aa

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\deploy.dll
Filesize
433KB

MD5
75ceb49ec8f3f9ba29c7cf26ed6f3d3b

SHA1
1d6f3e9c4222890b02f44d3f56356bf07d59a3c6

SHA256
ff4cabd6fb2e4bbd04305bf42f0122d72648fa0309ce12940175cad7c3fdbe16

SHA512
9ba890ad913913ea2cf26698e1bc6489a0c6e27d930bcbe14e8bcdf773366ff29b2f77f00d5a8d41539a129030471cb479532682b27c45bec57fc4eb9f7554aa

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
Filesize
877KB

MD5
95479782c832632116e0fc0c8373f43e

SHA1
2383836d05cde3d600f2a5755d78f3f8fc1384e3

SHA256
7e7d22f4336cd575c5d5b559821ef6e1f3e61cdc6170c7fc118ba671e05e28fa

SHA512
3d606b9a01531dae301ef6ad48b7509a1da06841ee8e64756ea264a171bef2fe834ca66ed31891ccbbf10db99c148a8c7acc439f32e5f3d8382165a1887b44d3

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.dll
Filesize
122KB

MD5
b0a672c368fcd93030bda22bbcf5a704

SHA1
bc4edfe730143ae56fefb5e71b6d378c992286a4

SHA256
91af7593b939f7d64704f97bfa93cc89fbee1f13af8f5a8413ff475c8fdedd2d

SHA512
0308a2559ef86122a8aa4ba6b0aa1eba6062b4ebc90e02adb114c13c0c4d5928e32620ef4e1f067decea3a3cdcd8bcb244ffca6794614a829d968cff21d08452

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.dll
Filesize
122KB

MD5
b0a672c368fcd93030bda22bbcf5a704

SHA1
bc4edfe730143ae56fefb5e71b6d378c992286a4

SHA256
91af7593b939f7d64704f97bfa93cc89fbee1f13af8f5a8413ff475c8fdedd2d

SHA512
0308a2559ef86122a8aa4ba6b0aa1eba6062b4ebc90e02adb114c13c0c4d5928e32620ef4e1f067decea3a3cdcd8bcb244ffca6794614a829d968cff21d08452

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
Filesize
187KB

MD5
4e022c0940633a9538892cb26b65bd0d

SHA1
2eaa5ddcedbcb0505dfab01ea77e742fdcf1fc66

SHA256
66df65ae4b5b7a5ab01a287c0e32b1ab8d94a8657d951946591dff07d74daf8a

SHA512
13fc11bd956be02c60989d21621fe4040f22aa6b17ac4146ab9d8985aabe82662f786a18d3c0a2308decf7f249d1e3b12883f28507f04aed81667957e46824a2

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
Filesize
187KB

MD5
4e022c0940633a9538892cb26b65bd0d

SHA1
2eaa5ddcedbcb0505dfab01ea77e742fdcf1fc66

SHA256
66df65ae4b5b7a5ab01a287c0e32b1ab8d94a8657d951946591dff07d74daf8a

SHA512
13fc11bd956be02c60989d21621fe4040f22aa6b17ac4146ab9d8985aabe82662f786a18d3c0a2308decf7f249d1e3b12883f28507f04aed81667957e46824a2

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
Filesize
267KB

MD5
9a474c07c5242ef2ae12ff6bf387f334

SHA1
32831afe026fa37622a8230212187de4ceb5f269

SHA256
e2ef18b9744273092673d52fccbe074c68fa0cca3297e8244c18970939cf6881

SHA512
4fbb5ac7badf1da76e7a0d5fc50f4ccbf104db21b7d0b3b640c58fc2d290739b748ee54b8c4b4bc3a01f89cb54fbd38701811484c20ccfe031b1c4452ce49f80

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\msvcr100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe
Filesize
155KB

MD5
5e1561548895218973eb5c833d96bd60

SHA1
834128f1ae0503cc2ec8a319fe6e4bd770fc78fb

SHA256
86b3544459cef88b64a1843057b82b73509b6b07da141bfd7f7706edb603632c

SHA512
7f45f904d5d54b4dd98ae6c21f36359611d25a72198bdde2996368b39e4ed6a2562d4efa2e4842ca54df7fa6b46621d1423b3cf822d459ef90f52b559b1c2967

