8352ec10616085d1ec56b1ceab09fa2df9cb23442f9080920a9e873671e305fc

Analysis

max time kernel
139s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u5-windows-x64.exe
Size

32.6MB
MD5

fb50b5035f206dfaf35761947b5707ba
SHA1

ca656e8a722c068939665ad23760b8b072281594
SHA256

8352ec10616085d1ec56b1ceab09fa2df9cb23442f9080920a9e873671e305fc
SHA512

854c4f5d08cbb17a1d5c7f291c77545a2efff0c422f47ee69af61a95f2d7d273a0859c5a628204f378fe43eac5d6ccec917075bbb5464ee3934707c21c58b98b
SSDEEP

786432:E7CrTxluqNrJVk+ZlzOWQNa5CuMOV0NJRjhuZ/255:EUbuq9J6+rOUCuM9n1QZ/i

Score

8^/10

adware persistence stealer

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
44	688	msiexec.exe

Executes dropped EXE 9 IoCs

pid	Process
3608	unpack200.exe
1152	unpack200.exe
1256	unpack200.exe
3940	unpack200.exe
4432	unpack200.exe
2488	unpack200.exe
1144	unpack200.exe
1132	unpack200.exe
2760	javaw.exe

Loads dropped DLL 17 IoCs

pid	Process
4312	MsiExec.exe
3864	MsiExec.exe
3608	unpack200.exe
1152	unpack200.exe
1256	unpack200.exe
3940	unpack200.exe
4432	unpack200.exe
2488	unpack200.exe
1144	unpack200.exe
1132	unpack200.exe
2760	javaw.exe
2760	javaw.exe
2760	javaw.exe
2760	javaw.exe
2760	javaw.exe
3864	MsiExec.exe
3864	MsiExec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0028-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0046-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0059-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0022-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBA}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC}\INPROCSERVER32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0081-ABCDEFFEDCBA}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0041-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0063-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0051-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	MsiExec.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\system32\javaws.exe	MsiExec.exe
File created	C:\Windows\system32\java.exe	MsiExec.exe
File opened for modification	C:\Windows\system32\java.exe	MsiExec.exe
File created	C:\Windows\system32\javaw.exe	MsiExec.exe
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	MsiExec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre8\bin\ktab.exe	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\security\local_policy.jar	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\javaws.pack	MsiExec.exe
File created	C:\Program Files\Java\jre8\README.txt	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\nio.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\prism_es2.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\t2k.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\ext\zipfs.jar	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\flavormap.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\fontconfig.bfc	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\ext\jfxrt.jar	unpack200.exe
File created	C:\Program Files\Java\jre8\bin\instrument.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\javacpl.cpl	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\sunec.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\unpack.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\w2k_lsa_auth.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\deploy\messages_ja.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\fonts\LucidaBrightItalic.ttf	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\images\cursors\win32_CopyDrop32x32.gif	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\dcpr.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\lcms.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\ssv.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\jfr\profile.jfc	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\security\javaws.policy	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\plugin2\msvcr100.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\sunmscapi.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\deploy\splash.gif	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\fontconfig.properties.src	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\fonts\LucidaSansRegular.ttf	MsiExec.exe
File created	C:\Program Files\Java\jre8\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\jjs.exe	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\kinit.exe	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\server\classes.jsa	javaw.exe
File created	C:\Program Files\Java\jre8\lib\images\cursors\invalid32x32.gif	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\jfr.jar	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\psfontj2d.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\sound.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\patchjre.exe	msiexec.exe
File created	C:\Program Files\Java\jre8\bin\jsound.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\rmiregistry.exe	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\msvcr100.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\server\Xusage.txt	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\images\cursors\cursors.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\resources.jar	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\rt.pack	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\gstreamer-lite.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\hprof.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\jli.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\tzdb.dat	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\plugin.jar	unpack200.exe
File created	C:\Program Files\Java\jre8\core.zip	msiexec.exe
File created	C:\Program Files\Java\jre8\lib\deploy\messages.properties	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\javaws.jar	unpack200.exe
File created	C:\Program Files\Java\jre8\bin\servertool.exe	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\cmm\LINEAR_RGB.pf	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\jfr\default.jfc	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\plugin.pack	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\security\blacklisted.certs	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\dt_shmem.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\glib-lite.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\management.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\management\snmp.acl.template	MsiExec.exe
File created	C:\Program Files\Java\jre8\bin\verify.dll	MsiExec.exe
File created	C:\Program Files\Java\jre8\lib\cmm\sRGB.pf	MsiExec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI18F3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1FAA.tmp	msiexec.exe
