Analysis Overview
score
8/10
SHA256
8f657e915ef6ab8f9f0ecb653f2b79b19a6e68bb14d997b4b8c6e005c3923453
Threat Level: Likely malicious
The file TLauncher-Installer-1.4.2.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
UPX packed file
Checks computer location settings
Executes dropped EXE
Registers COM server for autorun
Installs/modifies Browser Helper Object
Blocklisted process makes network request
Checks installed software on the system
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies Internet Explorer Phishing Filter
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 17:03
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 17:03
Reported
2024-06-04 17:06
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0046-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0082-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0026-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0039-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\resources.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\README.txt | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\task64.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\dt_shmem.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\glass.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\cmm\PYCC.pf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\Welcome.html | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_es.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\installer.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_fr.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar | C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\gstreamer-lite.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\nio.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\prism_common.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\cursors.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jfxswt.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\dcpr.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\ssvagent.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jabswitch.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\rt.pack | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jvm.hprof.txt | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.password.template | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\LICENSE | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\eula.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\calendars.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\content-types.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\[email protected] | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\java.policy | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.properties.src | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jsoundds.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\zip.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jce.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\java_crw_demo.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\sunec.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\psfontj2d.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\JavaAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\servertool.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_HK.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar | C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI5B8A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7753a2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7753a7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA193.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA27E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7753a5.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77539c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77539c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7753a1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77539f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7753a2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7753a5.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA416.