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\verify.dll
Filesize
38KB

MD5
be0d5a12304f91dbddd43ca4e71db76b

SHA1
79e61f2ca096e76ab973b06ecf5b421a50e2818f

SHA256
88a943f8955eeb04c08083dd30ad2a2a503eeb0c0c166934698e414e7c7b2812

SHA512
4710b627ed278bdb69ebf97624dae05136b151b2b3826c5539c9d7e7daa5049da3c05bfd204e3bc6a2777b52a9c5a11d7ff6c6082c304780dc802ddf8423df01

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\verify.dll
Filesize
38KB

MD5
be0d5a12304f91dbddd43ca4e71db76b

SHA1
79e61f2ca096e76ab973b06ecf5b421a50e2818f

SHA256
88a943f8955eeb04c08083dd30ad2a2a503eeb0c0c166934698e414e7c7b2812

SHA512
4710b627ed278bdb69ebf97624dae05136b151b2b3826c5539c9d7e7daa5049da3c05bfd204e3bc6a2777b52a9c5a11d7ff6c6082c304780dc802ddf8423df01

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\wsdetect.dll
Filesize
160KB

MD5
274247306e82ab8f1c1713fd496c8d5c

SHA1
418eb1b509ee41260e43612043766b2e1c25eb3e

SHA256
88dc2a78959a38cd19086effdd508f3cffa822b295b72586f39f9447dda55641

SHA512
92085e83d445b821243563b33e539449ac849a43cf58df13e1d0bf12556c2eb7b624fdcab6270c345bc3965a8db2f1b0f693022a5ab07184e94f08a41944abf9

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\wsdetect.dll
Filesize
160KB

MD5
274247306e82ab8f1c1713fd496c8d5c

SHA1
418eb1b509ee41260e43612043766b2e1c25eb3e

SHA256
88dc2a78959a38cd19086effdd508f3cffa822b295b72586f39f9447dda55641

SHA512
92085e83d445b821243563b33e539449ac849a43cf58df13e1d0bf12556c2eb7b624fdcab6270c345bc3965a8db2f1b0f693022a5ab07184e94f08a41944abf9

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\zip.dll
Filesize
67KB

MD5
c48e496b9d614179829d5d2852283797

SHA1
47e6fc2963f6bed6ff7e28f0e54b37f18bb4fd72

SHA256
142e8506773a3bd185400b5bba50a13eed364188d52edf1bd66b5039c4cd024a

SHA512
d89e1c4ee867e693659b072173410f9f1058db31c58de272c4e4a76b367ef6aeb34a4dfca297e6c3c99cd834b9b45290e4243fa3265d153ef12dfa90934db406

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\bin\zip.dll
Filesize
67KB

MD5
c48e496b9d614179829d5d2852283797

SHA1
47e6fc2963f6bed6ff7e28f0e54b37f18bb4fd72

SHA256
142e8506773a3bd185400b5bba50a13eed364188d52edf1bd66b5039c4cd024a

SHA512
d89e1c4ee867e693659b072173410f9f1058db31c58de272c4e4a76b367ef6aeb34a4dfca297e6c3c99cd834b9b45290e4243fa3265d153ef12dfa90934db406

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\installer.exe
Filesize
77.2MB

MD5
d6d2b9204fdadb56ebc0d76fa8071b99

SHA1
d0ceb5710433dc140ef233f2daa4d155a240cc6b

SHA256
e1b7275e231dbd401afea7a56a1acd4d8b84fc32c123d14029f4dae42f7b5811

SHA512
d874d81398b10d553d1d4ae1aca7738931336c9ea5127af6eaa19d996dc09c6b83b45a945c45f07091191f26c72b6131bb5aadb0b17e27e4ca1988a421b77e1b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\installer.exe
Filesize
77.2MB

MD5
d6d2b9204fdadb56ebc0d76fa8071b99

SHA1
d0ceb5710433dc140ef233f2daa4d155a240cc6b

SHA256
e1b7275e231dbd401afea7a56a1acd4d8b84fc32c123d14029f4dae42f7b5811

SHA512
d874d81398b10d553d1d4ae1aca7738931336c9ea5127af6eaa19d996dc09c6b83b45a945c45f07091191f26c72b6131bb5aadb0b17e27e4ca1988a421b77e1b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\charsets.jar
Filesize
2.9MB