File created	C:\Windows\Installer\e5809b4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5809b4.msi	msiexec.exe
File created	C:\Windows\Installer\e5809af.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5809af.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID49.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F86418005FF}	msiexec.exe
File created	C:\Windows\Installer\e5809b3.msi	msiexec.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_66\\bin"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_66\\bin"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_66\\bin"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "3"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	MsiExec.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0082-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_56"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0083-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_83"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_27"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0080-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_79"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_38"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_71"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_91"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0061-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_14"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0054-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0092-ABCDEFFEDCBB}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_12"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_35"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_42"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_26"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_18"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBB}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0060-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0096-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0026-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_07"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_33"	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBA}	MsiExec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBB}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0012-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0063-ABCDEFFEDCBB}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBA}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_08"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0054-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_54"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0050-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_33"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0063-ABCDEFFEDCBB}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\INPROCSERVER32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_10"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0051-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_51"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0099-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBB}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\bin\\jp2iexp.dll"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0077-ABCDEFFEDCBC}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\INPROCSERVER32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}	MsiExec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3604	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3604	msiexec.exe
Token: SeSecurityPrivilege	688	msiexec.exe
Token: SeCreateTokenPrivilege	3604	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3604	msiexec.exe
Token: SeLockMemoryPrivilege	3604	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3604	msiexec.exe
Token: SeMachineAccountPrivilege	3604	msiexec.exe
Token: SeTcbPrivilege	3604	msiexec.exe
Token: SeSecurityPrivilege	3604	msiexec.exe
Token: SeTakeOwnershipPrivilege	3604	msiexec.exe
Token: SeLoadDriverPrivilege	3604	msiexec.exe
Token: SeSystemProfilePrivilege	3604	msiexec.exe
Token: SeSystemtimePrivilege	3604	msiexec.exe
Token: SeProfSingleProcessPrivilege	3604	msiexec.exe
Token: SeIncBasePriorityPrivilege	3604	msiexec.exe
Token: SeCreatePagefilePrivilege	3604	msiexec.exe
Token: SeCreatePermanentPrivilege	3604	msiexec.exe
Token: SeBackupPrivilege	3604	msiexec.exe
Token: SeRestorePrivilege	3604	msiexec.exe
Token: SeShutdownPrivilege	3604	msiexec.exe
Token: SeDebugPrivilege	3604	msiexec.exe
Token: SeAuditPrivilege	3604	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3604	msiexec.exe
Token: SeChangeNotifyPrivilege	3604	msiexec.exe
Token: SeRemoteShutdownPrivilege	3604	msiexec.exe
Token: SeUndockPrivilege	3604	msiexec.exe
Token: SeSyncAgentPrivilege	3604	msiexec.exe
Token: SeEnableDelegationPrivilege	3604	msiexec.exe
Token: SeManageVolumePrivilege	3604	msiexec.exe
Token: SeImpersonatePrivilege	3604	msiexec.exe
Token: SeCreateGlobalPrivilege	3604	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe
Token: SeRestorePrivilege	688	msiexec.exe
Token: SeTakeOwnershipPrivilege	688	msiexec.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3604	2904	jre-8u5-windows-x64.exe	86
PID 2904 wrote to memory of 3604	2904	jre-8u5-windows-x64.exe	86
PID 688 wrote to memory of 4312	688	msiexec.exe	91
PID 688 wrote to memory of 4312	688	msiexec.exe	91
PID 688 wrote to memory of 3864	688	msiexec.exe	94
PID 688 wrote to memory of 3864	688	msiexec.exe	94
PID 3864 wrote to memory of 3608	3864	MsiExec.exe	97
PID 3864 wrote to memory of 3608	3864	MsiExec.exe	97
PID 3864 wrote to memory of 1152	3864	MsiExec.exe	100
PID 3864 wrote to memory of 1152	3864	MsiExec.exe	100
PID 3864 wrote to memory of 1256	3864	MsiExec.exe	103
PID 3864 wrote to memory of 1256	3864	MsiExec.exe	103
PID 3864 wrote to memory of 3940	3864	MsiExec.exe	104
PID 3864 wrote to memory of 3940	3864	MsiExec.exe	104
PID 3864 wrote to memory of 4432	3864	MsiExec.exe	106
PID 3864 wrote to memory of 4432	3864	MsiExec.exe	106
PID 3864 wrote to memory of 2488	3864	MsiExec.exe	108
PID 3864 wrote to memory of 2488	3864	MsiExec.exe	108
PID 3864 wrote to memory of 1144	3864	MsiExec.exe	111
PID 3864 wrote to memory of 1144	3864	MsiExec.exe	111
PID 3864 wrote to memory of 1132	3864	MsiExec.exe	114
PID 3864 wrote to memory of 1132	3864	MsiExec.exe	114
PID 3864 wrote to memory of 2760	3864	MsiExec.exe	116
PID 3864 wrote to memory of 2760	3864	MsiExec.exe	116
PID 2904 wrote to memory of 1064	2904	jre-8u5-windows-x64.exe	119
PID 2904 wrote to memory of 1064	2904	jre-8u5-windows-x64.exe	119