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77539f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI94B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 20a88d48a1b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b4573831d64444e970000df8381fa7e00000000020000000000106600000001000020000000462ffe29b76ebfc64e9f1dec8bd5f1bc29f25d48b01d6834efde44c068654814000000000e8000000002000020000000d540f7a6f7e890837030384d01b6846453fd3e45658b6e9d84442f4f11c4e4f6200000003a54d5e1db70aba0bfd617d8c0698efb2f0cd3b9ce7f5d561c2905dbb10725ab40000000ecdba5399e69b2da501a664e5f912dc9dac8b60bfe11aee65bf0fb270b58875c5e94d87988edf00f777b5cbf213e1bb59486d2bb1e6503729ba05050781b8297 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b4573831d64444e970000df8381fa7e000000000200000000001066000000010000200000001734af072984ab226901a2822ba2bd0f8d4b542c377f3ebb62367d97b65d004a000000000e8000000002000020000000e447fa22fd178be443501a225b78737a41842a9c23713d70ebd0d9b55bad26e090000000d22c416ddee5c5d2316d4b8257caf883a8f709d04a93d39d2864e26f45fee7eeee5176bf70873f668904b61e77360c296c1ed29ff4380050f961399afaf6fbb5e9e8f882e4f92292cfbf0746c6d4a43e149da6cb135595163fd7e96c6d4d3ccec4e2c7c756b64fa82777c2587fce031c93b3b3fc2a371fcc59aadd304687850eb63c28a6068211c8a32e788704a71dd14000000082fe1e501ed3d33db0c1ed131453ec22e8c1a99b723f5c41c749c495688ac6624c888ffe141133ed5eb36edfcad01e61a50e55693342655044b7761178331527 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c10e59a1b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8243AC41-2294-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423682538" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\EditFlags = "65536" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_12" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_16" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_84" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0101-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_101" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_43" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0049-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0070-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0100-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_22" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_43" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_68" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0034-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe" "__IRCT:3" "__IRTSS:23398040" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3420 CREDAT:275457 /prefetch:2
C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Java\jre1.8.0_51\installer.exe
"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C7A4A0BB8985C9B6034899DCADB50F24
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
C:\Windows\system32\msiexec.exe
"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5646B7D9ADE9DC3CA70515A1A3D9A7FC
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b16
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.37.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | java-for-minecraft.com | udp |
| US | 104.21.71.37:80 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:80 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 8.8.8.8:53 | javadl.sun.com | udp |
| GB | 2.22.96.153:443 | javadl.sun.com | tcp |
| GB | 2.22.96.153:443 | javadl.sun.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| GB | 104.120.140.82:443 | sdlc-esd.oracle.com | tcp |
| GB | 104.120.140.82:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 2.22.96.153:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.sun.com | udp |
| BE | 2.17.107.137:80 | rps-svcs.sun.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 2.22.96.153:80 | javadl.oracle.com | tcp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.java.com | udp |
| BE | 88.221.83.241:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.221:443 | sjremetrics.java.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | repo.tlauncher.org | udp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 8.8.8.8:53 | repo.fastrepo.org | udp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | tcp |
Files
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | cd0ba34e6182159d0c7a70c40fa0bf6e |
| SHA1 | a20c20dee4b7ecd1e2c1f6b025e2766b583e2c38 |
| SHA256 | fe88a318681b47a1e9aad79cd8b42fed323555fed23a04633b1bd16921380d86 |
| SHA512 | 2c540e510bd22fd70dc6393599b13aa1cd820b8434692b4fb2cdc60c08f4c03e4a4d0357e75672d4c08573d15ba3d1e62692756c30be00226225b5bec0efd79e |
memory/2060-6-0x0000000003500000-0x00000000038E9000-memory.dmp
memory/2060-16-0x0000000003500000-0x00000000038E9000-memory.dmp
memory/2060-15-0x0000000003500000-0x00000000038E9000-memory.dmp
memory/1068-18-0x0000000000890000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | c333af59fa9f0b12d1cd9f6bba111e3a |
| SHA1 | 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0 |
| SHA256 | fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34 |
| SHA512 | 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
memory/1068-583-0x0000000000880000-0x0000000000883000-memory.dmp
memory/1068-582-0x0000000010000000-0x0000000010051000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | dabd469bae99f6f2ada08cd2dd3139c3 |