MD5
91e7281bc83edebb1deae5afd17c63b3

SHA1
de80162db5f0082718b58ce069da9baaf482b31a

SHA256
7c62a2da6533021b8829bbd6e8c0681d5dd17d313f9f50cb98d7aa58febab4e0

SHA512
e2ce411523d9689c9462e38713010458ce0fe4e7367e31401a968befa345b1d8894ada49d262dfe2f5579a05f9af2a124399194998d01ecf74db87beaf8b8942

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\charsets.pack
Filesize
1.0MB

MD5
6bc15ed4742da3c21edb29bc7f0f6011

SHA1
c44baf4ee9e909ada3e6ce643fb24d5a989b5b97

SHA256
a57f7dc3770bd5fc42649add9f908de3d985a1ca76a0646294675aa87b58bb7f

SHA512
9b97e2d1076458a7b6b7e98d785723358f831a8e84aaf394aabcaa3c2e69b225d3c2332f300b4d1431460a7dfdcdffdc74284ed419b38cbd4fc81b44c5c4ac6e

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\classlist
Filesize
78KB

MD5
51531cbbe256939e7ab12fcc256fbf3a

SHA1
5754126190f818b7d39d5b725a1878fb33233d26

SHA256
406b68d923e9ce01f19194bca03eaaf9fc0efce6590713b6d066485cd94d1339

SHA512
dae90c8f429bfc7782bed9116b6a3b30110ce2b2da865f63fefdbd6be965284c7d90ff8ebf869481e01246d35264110a3d8690b397cb1a109faf61d2f937bcc2

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy.jar
Filesize
4.6MB

MD5
ee71b3bac7ca0938f8e34b3ab0c7ae29

SHA1
07fe97c68f8cc2e7fd875d4f1e231446a5deee14

SHA256
1d0e6b4bbadffb5b4ebc0b7af65af330405c5ba077fc446ef3c4ad101c217c8c

SHA512
56ac8e533c5bb5879017fc5e78b585263369fda99850ef5713a8016239c3750d1dfb76d73ede6278d88d7d39f09a8d10cea8b671119f9012585b9bb853886d4e

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy.pack
Filesize
1.8MB

MD5
11ed0eb3d191f6e98e1d7c03b585ce07

SHA1
bb33d2f19fe66e7395c58c9ec974260607285ae6

SHA256
43f17ca43f00fa4ce43864b8cd3e1705c4a8e56b0aa7403ed027846fad29865e

SHA512
4883c24948e69c1fd4054af33b276d8dad6c5f6397cb133caa7d9fe36775e6bbddb44df48d2e813ebad897db8030071d758ae6c65f2eadcc32b9af758cdecc32

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.jar
Filesize
15.8MB

MD5
403cf58b2c705d270eff9eb417ab9322

SHA1
863cd62ab8d17926e152e0180b163c353bdbead6

SHA256
18f9cafb3916c3deecc3e928ee07f2c4a7a6163b2c41a98e10250c83c6c50cd4

SHA512
cf1716476af7a259e29e7c8e5533dcfc56c05caf2cad96de681c903901e78288084b5a073e1f062f1894f7bd55ed0dfc1f745271d8fd65e79d05ccef0d33f921

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\jfxrt.pack
Filesize
4.8MB

MD5
7546f013514fdd6e49cd6490a3cd9668

SHA1
296093b5858d00c9f0c7a625ff8b8e13e1255bab

SHA256
d079f7943c0d3aefac199bcf5756602014ca952c448338f136aeac72c9258989

SHA512
8897337eb282e1d8b95b024557700191da64fdf9d0c961abbd167c534c7932905f03278a87ffc845a9e80ac4ae37f2e68e6b1ea6997c1a620fb8b71a24afcd09

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\localedata.jar
Filesize
2.1MB

MD5
5a5bb580763646b33efe4859a8de0692

SHA1
5fc7a2f8b186f33bbcaf488f28775a416cdda860

SHA256
baac58ac834cdfb904e5071aff7a3594cc4daf92c28cfb2040ffc965581b23c8

SHA512
d8181d9c45533af63eb2e6839a7d78388e6fabdaa097c63082cea3574aa1e3bbdb826eafbbc6ea03807d68efc8e1952157a5efe49dc2623459eb371d2b108826