C:\Users\Admin\AppData\Local\Temp\jre-8u5-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u5-windows-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_05_x64\jre1.8.0_05.msi" /qn EULA=0
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3604
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi"DISABLE=1 ALLUSERS=1 /qn
  2⤵
  PID:1064

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 1884198A1A0977E0AD40AFB0C244F942
  2⤵
  - Loads dropped DLL
  PID:4312
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6610B27DE2717D67737C57234F0F4022 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Installs/modifies Browser Helper Object
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3864
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\rt.pack" "C:\Program Files\Java\jre8\lib\rt.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3608
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\charsets.pack" "C:\Program Files\Java\jre8\lib\charsets.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1152
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\deploy.pack" "C:\Program Files\Java\jre8\lib\deploy.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1256
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\javaws.pack" "C:\Program Files\Java\jre8\lib\javaws.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:3940
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\plugin.pack" "C:\Program Files\Java\jre8\lib\plugin.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:4432
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\jsse.pack" "C:\Program Files\Java\jre8\lib\jsse.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2488
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\ext\localedata.pack" "C:\Program Files\Java\jre8\lib\ext\localedata.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1144
- - C:\Program Files\Java\jre8\bin\unpack200.exe
    "C:\Program Files\Java\jre8\bin\unpack200.exe" -r -v -l "C:\Users\Admin\AppData\Local\Temp\java_install.log" "C:\Program Files\Java\jre8\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre8\lib\ext\jfxrt.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:1132
- - C:\Program Files\Java\jre8\bin\javaw.exe
    "C:\Program Files\Java\jre8\bin\javaw.exe" -Xshare:dump
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre8\bin\MSVCR100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\deploy.dll

Filesize
535KB

MD5
6d06dff72f80bbc3178ed64cbd3ca1e0

SHA1
22022e8bef9bb215e8c48362b735ad9a9258efde

SHA256
f6f4304ef989d073a6d0d7b0bade260534a6704fc148bd5303d1159eb5ef220d

SHA512
c96d2f267763aa97440e8a6fece8ead3ffe4edc7b3d8f06f7499391916a2da8748c0234c2a41515501c4aca293b58904ca044481266d09867850deac3c6f454b

Download Submit
C:\Program Files\Java\jre8\bin\deploy.dll

Filesize
535KB

MD5
6d06dff72f80bbc3178ed64cbd3ca1e0

SHA1
22022e8bef9bb215e8c48362b735ad9a9258efde

SHA256
f6f4304ef989d073a6d0d7b0bade260534a6704fc148bd5303d1159eb5ef220d

SHA512
c96d2f267763aa97440e8a6fece8ead3ffe4edc7b3d8f06f7499391916a2da8748c0234c2a41515501c4aca293b58904ca044481266d09867850deac3c6f454b

Download Submit
C:\Program Files\Java\jre8\bin\installer.dll

Filesize
326KB

MD5
73083c89812167ed8ea9c1f6f1ccaf3a

SHA1
2fcedfe68ff8531a46ad4c5e77c5167dfc12ab54

SHA256
e052cf1256d626804e7b11dbb42aacfc77e10c05066c63134c64c4dffa2cb830

SHA512
dbddb369b408a60a68eac258434d6b90016db9fa3ac6c7c20aeca34c7268399a7add19888116141d1404e7566c4524583539c8cb48f05a8410f7ce78ca9471e4

Download Submit
C:\Program Files\Java\jre8\bin\java.dll

Filesize
152KB

MD5
743f61eeddc1f1c764ccf9e6a82ad4df

SHA1
5527b79632f46456fd20bec3c2ef4a7afc50e0b1

SHA256
48ab861f9d28bb5c99366a17103eaba999225a3e145c26dcc423fad6b152cf16

SHA512
502c3fa87b357d4645cbd4385f74f6422408fc37f201e56d0f2f44f7ea115dab57119508253dc664a06e0bb5478fa180adce6d2719a846dd9748738dc05ddeab

Download Submit
C:\Program Files\Java\jre8\bin\java.dll

Filesize
152KB

MD5
743f61eeddc1f1c764ccf9e6a82ad4df

SHA1
5527b79632f46456fd20bec3c2ef4a7afc50e0b1

SHA256
48ab861f9d28bb5c99366a17103eaba999225a3e145c26dcc423fad6b152cf16

SHA512
502c3fa87b357d4645cbd4385f74f6422408fc37f201e56d0f2f44f7ea115dab57119508253dc664a06e0bb5478fa180adce6d2719a846dd9748738dc05ddeab

Download Submit
C:\Program Files\Java\jre8\bin\javaw.exe

Filesize
186KB

MD5
fb2ac6f33e7a05fce4852ca7fae067c6

SHA1
1fc2cf2645fb1affb62455ef38b14d1e0e0588bc

SHA256
41b620779e83281ac96feda56caeea9a4a4e45c7b02ff3be5a7bf3c1fd65170a

SHA512
cdcfa2d82105eb798cdea74d50fde5dfde982aa9789d3b445fddf634985e6554b21c1ef61b94e8fcf7181c1ef64e5d96cff0d781e4004ece3c93a74224201114