| SHA1 | 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b |
| SHA256 | 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606 |
| SHA512 | 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D18.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 2885c4a1dc2bc52ea298b8d9c7e1bfbb |
| SHA1 | 964bff819cbfd38692900403460c67b9d0dae8b0 |
| SHA256 | 4007ca82da52600902ad2e269445e0ae15701187d111ba7f59546c7dfe1fc3dc |
| SHA512 | e0480ece21136a29a727fe99001fae8a9009a4ce92bb1a48644cf20dfc57fe70cb685b6427a6582f85ac2ffee93d85fe91c7cb1bc5b8e2121f3cb38907da2e50 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP
| MD5 | f35117734829b05cfceaa7e39b2b61fb |
| SHA1 | 342ae5f530dce669fedaca053bd15b47e755adc2 |
| SHA256 | 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3 |
| SHA512 | 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP
| MD5 | f5d6a81635291e408332cc01c565068f |
| SHA1 | 72fa5c8111e95cc7c5e97a09d1376f0619be111b |
| SHA256 | 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26 |
| SHA512 | 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP
| MD5 | 3adf5e8387c828f62f12d2dd59349d63 |
| SHA1 | bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a |
| SHA256 | 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0 |
| SHA512 | e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be |
memory/1068-695-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1068-694-0x0000000000890000-0x0000000000C79000-memory.dmp
memory/2060-696-0x0000000003500000-0x00000000038E9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG
| MD5 | b66b94a905366bf25b5163fe5925e0d9 |
| SHA1 | b0e91b1797a1f9455d111e9d8dd5bd4aa72e935a |
| SHA256 | 0ced93717234ba2914c3a3b5c2dae4a7c4c52fd5393415e7c1482e4cb4ccf7f8 |
| SHA512 | 2fc07db7c8791eb2c0eb67eb50b472f61fc180a281159f9a68d3e49391d89545726ef0a481d0efa8267eee64ee6514835a81a09bb537e62889612baa95a5bedb |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | 833512c89f1ab92c80131d415f89f442 |
| SHA1 | dd9953ddcc33278bb97502ffdc6e7462e8005680 |
| SHA256 | 717f80429e16e7c467a8472dfb0404e22fdf2d67ecd94018b6536dc9d995bff6 |
| SHA512 | f23201251ea19b6122f60a788a027bd59aca1233b17b265709a51a2babc1eea1394a4400eadcc6792bb5f9843d73a95660f60f487779cbfc05766f53fa3ef3d1 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG
| MD5 | b3900ec4c610092ddcecd3fe8d14a529 |
| SHA1 | f3c0713b0fa185bc2acd774ea4b6a7a568b20f2a |
| SHA256 | d077af4a50d041a710c2362e29da0dcc4eae5c90cc7aa3f058a2cbed28f1c5a4 |
| SHA512 | 5dbcab9c44fced17af4a1dcd713c81c079689e53a979501e2a0714494f553305d03bf52270b533828a71a9ad2c0c722f87a64a91c3b0e7cc4484774b4b54daf1 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG
| MD5 | cee48467f5141425823298a0726aa52a |
| SHA1 | 8af5b57d4163514bdf1f1548ba612f227539b532 |
| SHA256 | d8aba6d89980c78a3554511653a7147210f544dabc457011a45957be596a7b72 |
| SHA512 | 48c7ec8ba3087e06a38d66d2c3548c37ff02efe508a6303d3361de38c1d27ec8f8b17aa07eccb9e2c7ea10478d548c8049a3a50f13dffb0a006eded034e9fff9 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | b196ede7761b55fd40b2167723f489b8 |
| SHA1 | c6fb9ec2a28bb6cb0c052d05018e9c81205244c9 |
| SHA256 | 987b0a991162db5aa6d7560abd18474818e0639aed080643132c42b701fd1d8d |
| SHA512 | 661f91be3e77679cda55a63ab50636b2b68256e08bb4ed511e646bbf6835f85c3959388632843a1062677b5e405c1d76a09890086feb3d23f52cd72885763497 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG
| MD5 | cecc7c02d44d9c449121a542bb0fb36c |
| SHA1 | 6984cb702147fa42d975f101b286d802c66148f9 |
| SHA256 | a64ddc02113b74aedc3e77837b5045b178e82978e68e9be9d04425eefc6fc690 |
| SHA512 | e4a5bf35cbfe71789cee597df48268679b76093ac3dfa22cdc71015e734f6f68027e5efa489e6d010ec3b67f0eb56508cee949905e6a2d48c438b02d19edcd79 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG14.PNG
| MD5 | b5fb5788225a22d2235f27b5f4f0a275 |
| SHA1 | 0820031da047efec3105b7f52c4254170102700f |
| SHA256 | 58f73ecf94e61492320c1cbaeed3b989fb60131d1441320cab502768c67a58c3 |
| SHA512 | 1cdda78535038b51ef264acfcfc299bfa3521f69ad6d86b4451c0a3e311c882fd442094e99a213304670f0b4c50aada99b3559c4b55422261cc6b37b431955f3 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 7485ba0021020f5e01c5f5d1dc46a259 |
| SHA1 | 374e07adb890b335d4847bd9b9d355fa049e47d0 |
| SHA256 | 66cc78022a6aef9a56a2d19fd9d80a93c7b2dc3fb1b939d765e001085dd04051 |
| SHA512 | db41e162066552222fbab87eebe1e6a821aab52fa770973af85ff6db2fa6e916abd74413b19f52baef2768e6a30a74b0868ab32eb1446778e27c626142762e20 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 2dfb8c4e2228b4a6d77460314348497b |
| SHA1 | c5ab7d21e675ef131400b10a2b3f8fc89cc4afff |
| SHA256 | 4dd2a7fff68d363318c4f7eead34881b3dc393e29743aec768193bd8cfdf164e |