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\ext\localedata.pack
Filesize
1.3MB

MD5
64746e4444479f61c73a3a80fbd69071

SHA1
8232ee1702f67877648510374918a9b561c30446

SHA256
46e2db73691a4c4f01051b5ef6b2b80624e9ce55b90f81a07f7975ad993b7eb5

SHA512
48f016d6c7e257a781317f0d0dc821ed16eca85498a2554f758bcaf497b236f9f982dbdc441799bc66fc523e743e49a3f09f249fcc0b817c16b098af067e400b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\i386\jvm.cfg
Filesize
623B

MD5
9aef14a90600cd453c4e472ba83c441f

SHA1
10c53c9fe9970d41a84cb45c883ea6c386482199

SHA256
9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1

SHA512
481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif
Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\javaws.jar
Filesize
943KB

MD5
53b818577cfbd1dd6c00ac97adcaf01c

SHA1
17c70e2edda32459b5af200a37ba115eeedea169

SHA256
a3f5a9e02225650db4e82e87d50e31f39ceb79e899985ce879261bb8008d131a

SHA512
87b6f3711ac36bb42596ee5374124c72b36e92c390abdc16f935f17ac6d746f70703e43f42358df07e9a34abae8a95af9a384b4045ac2e8baf5022034a70a575

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\javaws.pack
Filesize
211KB

MD5
fa1e16eb28f64d9c298f47e9a8e646a2

SHA1
0570838e0915f3ee8835331df2973a1c0f70063c

SHA256
8df51094287c898ef63d58e865fa886e8df5f5ef3284c06df8ad5d3ff870789c

SHA512
e67a09b7d912ec4908f4119d5beb7c8c34d86150e4ce835fc91e7290b66affcbe06162f9edaa8db74be8a1eb932a3954a1d7a2ed7f2d2878387c16de33a6602b

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\jce.jar
Filesize
111KB

MD5
df21aa9a2da9f94763bdcc80f07c9afd

SHA1
bccfe5cfbbf0791e752754b964313f9079f748bf

SHA256
c57cf3b05d552d8a573b31a46e97a13201cf1df8f0d5cd4645514ba9a3f1c6a8

SHA512
034bbbb0a12eb21a08947e70ab30c15bb938e295f40d414b1a8df57db0a47828f23e7c612dcb936c4ab745f8ee217da571632d29fe115d946851538040d51756

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\jfr.jar
Filesize
542KB

MD5
7d9f39268f10d96937e71b5657d53ac2

SHA1
a91022c4e3891d1c088f77d0f5e49f7907f47ce5

SHA256
210dd5b7e65d0572faf3afdcf26e819745d640a3af38f91388e1ba76eab77812

SHA512
1ea724bf2d8059a12b2b4d3f635a9a6133b5f2f7be5c0362e4981ef8d0d642a5aa0e8c5608c23991a29692ca8863fc8b2d021f685b796b153260de22ef0bdb29

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\jsse.jar
Filesize
549KB

MD5
3301eb1a6bf5dec6f6ccb4aa67507c68

SHA1
3d1a812b596ea2149f265d1ff4da5d91893862a6

SHA256
29886b3ec1ecac389315da19eb3aee6ec9f5946d9577338c7aadf0839a8b2356

SHA512
e1ad41a64fd6520f8bb9b3e65278b750d9cd2986d5d63aea2b37e35a5309e23a71b3e6cf6e4b3b56668a6e8cb7cf4d38b1146aceacce88f68e28bbe42ff9fd10

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\jsse.pack
Filesize
150KB

MD5
528577f30942f82658fa6c2bb906fd2b

SHA1
d001e8bae79c819d4f5ac5ea2acf28b12c21c860

SHA256
2ba44ae4b7dbb384628fb5bab3b6cdde9573810d6e79aa7dae982811be9faa47

SHA512
e9ba9edaab33752a9196e1fa1660640a8ec485c1cb5cdf4fcbea75538f8fe2943e9e712833826644e3f07d30d885c754667eaae1db28ac7462ab66cd4b4caa69

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\meta-index
Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\plugin.jar
Filesize
1.8MB