Download Submit
C:\Program Files\Java\jre8\bin\javaw.exe

Filesize
186KB

MD5
fb2ac6f33e7a05fce4852ca7fae067c6

SHA1
1fc2cf2645fb1affb62455ef38b14d1e0e0588bc

SHA256
41b620779e83281ac96feda56caeea9a4a4e45c7b02ff3be5a7bf3c1fd65170a

SHA512
cdcfa2d82105eb798cdea74d50fde5dfde982aa9789d3b445fddf634985e6554b21c1ef61b94e8fcf7181c1ef64e5d96cff0d781e4004ece3c93a74224201114

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre8\bin\server\classes.jsa

Filesize
16.8MB

MD5
41f91f21606515bd01faceb4f597f843

SHA1
d0823738e1b84ca186e740ae799508beecee1836

SHA256
90a1d6aa01860846537f1cce0a4d7eaf986362212f35a73a5182be83edd9c6c6

SHA512
38eb611ce62c747fb0456a6ca27429c9ed2bea943c307a25d897298e93bae6c856d71ad7bd0dd87d718b6395eafdc63d8c7d0dc7e90d4b9f6129856ce35fa7dc

Download Submit
C:\Program Files\Java\jre8\bin\server\jvm.dll

Filesize
8.0MB

MD5
ebddcdd2ccab101d2e826cfb76ce16a1

SHA1
fc567b89aab525ececd2bd96af4d91549eb351fb

SHA256
95893ddaf0e150a5bbf24a245911389b0ea37acea805a67841f0772d87bce48b

SHA512
113df95b7bd7861b0c4897365aec8c99bafe498f44bf891d59c6df1e4603f2088ee8187f55f7707e2e27043c44ac2915d7e7d99aa27e3291ab89f005ea628dac

Download Submit
C:\Program Files\Java\jre8\bin\server\jvm.dll

Filesize
8.0MB

MD5
ebddcdd2ccab101d2e826cfb76ce16a1

SHA1
fc567b89aab525ececd2bd96af4d91549eb351fb

SHA256
95893ddaf0e150a5bbf24a245911389b0ea37acea805a67841f0772d87bce48b

SHA512
113df95b7bd7861b0c4897365aec8c99bafe498f44bf891d59c6df1e4603f2088ee8187f55f7707e2e27043c44ac2915d7e7d99aa27e3291ab89f005ea628dac

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\unpack200.exe

Filesize
191KB

MD5
adb3173f81c7b2dd7ceccd33f434e6de

SHA1
a684a0a30cfa4062ac083e6e7809cfb0fa55f9b3

SHA256
bcffa266ac0b661fdd22fccb76837144622d7c2c0fa0affcc9b6fe66f5b8065b

SHA512
62b4e5181a7149acfc8f1cf2b304cef449b641428909add99d5f3ea29e66249a538d6f7dfe4573a0e7bd69e5e199f999ae726b29e807c91bc1343bceb2e2abe1

Download Submit
C:\Program Files\Java\jre8\bin\verify.dll

Filesize
48KB

MD5
2dd1fa328601893619381b9eb813478c

SHA1
94fc2e387c76271eb1c8151b38236eed8952f523

SHA256
afac7452d147de240d6898a3469fcc2178c460b28b4ab752cc1560827c965ea0

SHA512
3af0a418a8d3ebedfe1bf73c050ed17673ecbe25b2a026e22cde70873d2f85a9be9177538d0b82a3a595d64434131aabda6865f98889af8e374363cc0bb22bb5

Download Submit
C:\Program Files\Java\jre8\bin\verify.dll

Filesize
48KB

MD5
2dd1fa328601893619381b9eb813478c

SHA1
94fc2e387c76271eb1c8151b38236eed8952f523

SHA256
afac7452d147de240d6898a3469fcc2178c460b28b4ab752cc1560827c965ea0

SHA512
3af0a418a8d3ebedfe1bf73c050ed17673ecbe25b2a026e22cde70873d2f85a9be9177538d0b82a3a595d64434131aabda6865f98889af8e374363cc0bb22bb5

Download Submit
C:\Program Files\Java\jre8\bin\zip.dll

Filesize
75KB

MD5
3e3d200ee4a74c60066cd04400426033

SHA1
b5761127ca65cebbb35cd03130dab0ecdd9be99b

SHA256
9cb3e66b37fc816ded4fbfbf4eaaff62ca458236a955e4be0e9c5a7b475ce48b

SHA512
f3d0461c8135aa60fa7917f00a5c8c0ce8ad524063730cfe7594cff1a3e0a13fd5f32b27daedc940e4436a7c871f524920ef9975e99cc0cac4d1e94c97ccb4b7