| SHA512 | ac8afe892b6b59aaf85d681e9196e48b6b8b12d5597f59299737a17669167bcc841023e25bade4ab93ff3e4a5e356e52a90fe647ae7b73af031ba94394a514b7 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG16.PNG
| MD5 | faefac14b9ba4ba2f2571fb164539f77 |
| SHA1 | 9dd91143d4a95e52f9c380e3c3ce23c9180eaa15 |
| SHA256 | 6509bb99d5392d840700e08452366518bc5ed578ee36b964adbee69f37048b2d |
| SHA512 | f9851d8f801fc78739ab038375401582a7d8554df0efa05bd397127a0e431520c6715c5ebe65cc012306aa542128484f387473d200f58b0065581403721c9e24 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG
| MD5 | 9d0f62b656198cc2751cab6bf2a36a46 |
| SHA1 | 616dbed062f7ef1be165cb167ea5788867a34923 |
| SHA256 | d1ec7db451e7e25d970fd62b22a7779a3f59eb3978a0081120d069ffbdb14295 |
| SHA512 | 2591c988f685b9140a7fada6320f3ef5763ecce62cc47bf0f9bba6885b1714e136bb552672d9656efd19a08ea891e1686270fe56289598c6093dc8483a5f7636 |
memory/1068-1178-0x0000000000890000-0x0000000000C79000-memory.dmp
memory/1068-1180-0x0000000000890000-0x0000000000C79000-memory.dmp
memory/1068-1181-0x0000000000880000-0x0000000000883000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG18.PNG
| MD5 | e802a83fd63eefd5b70eb246f075639b |
| SHA1 | 5d201c7d3172ceafa318151acf499270f33db060 |
| SHA256 | 50c8dccb06fe1332b471400c9d5d1bfcb47df1833077ada7e54e0018a82deee5 |
| SHA512 | 7febb82664b9b160f5b00d978bb97d2f993a7d40a70696a40ffc472fdea23a636f5faaee6a67fd74c55d7c17b685e38e7f6d14be88f9f260d6520f17af06f09b |
memory/1068-1743-0x0000000000890000-0x0000000000C79000-memory.dmp
memory/3320-1746-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad982e0bf47ccfac26e30c766e976b03 |
| SHA1 | 582f313640e3b8734109ccbc97b0ae9ba08f81cb |
| SHA256 | f14100da2f48eb574bd3cbd947fdf7acd73dca208a6fc199d6334949e076bdbc |
| SHA512 | d598047666a519f14fcbd8653b4ff69abbb08afdaaba71d363e6de7afd9fb73f6b041d5effcb36c9f30e806b1c7eabeebe6280f9bc090f99a69ba847d68f68bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be5f254a0bfdc5ce1afe599d6f88f40b |
| SHA1 | 010c88110d174421e1d5d2ff3bc1d833ce1265ab |
| SHA256 | 7797daa175e26c2867138f8386269c9dd45ba48fe093833c7007b33ea0e5cd94 |
| SHA512 | feeb4185797ac57f0185a9f0e8de288c7b7790040307197af504f437ab63ff6534e077b8c427f4ce185d0e3eab51a132eb4647fa138be286c542ed9ad6264d69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebe64ba6f9a52a3d9eec3ce0043fd252 |
| SHA1 | 90fd9864eb94a5c825c45e873b11857ebdd9ebd7 |
| SHA256 | 03f3509977999ded7422ad9372d3962bfa3984b11308a377e29cfbb5d587c225 |
| SHA512 | 356c98507c7576d0d106a0cf988d54965a518bdd102bc69f3c634ac3ea147c954383501e67d36a8bee88f6a519dbbda8ac7fa17a08e1a4e249713bc00dc29478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb7e52453966b6a9050fc66820bfde8d |
| SHA1 | 8c2442b4e4652e24a601d45c92ee225a93747d00 |
| SHA256 | 184ae80dc8cbe9e49d05cc44c8d24739d65dfcae8add4576b0efc63e8530412e |
| SHA512 | 39bf61d704251407860004b6bc5973d2073924ea60c69a76033c40f40c7d27b12f538d78ac938ee2fc439b37f907f47176acb3a0df2f5e978dacbccafd7af92b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a40f41c8b3b2df9e5f2517b582b4122 |
| SHA1 | bb6eadbb8f86c3aea98235c02edc9971b4893df8 |
| SHA256 | e985661aa58b35128b1647cb39be5e5833adc03eabe5817774fdb3cd87e18775 |
| SHA512 | 1bac008312ad0bea594bb5be319e9838926ab48f5f8fdd6fd9dd669e0c3761881f7f670c9f7da75f8503061bee769bdfe48d9e1f3f0e862dece6dabb758c9ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d83366bf13852880da17394ab070835 |
| SHA1 | 227409306398a2900a049b51e9be0b5e7ee95aad |
| SHA256 | 722c606de39c8a90e74e0e84894574e6638ed23bdb41dd9e7413c24611e0d991 |
| SHA512 | 57aa10b22f83dfef6776ce87d768174a9556d9024b57b27cef97e0622c7f19c2d56b1411a39d17f8671709471faab222c16d5efd8c3b198955578463e53dd172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63cc0a0378ec70c61a1ba87020630793 |
| SHA1 | ae59e268e729c26329b51ff35d86e4be3911bd1d |
| SHA256 | c01e066bacff5c5136393385576137945d79138444c25af33619f4699895314e |
| SHA512 | 401f9e0707ccb7e53db95f34dd941e0bf58835526a74fd30482abef605cb62651a7bef7de2288529b8a5207610e8bb4b570a530950e62f1899d9c411ed2e7f69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65c7f97094e2fe5c62c2db4d4dd900bd |
| SHA1 | 18405eb9f845002dbe81e144b6f34edb68dd10d8 |
| SHA256 | 23c3a5d0be0a4af3474f57adf2e0cf6dc90f962bc46ab4c58f3490bedf3fa8cc |
| SHA512 | a3875b0d9af8c12bfcbcb575bb32c2b07d2008ffbace763696dedcd3ae0d554ada91679f95465b1f732e5540d6ba7e300163924a3367c112aa0d752b5e3f5595 |
C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe.otkdk6s.partial
| MD5 | b9919195f61824f980f4a088d7447a11 |
| SHA1 | 447fd1f59219282ec5d2f7a179ac12cc072171c3 |
| SHA256 | 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01 |
| SHA512 | d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | cbfb88f0c9bbec745e04328f72570200 |
| SHA1 | 724a7cdfd256e8a71eab196639a299292f230d0c |