MD5
00f54c08727f4cda677d4122d566b20f

SHA1
2f3dc65a461db236052c6de29baf5ac9844a4315

SHA256
cef8fb553ef3d6f478298105acc7c22c69f7243dc2b840d53c34de9b7b526471

SHA512
2c248864a0e20b26a5edf78835b632af73fe51d9973d173ecb0afeb2a150c444e8abd6db27bcae82d5a662b691b7c82f16204996398b5671ef4be27fb633be8a

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\plugin.pack
Filesize
482KB

MD5
a575f452a325b2d8788e505b47d5eeba

SHA1
0a9f26da4d837bb52f6a39ad3d2ee4f079ee2f9d

SHA256
37b388d7691e807b4b30e5000c486f946625656361566ee141833644ff280536

SHA512
8d912bc7b876fa3cd6f7f5bc8e803f6f895807cb880d940069d6a665066ea90ed43ca95b7f225f61a339b345e6b054ca70a509757ad3afd21df4e8e2f036bdec

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\resources.jar
Filesize
3.3MB

MD5
90f2dd99c07dba99e6b8738185003ca3

SHA1
009f5472a84bc98df49737b452ff7cd6106a31b5

SHA256
45558fff587dbc505e54165e45737a4bf38b504c9a093b3b2a89e590de487db3

SHA512
429b513ad672f841dd44d5b806525f240162b57b33c8399d1e761fbb04ce79d358c17b8ed21b5d7cf9c8b2857d103cad37844befbc86628f7421f6fcbed9b04f

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\rt.jar
Filesize
51.8MB

MD5
1f99fa8fbed2e7e881a5c06a4d9d003d

SHA1
d0e00a232cd8d6475b0f30631a4594bdfe6b56ca

SHA256
fba63aae0306effae3bc256209a7b99bcdec3a297da0afb1451eb433fa2f67df

SHA512
6236a715c5763b7da0860bd0fd48e23c262a094cf54e5d667428eb4eabda7778f3b23291413258b269b0a4d5c140dcbd2533830759729a42b1a3cc9b62c47465

Download Submit
C:\Program Files (x86)\Java\jre1.8.0_51\lib\rt.pack
Filesize
13.1MB

MD5
5fd5d7f15a142f6c38da23beed603ce1

SHA1
b682bd0e24ba7f462b5d8815499064c2b98b2dd1

SHA256
04da4158a8c46336ef14f090a0e8cd241216602e0acf05e7f28e338b3af8d701

SHA512
de4951eda55b6bd0e4c24e41034046d59fdc1107e1d08ede69f3d04b06927bccad19e5fd2cda88e80bdebcf25edf7417954c01cf63fd48312b6b0b3e3ecb42b7

Download Submit
C:\ProgramData\Oracle\Java\installcache\baseimagefam8
Filesize
67.7MB

MD5
c68f61bae0654148ae82c9ac18c771f9

SHA1
fde79f7eebe45a096e7af4d7463294551dead994

SHA256
fe7870985a9af11cff29ed00c1a8042d5e1f3194b465146ddcaa9612a51a3195

SHA512
f08e5bbbd74c322a079618aee7da064f510bac05f1b0066da11d9829f8ad8e9ca03ad0e20116d64173e2b5a9a0e12c1ac95b2880805c6a4de2828839506f7107

Download Submit
C:\ProgramData\Oracle\Java\installcache\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\bspatch.exe
Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache\diff
Filesize
8.3MB

MD5
803606d0d196836ca64e4eccc27a8881

SHA1
3be75068f3d8c0ec64df7105088df14e54c6e514

SHA256
4fc355172eea1f91572edde369e4a718d2cbe675180311101bc1654e94d059d5

SHA512
9fc01d78dadea4e7759b3c1951a071ea0e3368dc28efa85a808e0ac19cc91eddaf424b6da3c6e20af61afcb720e29175ac8d66b975673c3e497aa024085c40f7

Download Submit
C:\ProgramData\Oracle\Java\installcache\newimage
Filesize
68.8MB

MD5
7c4d0f863cc3f4823b56098b31f77a63

SHA1
2db9cdfa96361965e230cf855fcbfb7f9e6c90af

SHA256
676dbf50eb029bfe6148b4b5633c86ed0043ef3cd7be79c4d9318bd011de1bb6

SHA512
535f72a11d0d3d366f598e016ee8de1602767078f5f9e1a8aed669ac9ac55b79b410c5f2df81c8cbaeb570245ba31ed00f1f24806fb97a27d939c576612c351d