Download Submit
C:\Program Files\Java\jre8\bin\zip.dll

Filesize
75KB

MD5
3e3d200ee4a74c60066cd04400426033

SHA1
b5761127ca65cebbb35cd03130dab0ecdd9be99b

SHA256
9cb3e66b37fc816ded4fbfbf4eaaff62ca458236a955e4be0e9c5a7b475ce48b

SHA512
f3d0461c8135aa60fa7917f00a5c8c0ce8ad524063730cfe7594cff1a3e0a13fd5f32b27daedc940e4436a7c871f524920ef9975e99cc0cac4d1e94c97ccb4b7

Download Submit
C:\Program Files\Java\jre8\core.zip

Filesize
78.6MB

MD5
3a254cd51bc63b71c50c1ea6cc849340

SHA1
9d900db20bdfd9875d2316b0545cffc0e73fa708

SHA256
a22f47364784b21e95e695274aee66cad95f416544ef978aa0e6ff66871f220d

SHA512
2930e831825eea02eaf10da10501ee134ca34b7a0fc03f688d2a3098ff522cb5c316eb3db1a27d7fab39c103e53b0bf9b04d6202123159cba6675922527502df

Download Submit
C:\Program Files\Java\jre8\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Program Files\Java\jre8\lib\charsets.jar

Filesize
2.9MB

MD5
58c3c6a64c3b97452614adc19c217e85

SHA1
9dbee15da274d181ee6da41f6cd5033f4996225d

SHA256
1592a7cdfb5a35556f2f046fb7f6b0661cf03a8a6bb78cb145d0588528be2382

SHA512
cf034b44bbbc5397221e8a054fea992a261f7eb7faf9a873833ddeb4e778e0370883587c6e18f01907f501638e83456871dca51a79cba572015e59e28fce7af6

Download Submit
C:\Program Files\Java\jre8\lib\charsets.pack

Filesize
1.0MB

MD5
569822d5e7197dc22a94792d8514beb8

SHA1
de03f0a3d8ac8bcf145786c108849caac96b7eea

SHA256
6776276e52122755e2023eedf47e929abaf3e5d75e39ed247eb0524698a6276b

SHA512
0f04503f8302d41d9fa913fac8dd5b53b06646da2ff33b3209467e76084b80872b46a0b81d001fff63017bc73be15e1b56b30fe1267b07f4fb53d08a2f22bd45

Download Submit
C:\Program Files\Java\jre8\lib\classlist

Filesize
78KB

MD5
51531cbbe256939e7ab12fcc256fbf3a

SHA1
5754126190f818b7d39d5b725a1878fb33233d26

SHA256
406b68d923e9ce01f19194bca03eaaf9fc0efce6590713b6d066485cd94d1339

SHA512
dae90c8f429bfc7782bed9116b6a3b30110ce2b2da865f63fefdbd6be965284c7d90ff8ebf869481e01246d35264110a3d8690b397cb1a109faf61d2f937bcc2

Download Submit
C:\Program Files\Java\jre8\lib\deploy.jar

Filesize
4.4MB

MD5
81070fbfe290ae2866eb408bd61f7d76

SHA1
ee140c59b3fcd01326d118b5a89161d8d1b0291e

SHA256
710d1c491b9e102277d780763fde102fc7cf69e821373fb493ea479f4e1d13fb

SHA512
2a074c9fdc1fcb5058e118884f6202837a8c403877f05409e3a05c1d5b0563a3b4039c0f1df73aa44d3266a47078e0e05337922f36a6ff8154f46de17a8a965e

Download Submit
C:\Program Files\Java\jre8\lib\deploy.pack

Filesize
1.7MB

MD5
4f973f88716a54ccfe1c5afbcf8be46a

SHA1
3ad3fd32782d47834e714c49615e05391578bbb0

SHA256
c0d20d3ba0793a88af2adf98aaf89cb2773b19fb7fbf08952d0e9b1bb31b2ea1

SHA512
b2c84e3bd7458674bd892004681b86188c35bc6a828eaf37f1037bf1853bfd03da1a7cace145895778741997ae6b3e4234990e78f3635d6f21edbb36e79a94a7

Download Submit
C:\Program Files\Java\jre8\lib\ext\jfxrt.pack

Filesize
4.3MB

MD5
8d1e8c4867fbaf3a9a4be828414735ea

SHA1
85ac8d7101a92ff9faf0cd0f87df89ad32d3b993

SHA256
27f90fc983d2eaa50fc58801b52f80443138f86187355434b8ff1e200cc287c4

SHA512
9a4be3506741eeb77704eb945863427a2c7717765cef58ae4ef40540ae0f84d1eedc1b5d5eecd98fe90c0f1f76c1d14927f4717cfd24b536dc014928ebe014b0