| SHA256 | 52817992402db168121b87af93f97c6245482a013d2dd89adce99dc3f15a070a |
| SHA512 | 4dc1a3d47bcca206e0c39ae4def623bcc79a7f0f0f5203832d4cf93eea19d3f88f8305a6c52e7dd33c4e8f88392d5af37b192b98599ab8d90a2649d5514d4a7a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6QKC4DUB.txt
| MD5 | efebaadc450b087c8dcc498658e5a77c |
| SHA1 | 9de0e389045e7bbc82b1711d3ad16317d8b0b2e7 |
| SHA256 | 23e17d425fdcf4c61371a64e48becf72de1a4377b95b23532b1f4a95c620763a |
| SHA512 | ae6ee6a893dd983414a4d8ec705f9e167bd953ee8413f5e8889b31162c55d76f10bcc8d42216243a65eb6475b827ed6ff0531a628bae9e4c43896949f01ed170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cc0d7e996147206be9fcc73b52922b6 |
| SHA1 | 450eb1f24db62a67dd77c1b2cd34c2dbe52589fa |
| SHA256 | e010a64a3fee76443e077ba1f30007ee8d5a510021c1144eaa73cda69969a9ff |
| SHA512 | 1e124b975a3361329e24053847e0dde179ceb05237390b0a2d7c794cca03ef821393adcc49b3cfb6a24e0a718cab37fd6001592340eb9cbe7e3d7ad8db9ef392 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 1da43e1d7182d5259d74de50a4a5d91c |
| SHA1 | 3ecd4b041577fc897e30128152735cab7abe3f7f |
| SHA256 | ba902c05487469f569971430ea61be3f5c022c6f32b105355a685f93acd12b2f |
| SHA512 | 3e4c5b22b14b070a0fcd41533c1baafc0940a6507f5f36990673db8aebd533b8679a1a469291613787d1456b97413fbe81950e22b7f3226026ad73f66da66067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | c186aa73ad0afb9e15585e35a6411a06 |
| SHA1 | f5ee76e3b61ad4447afdc3c368a494471aea29a4 |
| SHA256 | 93a73d9f6c49e8122583ba3577d9b40331242a9712557f3822b05ae8e92cb6f6 |
| SHA512 | df1b8db0b45250597b93d6b7925da1d2c64b3e4044a3917a24e2124194a2cbc01093ac758cbb5c364206049dfb4994123d1e30144de105dc517b8636800f1884 |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi
| MD5 | 1ef598379ff589e452e9fc7f93563740 |
| SHA1 | 82ad65425fa627176592ed5e55c0093e685bfeef |
| SHA256 | d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2 |
| SHA512 | 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | c81eb1a1d0dc9fa009f277f9da3a8fa7 |
| SHA1 | 16dc96877fbac074ccc1c4abd663f522c137092b |
| SHA256 | debb1b9e608d0fcb102c991345c9bb14a5cb31bfb57bc13b141fc79beed2ceb1 |
| SHA512 | 9ec73de0957c881309dfaaf5d7c590ff18ab0138ea379b3b2767588c270cfdfc9d37ecdd55d00f294b96249db9f96b9db4b67134c01d44c52ebadba116b90b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
| MD5 | 54b12e43a094364c4c649702958e4de7 |
| SHA1 | 66c6a7b57332d3558c92c86699112909ce5e9486 |
| SHA256 | f24ec0515cf9d7e1ce2f838bb5080181f6eb68d3235af6b9de3725ca48ad910e |
| SHA512 | 6dbccdc37a3b2334ae19151a6ee02b425cec923b69037aecc99d4436d57f6aea898a939bc4af982b6301073e4335f6a40dcf250a3b8174ed7cb4c9e6634bf4cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
| MD5 | 951ce8bca104522bf2c9425f3fc4a5d5 |
| SHA1 | 26681f829f82e3c2d8831e9fb2044e3d779468bd |
| SHA256 | 0185e4a7a6c1e91420910f9701b370de09823ecedc81c32bf56772e8f71191a2 |
| SHA512 | 4fe7c3d03a9fae5e1ba4434c3699d637657aaf280b02687300c920ab97f479f55ccc95ba70437167ca956babe12c0503de5980171bab22bfb0416b0fd16b28aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB
| MD5 | cbed24fd2b55aea95367efca5ee889de |
| SHA1 | 946f48b5c344fd57113845cd483fed5fb9fa3e54 |
| SHA256 | 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4 |
| SHA512 | c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
| MD5 | 3b4aeddbe9349bca9267fcd00d5cb9e1 |
| SHA1 | 9fa00d20e2fb7656829f23100d821d1f872b4193 |
| SHA256 | d284cbd2b997809ee82df8a94fa155b850c2f21d8d9480bb8bb90a4eacd987ad |
| SHA512 | 05143ae28563bd7994877f699b4896e8136e83f3c4f986d8e86e853d868166b312c7a31faf99dc0bc255f1333dc7134fb7cb88352d17de03e05c5fd18901b2f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 76f384246988c13caeb077518e4f66f9 |
| SHA1 | d64781e3578c089be02a3be95b3f125e76ca58e8 |
| SHA256 | c5c210fe3515fdb1ebc9bf3ade7848d496c42287b22662c7c34c7a4713700bea |
| SHA512 | 4dab2b34a4488b832508820ea892d4f74a34bca2d2e2cd322d8c32bee4e2dbcdf73f925ec12d9464a86fbc9f1df4c4776bc1cff5e7511bcbdfd8ee3f55941134 |
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
memory/2620-2456-0x0000000000400000-0x0000000000417000-memory.dmp
memory/2620-2463-0x0000000000230000-0x0000000000247000-memory.dmp
memory/2620-2462-0x0000000000230000-0x0000000000247000-memory.dmp
memory/2620-2461-0x0000000000230000-0x0000000000247000-memory.dmp
C:\ProgramData\Oracle\Java\installcache_x64\diff
| MD5 | d417682702b140d7131851bae877f046 |
| SHA1 | aa78da727e8a62c839a9bb6f7a93b48d3a04be70 |
| SHA256 | 3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8 |
| SHA512 | 9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd |
memory/2620-2467-0x0000000000400000-0x0000000000417000-memory.dmp
\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
| MD5 | 5b071854133d3eb6848a301a2a75c9b2 |