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
Filesize
1KB

MD5
9e65c569818ae9612e14f1de77d74a25

SHA1
fc65630cd37941f1e538b54f512fc4a3b9056547

SHA256
8d740e5ddf0a9ab5058fa0a606a74ac2126fc2f252040ce169ff29bb2f9122a4

SHA512
90807a0e90fb126111d01127cc273719b1e3e47d232f160ce51c7f1388f7d0d336bd892787ebc316e6318250127c8fee8190e27eb37f15b356e7c789ddf7e3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
Filesize
1KB

MD5
0c6d13af042e61538580d3d9f68ef19c

SHA1
b2735a63cae9564924be293ea2da4dccae90021f

SHA256
b076ae631bc18179b974760f46134d5eb9c9faae9943f0ebfd1dfde3efdd9cfa

SHA512
f20c60d857e0712380cf9877ecac82427d286af2cb9b2948a3d59ba0b1007fc1832915d032b23ec95df789e44da769352eb8e8562d171b9aa6e1d69c7a19deda

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51\jre1.8.0_51.msi
Filesize
35.1MB

MD5
c9e1f621bb5df89ed5c95e31c07f8deb

SHA1
8a80e473b291eab21f2c546890df89e74a316deb

SHA256
2b7e35e9e9a0c00f0b2998f97daec63dda24e3b6822fc8c5c361e79abc2ccf54

SHA512
9218cbe077f69533079523b279e5dcd01569ee22eba959d7a5153fe2b902f27f723584088d43bdf6ce237210c9d93c8f26cf3d0008b1dbd2f84923b830181743

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
267KB

MD5
e2e875cc21495c91484e1a999e9decc8

SHA1
0c189c8c09504a01dc885cb3dde7a529b95f6024

SHA256
6a83ccdc2085fad442a5c4a92e8fc3c1f020af2c773eef23247f53238dae667b

SHA512
92213b6553fdc20bc8c364a4c617526f2d826670b6ee56c71875e5d3c329743232fa1e6d23c8bb15b2a0c5393b85f4a51be43229393206bc7dc5bd231465d898

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
283KB

MD5
4d6f1b96c46b455b2df8ee20284534da

SHA1
c8fce2e9f1a1d46580e852723a4e93207b7d3de7

SHA256
fea463843dc72ce99f490489d0ab669b5ace087371a04e6c91e99d83318bc65c

SHA512
60442542c67886da40d0e28ecca9ce571a5902825e62b07f3b883caa0f4d6ee46690aa7d65c013388daf7e044ef099caae53f2a1fb547378b28290280f04466c

Download Submit
C:\Windows\Installer\e56bc9e.msi
Filesize
35.1MB

MD5
c9e1f621bb5df89ed5c95e31c07f8deb

SHA1
8a80e473b291eab21f2c546890df89e74a316deb

SHA256
2b7e35e9e9a0c00f0b2998f97daec63dda24e3b6822fc8c5c361e79abc2ccf54

SHA512
9218cbe077f69533079523b279e5dcd01569ee22eba959d7a5153fe2b902f27f723584088d43bdf6ce237210c9d93c8f26cf3d0008b1dbd2f84923b830181743

Download Submit
memory/532-802-0x0000000016A60000-0x0000000016A70000-memory.dmp

Filesize
64KB

Download
memory/532-827-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1392-557-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1924-990-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/1924-978-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/1924-996-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/3720-917-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-923-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-890-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-900-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-901-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-908-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-910-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-928-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-920-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3720-864-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3892-268-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3892-266-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3892-261-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4924-133-0x0000000000400000-0x0000000002975000-memory.dmp

Filesize
37.5MB

Download
memory/4924-196-0x0000000000400000-0x0000000002975000-memory.dmp

Filesize
37.5MB

Download
memory/4924-254-0x0000000000400000-0x0000000002975000-memory.dmp

Filesize
37.5MB

Download
memory/4924-1038-0x0000000000400000-0x0000000002975000-memory.dmp

Filesize
37.5MB

Download