Download Submit
C:\Program Files\Java\jre8\lib\ext\localedata.pack

Filesize
1.3MB

MD5
02cca068462e94417d546d23d7c88e63

SHA1
2fbf9e9a29ff8e28f93c21178e99a5be39169d54

SHA256
f8f10f47ce75f2fc7cad0ebfb7e289a939f347766f5812eaf7d6e0fa46874e6b

SHA512
5b733d515eb981c82e1547a988fc0d215d871cd963164643389e2819ba51dfbb26600ddcea2b23dba7d5eb2d28af255e1bccc86794f3c49a9260c69741d66c41

Download Submit
C:\Program Files\Java\jre8\lib\images\cursors\invalid32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Program Files\Java\jre8\lib\javaws.pack

Filesize
201KB

MD5
947ff738a948042443ba86678c164aac

SHA1
f0cecd16136873733059d6ed7a7900920b602dca

SHA256
4102b8b36164bea913b136accb186306323774a3074d843e6bf6b9ccc937d5c9

SHA512
b4b670da7bb0709d9365e411e48601b94c8e95c01a878db6bb4cca1fecdc6589e6de9acd82f4c73785f2359c0273ee64b3259412b8abaf6ca88c50791418df34

Download Submit
C:\Program Files\Java\jre8\lib\jsse.jar

Filesize
543KB

MD5
07d819022398b47ddc7df82134caf6ed

SHA1
f24aaa6529dcd656e5d54282825e836bfdb27983

SHA256
7c100eed900dca4d154bd2cea7f91cb07a88d22696033a19a3cc3a2bd4a74d6b

SHA512
1a367ea682b04dcfc53deeebadd419f59b3bc80fd8ae163e5d3b789240525968f71223b64b4bb33b9ce8902cd0b86dd4df28c476bee1a4f9bf3405ec4ad0cd72

Download Submit
C:\Program Files\Java\jre8\lib\jsse.pack

Filesize
147KB

MD5
ccb446ca224d52c8f977cdd8b66ea60e

SHA1
a3f72a99c9ab5cb7e43259bfc4514c2f5432bf3d

SHA256
895a7c9d012100b69ba8569b433eef9c547d35fff7362742ff121fca0996784c

SHA512
4fee0b416777ed8cd9b8b18f5dcd184509abc878bb30f654a9ffe6aa50058ec1842186d531b0e7be2185b0f4bbb44157a7e9d2494ff4a4d7cf1705b9adac8ca2

Download Submit
C:\Program Files\Java\jre8\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files\Java\jre8\lib\plugin.jar

Filesize
1.8MB

MD5
9ce5844b82010b1db6ed6fb424ebe2d5

SHA1
a9cd6e7a82f85ffdad7cc0d821a9e64bcbbb1cef

SHA256
fb660bbccc1f9fce640408d10e728feb2688bbf6ab36df4422be2e83e7f536ec

SHA512
fffcdae9ff2471fdb52929778e8bffb7e5186bbe1b32a0f278142f54f4e844179b50761b804903d8712d08ade8522e9341a48ca08a21195ac0833a18e3c924b1

Download Submit
C:\Program Files\Java\jre8\lib\plugin.pack

Filesize
487KB

MD5
0501e211e1b3fb0446f203afd1b8beca

SHA1
f3d7679df8d6126b68c2518ca6edee8f9beefbb1

SHA256
f91ba83909919fdeeb31151ec5bb87f6a808ce869b0df65f9ec989a541679352

SHA512
5de982fd98317d2cf458528669368f1a8d31002eb532373624ec822881f9a619864e67196eb981b71deecb2bc7888ceefa62687b152369aa4a370c54edf97118

Download Submit
C:\Program Files\Java\jre8\lib\rt.jar

Filesize
51.4MB

MD5
0290daec627aed465f485318eac0070b

SHA1
cb4379be1c58eb98c516ba42e4d249f6c943c99a

SHA256
8f26dff9ef4b8558f7eb72ac4a636d77e9780e50fa620d4d14d42a75d55f19f1

SHA512
f19e2826fc13e03e362d20566e44ed2cd1d52d506bfb534c4d550939b45b451ff10a0c489ac1ab4edd598f08aa7f9c70c10f3980dbbb37e159174908beadd803

Download Submit
C:\Program Files\Java\jre8\lib\rt.pack

Filesize
13.0MB

MD5
baba8deda0d628ab29a9c142142d2377

SHA1
9c56d9b17cb35c256153ea34320c3cd434b83341

SHA256
4d5941dc1668b645cf2f63b2d58091bace6e425f85bb939f59e4c88806516bbd

SHA512
dc1dd9033a1d5b897952d78fc1a69ee3134451181b460fa32412214b4e08cb85ce0f74b8359bee9b532c46c38df15577c287d2b07b92fb83028e2ca98f2258c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_05_x64\Data1.cab