| SHA1 | ffa1045c55b039760aa2632a227012bb359d764f |
| SHA256 | cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf |
| SHA512 | f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c |
C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll
| MD5 | df3ca8d16bded6a54977b30e66864d33 |
| SHA1 | b7b9349b33230c5b80886f5c1f0a42848661c883 |
| SHA256 | 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36 |
| SHA512 | 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0 |
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack
| MD5 | 5a83bc9b3e4a7e960fd757f3ad7cd263 |
| SHA1 | f5f308aec7e93accb5d6714c178b8bf0840fb38d |
| SHA256 | 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5 |
| SHA512 | b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c |
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack
| MD5 | 5cfc3a1b269312f7a2d2f1d7c0497819 |
| SHA1 | d048284db9ce7103156f8bbce988b4d9978786b7 |
| SHA256 | 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26 |
| SHA512 | 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b |
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack
| MD5 | 538777ddaa33641aa2c17b8f71eed307 |
| SHA1 | ac7b5fdba952ce65b5a85578f2a81b37daed0948 |
| SHA256 | 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135 |
| SHA512 | 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b |
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack
| MD5 | f0177701b36068c9a2bb4924dd409fa5 |
| SHA1 | 71e4b32c95e20dd565a6603d3de3819eb4f19d33 |
| SHA256 | 93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec |
| SHA512 | 8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641 |
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack
| MD5 | 45288142b863dc4761b634f9de75e5e5 |
| SHA1 | 9d07fca553e08c47e38dd48a9c7824e376e4ce80 |
| SHA256 | 91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac |
| SHA512 | f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8 |
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack
| MD5 | 168f72fd2f288a96ee9c4e845339db02 |
| SHA1 | e25b521b0ed663e2b050af2b454d571c5145904f |
| SHA256 | 5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6 |
| SHA512 | 01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1 |
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack
| MD5 | 2ad7c3462a7494b29edbe3701ebeab4c |
| SHA1 | 7358ab9b0c4771efdc0d28764b90a46aac55e865 |
| SHA256 | 7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db |
| SHA512 | 8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb |
memory/1036-2731-0x0000000000330000-0x0000000000331000-memory.dmp
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe
| MD5 | f49218872d803801934638f44274000d |
| SHA1 | 871d70960ff7db8c6d11fad68d0a325d7fc540f1 |
| SHA256 | bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528 |
| SHA512 | 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d |
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
| MD5 | 5ed6faed0b5fe8a02bb78c93c422f948 |
| SHA1 | 823ed6c635bd7851ccef43cbe23518267327ae9a |
| SHA256 | 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5 |
| SHA512 | 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92 |
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
| MD5 | cb63e262f0850bd8c3e282d6cd5493db |
| SHA1 | aca74def7a2cd033f18fc938ceb2feef2de8cb8c |
| SHA256 | b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012 |
| SHA512 | 8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b |
memory/3900-2811-0x0000000000230000-0x0000000000231000-memory.dmp
memory/4012-2815-0x0000000000450000-0x000000000045A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 39a1782641d010fdcae6825376bbdeee |
| SHA1 | a35bbadb1aeb806b8b4b24e4b6a2438098ca483a |
| SHA256 | 3de6c2d3d82e3cba9f6f50d81843b2cf909e712e3b82f68e81b703895b3afbb0 |
| SHA512 | 0f9abec75c9dc3f25ab41a2ee06acd297ddaf56c35728a9fba8a9f9e0904bf9dee5e716b9f639fee29bee0531ccedbd63fd3bbf730e8e25144b72571e59e41b6 |
memory/4012-2852-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/4012-2858-0x00000000001C0000-0x00000000001C1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | d4e8efffce50a3501a1a373c32c0739e |
| SHA1 | 825e6c389f8cf8fb0ea30d68ef8f2aa29ffb2f98 |
| SHA256 | 2ac583fa3dc7ca4a18ddb2fc7732aceedb47aef823d77970c5da693cffbf73b3 |
| SHA512 | 0f3c5768d5909d148628d0675f3c7cc44f7021257b677fd6b77fa0b5a994324522f119988fdce3b1742a568d5ba02582b34a007a4f557a371d9665197e2d8b65 |
memory/1700-2898-0x0000000000440000-0x0000000000441000-memory.dmp
memory/1700-2904-0x0000000000440000-0x0000000000441000-memory.dmp
C:\Config.Msi\f7753a0.rbs
| MD5 | e056bd77048f84634c441db1d5754314 |
| SHA1 | cf4dd2cc522a2b506f2390b443fcfa9479985259 |
| SHA256 | b4ff8825ceca0df984adc1e91aaee577193d2fc761f1791ef345b1c86e672db1 |
| SHA512 | 72d06f21e2e0f63e16d31b93ae28f7af89497c4b43c1bcbf255c4df96f4fad8e9b5c4dc93b3b289cc4b9f7afeba4283d989c548d139f5d8400cc7679f6be9473 |
memory/2476-2949-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/2476-2952-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/1280-2969-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1280-2971-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Windows\Installer\f7753a7.msi
| MD5 | 4afca17a0a4d54c04b8c3af40fb2a775 |
| SHA1 | 96934a0657f09b25640b6ad18f26af6bd928d62f |
| SHA256 | b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8 |
| SHA512 | ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305 |
C:\Config.Msi\f7753a6.rbs
| MD5 | c712a4f97b1e7dcb01ef19c81894d4e4 |
| SHA1 | 4eb272c94a3eca4eb15dcab2486f93ca84aea65a |
| SHA256 | 97c97528024b8cbb25fe04d6bcf3b2313fb3876a28165be6da2b8b1a703bf033 |
| SHA512 | 3b40f5445d3c3a0330dc6e0ee33aa3602b8a4ecbb922661d57111202f2ad965d072042c1089b1ef4ef3325cf9e5f1878fe3ad378cc6ef48dbdd2635dcb6375f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6e67f1518e081072c3ef4571e2d71a1 |
| SHA1 | 60c46b5c6ad42330a6d722b5db56e943039759cf |
| SHA256 | 0ac363fd5d1e2b51d97aea0b3bb34110b04e4cca918ba9b89fd3b9e4f26b0a27 |
| SHA512 | 31d14ed7ce8074062539d74510fadf5a1e9a137e7c3fc4a13a0446927dccef26eee873f77df48f4291ed31b306e75966bcec8da519ade21dd934b177357419ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91d67f8125d8f851e7383acab8e53cda |
| SHA1 | 464b24c52ad91d10b99eb0a14fd2700f9b44abf5 |
| SHA256 | 6fa1b1ccc6b4dc2a6a6ae6831010904298581f09c76e8e2f3899f35ab81da5ad |
| SHA512 | 2bf4240ac511af7565ce57f8101a34788350d460a81903a40671bbc76c38c8ce4e6890f042e2e5d47629f01ad530b59b76bb0509daed600d927392f18100a800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6a3f70ca27a3bef4f0b2ff0eff418fb |
| SHA1 | 712e01ccbb1b31d5500e64d13a15d01a37ef59d3 |
| SHA256 | 8c4a9a1f9eff5b255360454064c3103fb6a8a3b659d3e56a0f33bebad54a7eaa |
| SHA512 | 88b4f7fb375bb01d2fdc21bfbb857b95cbe62d3ea29514471739e14ec6ebd05975f2ea3dbd6e1eff2163ae5adb0e8a3bff6545a3e4f4d187cab03e280cd001f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4748d000724559c9e93429b4bdcc1273 |
| SHA1 | dbe14aa925f1df4ea2477a1130142c09dacb7128 |
| SHA256 | 78e4849e790a7cdcfe7b684dc898e5a67ccda976d0b452c6366eb3def6a82a52 |
| SHA512 | 4b4fb9baeaa663ee944812448a1e8f14f58c86528065c855eb01f541b7519a278be14c0b901b65ab832e7f1846862c897bdb9b4b7487276158dea4c76b3614a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e79089c87b79578363a1a162bf24ec82 |
| SHA1 | 1b2516406f61f9b121c2961525fc5e45a9f27f1d |
| SHA256 | c89284e834803f42f5a1d69797e62d45fed118c1f845e33c5147e2c62bfc78c5 |
| SHA512 | e492778d807da18e7d173031debd556b302258d443110bb4386b53ac34e8b28d7ea8ce8c0a75fc5f95a79ae0e4eac3bb4381219dcb2312c026eb703c242ec102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29a396ac3c8b28ccc557cdb33b7052f3 |
| SHA1 | f25700bd36961dc222df34b09b580ec8dd24fc6f |
| SHA256 | 9f18949e35a616527a302080306e1b18045e6470889677e87957999bd76e660e |
| SHA512 | 5bcd37877ca1299e4aa17e85110d2d808032c7a2b2cfa83bd5e9e84db73768cfb7c62dcae82707fb5eb5ba3cd5e8022f442ad53885f4711554acb0f0fd12d601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7f01a9f2ec9e3de59221f628194aef4c |
| SHA1 | b3612d9d6b30fecef9eaf7fd6007990d34063464 |
| SHA256 | 19c6759f19baef9b025abbd97e0b4bbf7df5f65e9ca3dcac7d98046dcaed0e29 |
| SHA512 | 9689682799fd00e9f2f3e77c939b6d1df9ee0daf84ab093bd2b7c2c44ef3d704d51eff1f4f39f6d5673b73d1594ec78b599d26a796e4a1186c9d3b3ac4fd1ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ef93d1a59caebdf1f0f374f713c472f |
| SHA1 | 553238fa43c7d22928e9975d64ddfbfc91e3785c |
| SHA256 | 2e63b2f333102bc85c38a0c0aa33b532aaa2b40e6a58c070dce9adf742db1e37 |
| SHA512 | b2129066c71ec73c990ae8443f7fa80f8df0d26a17fea8dcb49f28af7e2c4b3e691de5eca74f1fa00dfecfe7a601eebdb0ff3777734981ff307c94490d42cb12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7251c53178720c88bb349dd5e4f04427 |
| SHA1 | eb44efc4c017c6962105b9968cff774d62962f44 |
| SHA256 | 52e9101eeb09968e5106d1c6f02642ccb76f9bf232d86fef44d1981ab586c141 |
| SHA512 | db398bb4c36743a7235c5d219fc5e4a8bc99c0f8445cfcb16e26f1b4174c1aa8f8ae2238dd5a10caa97c7849106f33237a871b9a4562a24b49bf7b52071a7278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8bd4afcc47c6709bbaecdaeda4586b2 |
| SHA1 | 78852f71e6b4430b68f259004470a590f3acc6ec |
| SHA256 | c1989e465477464a9ac069b9da32482197958fc93b0f874c8cd757b9fc31547b |
| SHA512 | 8693e139fb9ebc4723b309222b7fb1d9f475ad179130c26cca676fe52349145ef908e3ad9aec8ce01ff6dcd6b74dec9e05a2437889e5aaa3a5fae9272b2b5bc6 |
memory/540-3483-0x0000000000400000-0x0000000000417000-memory.dmp