Filesize
27.9MB

MD5
35a9a6b8c5695889f46672637ec318e5

SHA1
d3b1f3dbb3c09180480db48bc448fc6fb0f20512

SHA256
e3b475ef6e6906a9152b7046e275c321ea7fef0136a294fc4433f55e5c62960f

SHA512
0f1d42a30758699b03bf8da208759df8b5b6e27141b3d01dd46a6cc8f6e684b3ae17b4856dde25d98a019bde77a9b8e4ff04f169b6d240e110886fadce1b6aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_05_x64\jre1.8.0_05.msi

Filesize
1.0MB

MD5
20aa6d113ccf0e8700689297ad56c573

SHA1
15b0b54ecb57d3971402682873cfdb41cde3a5c6

SHA256
cf9629f669cb1440cfd681d6ff2a8de65600bb077a88ea5e0e707ee964f07716

SHA512
2ca3bb7f6b540aa476d91a254e5cdb04d04383a099857d4e9da0ce5673680f147155c91f3b60e1260325b4612a0de810c4f7d5326093ac8ae21955e1389760b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
7KB

MD5
8e977da02416d992fa572c51fed5db34

SHA1
55b132315dc85e2539a4e17bed16e8f0fb2ca32a

SHA256
0198dbbd73bd03098e5bc90808931a897ace2c3da773c9db771f8db853e07904

SHA512
7c8f20f33ecf0f586878935cb09dab3b9a1640ff8d290500a42ec3b1f1983a14c1866f3549d0e5f57a6b93aa873b1c80cc4533dbe2a0df8296f649e9e348f2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
7KB

MD5
1cdd7c6f3fb58f02209c0036927a9ec6

SHA1
0d5220e9324e913a2d060b0376f9b90e317f0862

SHA256
30e4f58ad82ba85959c5e44ec87d21ac5e31c8f0fba46aca9dc9014658696223

SHA512
7b01aa6d13c2f25a2cebe4c99391f02fd3e3849058222db75947ca4d0e60e826004c2c181d1b079c88be000942edb79955ddfbafd21ef40617b5691babfe324d

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
8KB

MD5
2746d732583a3ec748d2fe9cc5715592

SHA1
4ad89ad07891a793fb231fa29b8829cd81e61d0d

SHA256
4642497444cc0bc9386078700a9a7cf3c62220db54030ed5c06134a3dd5fb29a

SHA512
f525721c8f43cde0f41e7832abedf12d551a48a1f0d941389e5633a6c5035197b94a4b6d3db079f27459673b9e8d9ab9659661a9410bf7fc5ec0152eaf393364

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
9KB

MD5
48194d0ae627d14faf8d1a3dbec8c96a

SHA1
4ddeb593f449a5866ef809c61843bb3385dec159

SHA256
377fd2a7cad01e5124289e07f4c460efd55ae305589f39355c84f1a163e1955a

SHA512
6cb06643e1e43a3e71e112b82c99e10fa18d70cb26bdfc9385d6c81a0d22cc7370dca356be41a36a27e49fa9461f52f6d2097d86d062d796c01534e5b01f3f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
9KB

MD5
48194d0ae627d14faf8d1a3dbec8c96a

SHA1
4ddeb593f449a5866ef809c61843bb3385dec159

SHA256
377fd2a7cad01e5124289e07f4c460efd55ae305589f39355c84f1a163e1955a

SHA512
6cb06643e1e43a3e71e112b82c99e10fa18d70cb26bdfc9385d6c81a0d22cc7370dca356be41a36a27e49fa9461f52f6d2097d86d062d796c01534e5b01f3f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
9KB

MD5
75e76895361f371e593f2f443cd6e221

SHA1
9481700c310f5bd4fee1cb50da1031916b0c1715

SHA256
33ad5bb9008f3168be0f3086ddd80beaca55c63a1570274b88bba4dc5213f20b

SHA512
1fea0be61c999a872679c4fa60e5767fdd792a2f5a96232a2ec304bfb419ea43e1549ec3d7be4b411a4c90c145e9a326d43f5fd41f8ef7188b4ae5468f999f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
10KB

MD5
7e2304a985a0e9a2ede8623800a397fa

SHA1
859ad8b50080c16ba881770bcd0f25e796ac96a7

SHA256
7b7f3142cfa9b9c875800c21d9ff18ee4c09df23af4a8b23952a01f1ed51ae5d

SHA512
cfef4be5c9233a33be302e2d89366013454bfd43395da303253c888c84af393173c4528bd1b60faaa588b0e9d9685075378e6b7ca3516fb9eb2611a61f1d22ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
10KB

MD5
a877a1e6f23d52f6dbb948df087dcd9d

SHA1
4cc0b13cc9c10bebba595515b1edca1eb606d3cc

SHA256
169b02556562123341acdd6450d31dcbc52219dc597b81a33c0138ed36199036

SHA512
85f2f5d944d023c3f285130935bbaf84949095e553900fafeb342af884e1d9ddbaa89f3fd327e90b006191c1afc393b6b492142baa128954cabed13bf98b1912