memory/676-3493-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3529-0x0000000001BA0000-0x0000000001BAA000-memory.dmp
memory/676-3528-0x0000000001BA0000-0x0000000001BAA000-memory.dmp
memory/676-3530-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3573-0x0000000001B60000-0x0000000001B61000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\appConfig.json
| MD5 | a9bd1871a6a69e12bb017e1375b0a659 |
| SHA1 | 0cc4c515fea150c982d02fa73acf73cfa68810e7 |
| SHA256 | f725e50dc4377a28b06589b028cd3cff58845d5ed882b22b17129c4413f8b9b3 |
| SHA512 | 0595d54b19805f57a1b09a492c90c4c9f655d6a501179966b1a282b0aec90b27eeba634ee4a54fb9982f80ae046e6feb2b3e2097f14a0a3e051e80c162a83bd6 |
memory/676-3589-0x0000000001B60000-0x0000000001B61000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\dependencies.json
| MD5 | 24817047786540dd5d8cbfb94132c84d |
| SHA1 | ff45f1ae7748fab985e0580c5746b0327a4b59ac |
| SHA256 | a5584b00241e6aa455dce9c0d584d61f8350a7bc07a4137e9289e23f46878721 |
| SHA512 | 6e048803859517d052d88d8c96c382d481620c1d930e219051264cb2c4d096b5b68d8e8e66ba2244ef7343df99f120600f8763f67bcf060c3132743eca7934ef |
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\resources.json
| MD5 | 8ab0113596cd48af76657e53d5d93e70 |
| SHA1 | 3ab4244668932e0396022372d8f311c62ce1b89b |
| SHA256 | b0a6157bb0f4da765f93d13ca167017144c5eb15955015b0b42f7d7c0b70599d |
| SHA512 | 55fb4d7ed644ae5e47ee376b00323199788baf596b493b4959ec4c88bdb37295ee59e34d3a7d4310fc9e35d776e1ae19fcead53c09d3a440dcfec8dc6736b170 |
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json
| MD5 | e2cbea0a8a22b79e63558273dded5e6c |
| SHA1 | bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61 |
| SHA256 | 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007 |
| SHA512 | a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a |
memory/676-3622-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3628-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3629-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3627-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3648-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3649-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3652-0x0000000001B60000-0x0000000001B61000-memory.dmp
memory/676-3897-0x0000000001BA0000-0x0000000001BAA000-memory.dmp
memory/676-3896-0x0000000001BA0000-0x0000000001BAA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 17:03
Reported
2024-06-04 17:06
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3060 wrote to memory of 3768 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 3060 wrote to memory of 3768 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 3060 wrote to memory of 3768 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe" "__IRCT:3" "__IRTSS:23398040" "__IRSID:S-1-5-21-4018855536-2201274732-320770143-1000"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 8.8.8.8:53 | 243.107.17.2.in-addr.arpa | udp |
| US | 104.20.37.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 13.37.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | cd0ba34e6182159d0c7a70c40fa0bf6e |
| SHA1 | a20c20dee4b7ecd1e2c1f6b025e2766b583e2c38 |
| SHA256 | fe88a318681b47a1e9aad79cd8b42fed323555fed23a04633b1bd16921380d86 |
| SHA512 | 2c540e510bd22fd70dc6393599b13aa1cd820b8434692b4fb2cdc60c08f4c03e4a4d0357e75672d4c08573d15ba3d1e62692756c30be00226225b5bec0efd79e |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | c333af59fa9f0b12d1cd9f6bba111e3a |
| SHA1 | 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0 |
| SHA256 | fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34 |
| SHA512 | 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4 |
memory/3768-12-0x0000000000F90000-0x0000000001379000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
memory/3768-576-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | dabd469bae99f6f2ada08cd2dd3139c3 |
| SHA1 | 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b |
| SHA256 | 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606 |
| SHA512 | 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915 |
memory/3768-583-0x0000000007700000-0x0000000007703000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 2885c4a1dc2bc52ea298b8d9c7e1bfbb |
| SHA1 | 964bff819cbfd38692900403460c67b9d0dae8b0 |
| SHA256 | 4007ca82da52600902ad2e269445e0ae15701187d111ba7f59546c7dfe1fc3dc |
| SHA512 | e0480ece21136a29a727fe99001fae8a9009a4ce92bb1a48644cf20dfc57fe70cb685b6427a6582f85ac2ffee93d85fe91c7cb1bc5b8e2121f3cb38907da2e50 |
memory/3768-599-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3768-598-0x0000000000F90000-0x0000000001379000-memory.dmp
memory/3768-623-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3768-625-0x0000000010000000-0x0000000010051000-memory.dmp