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install.log

Filesize
11KB

MD5
6dec4acc32436f43b3fdeb89a8cd1bb7

SHA1
c859692a277be999fed1f871630c8d6d2d49a192

SHA256
893216ac5a509bae1b67a4f61abe45d46cda88433d81ffb338be6502966a964a

SHA512
d759a05f05c7ae78b5f5006192506303cc8e5435a1c5f3aafb2f4288d9bd4044a70b2c4e16c8613444f4f71923ca550b86181dd3ea1aaa9c152e0c45c943db33

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
272KB

MD5
cac13d38c59b02a3d546661e4c05c65d

SHA1
b08c4037a7468bb8fe46f65cc3035755f6ba2904

SHA256
ce8366635728fc3f621b72ae468922f34fb30f3e609640226126a3961dc83902

SHA512
78dc84e72b85df16c1131dc0afa54286dbc49686ef18f4f8e6db0611d6ad384a9f706e711a928b29ef6305b36e8dd9d2874653154d166bf2ef298f8810047318

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
273KB

MD5
cc14a7743eb4ba6c4ba585040ec795e4

SHA1
182c65d9280a538bfa2b32ffab55964304548895

SHA256
78851f217c7f5ec1925738d3aeda3d5094df4bc77da4cceb40d69f0e6c4714b6

SHA512
f577431b763ce0428ae52c29c85559321e50fbb033965b63702d7527acaa6679ceb439a48db081b9c743e481f80e495190a94587be00550a3ba9700c441e4a51

Download Submit
C:\Windows\Installer\MSI1FAA.tmp

Filesize
326KB

MD5
73083c89812167ed8ea9c1f6f1ccaf3a

SHA1
2fcedfe68ff8531a46ad4c5e77c5167dfc12ab54

SHA256
e052cf1256d626804e7b11dbb42aacfc77e10c05066c63134c64c4dffa2cb830

SHA512
dbddb369b408a60a68eac258434d6b90016db9fa3ac6c7c20aeca34c7268399a7add19888116141d1404e7566c4524583539c8cb48f05a8410f7ce78ca9471e4

Download Submit
C:\Windows\Installer\MSI1FAA.tmp

Filesize
326KB

MD5
73083c89812167ed8ea9c1f6f1ccaf3a

SHA1
2fcedfe68ff8531a46ad4c5e77c5167dfc12ab54

SHA256
e052cf1256d626804e7b11dbb42aacfc77e10c05066c63134c64c4dffa2cb830

SHA512
dbddb369b408a60a68eac258434d6b90016db9fa3ac6c7c20aeca34c7268399a7add19888116141d1404e7566c4524583539c8cb48f05a8410f7ce78ca9471e4

Download Submit
C:\Windows\Installer\MSID49.tmp

Filesize
326KB

MD5
73083c89812167ed8ea9c1f6f1ccaf3a

SHA1
2fcedfe68ff8531a46ad4c5e77c5167dfc12ab54

SHA256
e052cf1256d626804e7b11dbb42aacfc77e10c05066c63134c64c4dffa2cb830

SHA512
dbddb369b408a60a68eac258434d6b90016db9fa3ac6c7c20aeca34c7268399a7add19888116141d1404e7566c4524583539c8cb48f05a8410f7ce78ca9471e4

Download Submit
C:\Windows\Installer\MSID49.tmp

Filesize
326KB

MD5
73083c89812167ed8ea9c1f6f1ccaf3a

SHA1
2fcedfe68ff8531a46ad4c5e77c5167dfc12ab54

SHA256
e052cf1256d626804e7b11dbb42aacfc77e10c05066c63134c64c4dffa2cb830

SHA512
dbddb369b408a60a68eac258434d6b90016db9fa3ac6c7c20aeca34c7268399a7add19888116141d1404e7566c4524583539c8cb48f05a8410f7ce78ca9471e4

Download Submit
C:\Windows\Installer\e5809af.msi

Filesize
1.0MB

MD5
20aa6d113ccf0e8700689297ad56c573

SHA1
15b0b54ecb57d3971402682873cfdb41cde3a5c6

SHA256
cf9629f669cb1440cfd681d6ff2a8de65600bb077a88ea5e0e707ee964f07716

SHA512
2ca3bb7f6b540aa476d91a254e5cdb04d04383a099857d4e9da0ce5673680f147155c91f3b60e1260325b4612a0de810c4f7d5326093ac8ae21955e1389760b0

Download Submit
memory/2760-531-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/2760-528-0x0000000002970000-0x0000000003970000-memory.dmp

Filesize
16.0MB

Download
memory/2760-734-0x0000000002970000-0x0000000003970000-memory.dmp

Filesize
16.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads