979d6884744fa2e4564965efaaceaa448875ee01d90d8392633df96510fb7319

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher.exe
Size

9.1MB
MD5

d8e44c32ec1df755d88560177779f363
SHA1

445deced30f4be9d5398f3bef7135945e3517f8a
SHA256

979d6884744fa2e4564965efaaceaa448875ee01d90d8392633df96510fb7319
SHA512

b06edddb39c5b70dd424875a902ed50c0a54fef51b5be036bcd639141ff67069c4cccef80c82fce747f84fbc2ee3338b219236a04ec145891e0c8551fc5a047d
SSDEEP

196608:eJhNVPPzMDze1Btp5ahrePa+52Pk6ptJT:eJhN6DzwBv5C

Score

8^/10

adware defense_evasion discovery persistence privilege_escalation stealer upx

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 20 IoCs

pid	Process
2524	jre-8u51-windows-x64.exe
1192	Process not Found
2308	installer.exe
1616	bspatch.exe
1440	unpack200.exe
2240	unpack200.exe
2164	unpack200.exe
1064	unpack200.exe
2132	unpack200.exe
1484	unpack200.exe
2800	unpack200.exe
1652	unpack200.exe
2860	javaw.exe
2952	javaws.exe
2604	javaw.exe
2936	jp2launcher.exe
2236	javaws.exe
1300	jp2launcher.exe
1128	javaw.exe
2228	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
2792	iexplore.exe
1192	Process not Found
1516	msiexec.exe
1616	bspatch.exe
1616	bspatch.exe
1616	bspatch.exe
2308	installer.exe
1440	unpack200.exe
2240	unpack200.exe
2164	unpack200.exe
1064	unpack200.exe
2132	unpack200.exe
1484	unpack200.exe
2800	unpack200.exe
1652	unpack200.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
840	Process not Found
840	Process not Found
2860	javaw.exe
2860	javaw.exe
2860	javaw.exe
2860	javaw.exe
2860	javaw.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
2308	installer.exe
840	Process not Found
840	Process not Found
2952	javaws.exe
2604	javaw.exe
2604	javaw.exe
2604	javaw.exe
2604	javaw.exe
2604	javaw.exe
2952	javaws.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2936	jp2launcher.exe
2236	javaws.exe
1300	jp2launcher.exe
1300	jp2launcher.exe
1300	jp2launcher.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	installer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	installer.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1616-1279-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/files/0x00050000000195fe-1278.dat	upx
behavioral1/memory/1616-1287-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre1.8.0_51\bin\jawt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_de.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\hijrah-config-umalqura.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\jvm.hprof.txt	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jsound.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\verify.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\GRAY.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveNoDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\local_policy.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa	javaw.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javafx_iio.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\servertool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\calendars.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\sunjce_provider.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\meta-index	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.password.template	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\fxplugins.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\management.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\WindowsAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\tzdb.dat	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jaas_nt.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\jpeg.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\[email protected]	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\dnsns.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\net.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\net.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\policytool.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\psfontj2d.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\security\trusted.libraries	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\rt.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\fontmanager.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\java.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\pack200.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\cmm\sRGB.pf	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\logging.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\ktab.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_HK.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\THIRDPARTYLICENSEREADME-JAVAFX.txt	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\glib-lite.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ja.properties	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\ext\zipfs.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar	unpack200.exe
File created	C:\Program Files\Java\jre1.8.0_51\lib\management-agent.jar	installer.exe
File created	C:\Program Files\Java\jre1.8.0_51\bin\instrument.dll	installer.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\f785b0b.msi	msiexec.exe
File created	C:\Windows\Installer\f785b0e.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI626D.tmp	msiexec.exe
File created	C:\Windows\Installer\f785b10.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA8B2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f785b0e.ipi	msiexec.exe
File created	C:\Windows\Installer\f785b0b.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bspatch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 70e177c1dd32db01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 54 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000052d74729e1e2a56623cd1704e299da31cf575e0d91554ae30d02451ca6feb187000000000e80000000020000200000007fe58a8e38145dff95019e3425c02c64de7c2a14db3c9550478ac69d25d1a9619000000092813ff66081439c2764daedb47538b3e159be6c2cf73dee742b76aa5b94b4b9e937cbdc96eafdfcf97ee780b6b45e68ef44b20a0908c5370da531957b205da36185ff4aceb0b9aa05b38cb94296799ac91bbe4b388469b4003f02193a00f70aafb509e2a3131bbad8d28b0ae960b19fae3e3d1af4d098a54270598eaddd8063d20ea64b61a70232b568f4b6b9d0ac0e4000000071263f49f98141741024ccbe275d5228fd59b8ffb8889e4a3fcdc717ae80f10bad0358e60ece2bb88cae3c55675d07907730c7e99192d158cfd51a9e3d13ee22	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4DEA331-9ED0-11EF-8CE5-7A300BFEC721} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7}	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000fceeb112434ac48c52b161969bf1dd848358447acd49d773a5160013380ecd3e000000000e8000000002000020000000daef9d8d52ee269465a03fef0bd6dbc4b7fc29f1b8903acfc0efbd4b60b8d44e2000000031c26f068df587d327367343b54372429fb48c3bc11aefacf268355a26d8893540000000b88dea484ae36693810213207ce6a0184b844f1a2481d212c053727c31bb2cfeac788a5ebbc7da4d076318720efe60af5369edb639db1b0765e85cf1e7a0cc7a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40fc499bdd32db01	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe"	installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437342365"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_23"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_58"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_25"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_58"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_63"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_41"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}\InprocServer32	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0058-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_57"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_05"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}\InprocServer32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer\ = "JavaWebStart.isInstalled.1.8.0.0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}	installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBA}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}	installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\INPROCSERVER32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment"	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}\InprocServer32	installer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2936	jp2launcher.exe
1300	jp2launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeSecurityPrivilege	1516	msiexec.exe
Token: SeCreateTokenPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeAssignPrimaryTokenPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeLockMemoryPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeIncreaseQuotaPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeMachineAccountPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeTcbPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeSecurityPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeTakeOwnershipPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeLoadDriverPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeSystemProfilePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeSystemtimePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeProfSingleProcessPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeIncBasePriorityPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeCreatePagefilePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeCreatePermanentPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeBackupPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeShutdownPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeDebugPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeAuditPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeSystemEnvironmentPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeChangeNotifyPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeRemoteShutdownPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeUndockPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeSyncAgentPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeEnableDelegationPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeManageVolumePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeImpersonatePrivilege	2524	jre-8u51-windows-x64.exe
Token: SeCreateGlobalPrivilege	2524	jre-8u51-windows-x64.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2792	iexplore.exe
2792	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2792	iexplore.exe
2792	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2936	jp2launcher.exe
1300	jp2launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2792	2828	TLauncher.exe	30
PID 2828 wrote to memory of 2792	2828	TLauncher.exe	30
PID 2828 wrote to memory of 2792	2828	TLauncher.exe	30
PID 2828 wrote to memory of 2792	2828	TLauncher.exe	30
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2812	2792	iexplore.exe	31
PID 2792 wrote to memory of 2524	2792	iexplore.exe	34
PID 2792 wrote to memory of 2524	2792	iexplore.exe	34
PID 2792 wrote to memory of 2524	2792	iexplore.exe	34
PID 1516 wrote to memory of 2308	1516	msiexec.exe	37
PID 1516 wrote to memory of 2308	1516	msiexec.exe	37
PID 1516 wrote to memory of 2308	1516	msiexec.exe	37
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1616	2308	installer.exe	38
PID 2308 wrote to memory of 1440	2308	installer.exe	40
PID 2308 wrote to memory of 1440	2308	installer.exe	40
PID 2308 wrote to memory of 1440	2308	installer.exe	40
PID 2308 wrote to memory of 2240	2308	installer.exe	42
PID 2308 wrote to memory of 2240	2308	installer.exe	42
PID 2308 wrote to memory of 2240	2308	installer.exe	42
PID 2308 wrote to memory of 2164	2308	installer.exe	44
PID 2308 wrote to memory of 2164	2308	installer.exe	44
PID 2308 wrote to memory of 2164	2308	installer.exe	44
PID 2308 wrote to memory of 1064	2308	installer.exe	46
PID 2308 wrote to memory of 1064	2308	installer.exe	46
PID 2308 wrote to memory of 1064	2308	installer.exe	46
PID 2308 wrote to memory of 2132	2308	installer.exe	48
PID 2308 wrote to memory of 2132	2308	installer.exe	48
PID 2308 wrote to memory of 2132	2308	installer.exe	48
PID 2308 wrote to memory of 1484	2308	installer.exe	50
PID 2308 wrote to memory of 1484	2308	installer.exe	50
PID 2308 wrote to memory of 1484	2308	installer.exe	50
PID 2308 wrote to memory of 2800	2308	installer.exe	52
PID 2308 wrote to memory of 2800	2308	installer.exe	52
PID 2308 wrote to memory of 2800	2308	installer.exe	52
PID 2308 wrote to memory of 1652	2308	installer.exe	54
PID 2308 wrote to memory of 1652	2308	installer.exe	54
PID 2308 wrote to memory of 1652	2308	installer.exe	54
PID 2308 wrote to memory of 2860	2308	installer.exe	56
PID 2308 wrote to memory of 2860	2308	installer.exe	56
PID 2308 wrote to memory of 2860	2308	installer.exe	56
PID 2308 wrote to memory of 2952	2308	installer.exe	57
PID 2308 wrote to memory of 2952	2308	installer.exe	57
PID 2308 wrote to memory of 2952	2308	installer.exe	57
PID 2952 wrote to memory of 2604	2952	javaws.exe	58
PID 2952 wrote to memory of 2604	2952	javaws.exe	58
PID 2952 wrote to memory of 2604	2952	javaws.exe	58
PID 2952 wrote to memory of 2936	2952	javaws.exe	59
PID 2952 wrote to memory of 2936	2952	javaws.exe	59
PID 2952 wrote to memory of 2936	2952	javaws.exe	59
PID 2308 wrote to memory of 2236	2308	installer.exe	60
PID 2308 wrote to memory of 2236	2308	installer.exe	60
PID 2308 wrote to memory of 2236	2308	installer.exe	60
PID 2236 wrote to memory of 1300	2236	javaws.exe	61

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2812
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\jre-8u51-windows-x64.exe
    "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\jre-8u51-windows-x64.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2524
  - - C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
      -cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
      4⤵
      Executes dropped EXE
      PID:1128
  - - C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
      -cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
      4⤵
      Executes dropped EXE
      PID:2228

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Java\jre1.8.0_51\installer.exe
  "C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
    "bspatch.exe" baseimagefam8 newimage diff
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1616
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1440
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2240
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2164
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1064
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2132
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2800
- - C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1652
- - C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2860
- - C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2604
  - - C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
      "C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2936
- - C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
    "C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
      "C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1300
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A3CFF87127464DC2B234DCD981BB5215
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2208
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f785b0f.rbs

Filesize
788KB

MD5
e020e699251aa2470dfc674dd965e7d4

SHA1
407cc9b846a7db842b45493ddd80543b2098d876

SHA256
e0d3e986179132e130a852ea10ef0eacbd4db26e0f4684eb5791c6cb610dc003

SHA512
0c67388c33b6ab0831355346778e2a65fe50dadd8b5112c5a56dc4fe88f2bd1636e3a4a686b555cd76f66851ffaf200621a9fe3891b2792ea120e65a91f685cd

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll

Filesize
1.1MB

MD5
cb63e262f0850bd8c3e282d6cd5493db

SHA1
aca74def7a2cd033f18fc938ceb2feef2de8cb8c

SHA256
b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012

SHA512
8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe

Filesize
75KB

MD5
f49218872d803801934638f44274000d

SHA1
871d70960ff7db8c6d11fad68d0a325d7fc540f1

SHA256
bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528

SHA512
94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

Download Submit
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

Filesize
314KB

MD5
5ed6faed0b5fe8a02bb78c93c422f948

SHA1
823ed6c635bd7851ccef43cbe23518267327ae9a

SHA256
60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5

SHA512
5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack

Filesize
1.0MB

MD5
45288142b863dc4761b634f9de75e5e5

SHA1
9d07fca553e08c47e38dd48a9c7824e376e4ce80

SHA256
91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac

SHA512
f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack

Filesize
1.8MB

MD5
5cfc3a1b269312f7a2d2f1d7c0497819

SHA1
d048284db9ce7103156f8bbce988b4d9978786b7

SHA256
80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26

SHA512
8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack

Filesize
4.8MB

MD5
8dfebf0b78c6e3bf5aa5002ca9a6da1a

SHA1
1edee53b9e0af5d767d0051c2beccc474035024f

SHA256
0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

SHA512
f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack

Filesize
1.3MB

MD5
2ad7c3462a7494b29edbe3701ebeab4c

SHA1
7358ab9b0c4771efdc0d28764b90a46aac55e865

SHA256
7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db

SHA512
8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack

Filesize
211KB

MD5
5a83bc9b3e4a7e960fd757f3ad7cd263

SHA1
f5f308aec7e93accb5d6714c178b8bf0840fb38d

SHA256
0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5

SHA512
b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack

Filesize
150KB

MD5
168f72fd2f288a96ee9c4e845339db02

SHA1
e25b521b0ed663e2b050af2b454d571c5145904f

SHA256
5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6

SHA512
01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack

Filesize
482KB

MD5
538777ddaa33641aa2c17b8f71eed307

SHA1
ac7b5fdba952ce65b5a85578f2a81b37daed0948

SHA256
9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135

SHA512
7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

Download Submit
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack

Filesize
13.1MB

MD5
f0177701b36068c9a2bb4924dd409fa5

SHA1
71e4b32c95e20dd565a6603d3de3819eb4f19d33

SHA256
93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec

SHA512
8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

Filesize
34KB

MD5
2e7543a4deec9620c101771ca9b45d85

SHA1
fa33f3098c511a1192111f0b29a09064a7568029

SHA256
32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1

SHA512
8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\diff

Filesize
9.1MB

MD5
d417682702b140d7131851bae877f046

SHA1
aa78da727e8a62c839a9bb6f7a93b48d3a04be70

SHA256
3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8

SHA512
9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

Filesize
834B

MD5
543ff9c4bb3fd6f4d35c0a80ba5533fc

SHA1
e318b6209faeffe8cde2dba71f226d2b161729af

SHA256
40c04d540c3d7d80564f34af3a512036bdd8e17b4ca74ba3b7e45d6d93466bcd

SHA512
6257994ac1ec8b99edcf0d666838a9874031a500adac9383d9b4242edc6c6ffec48f230740d443c1088aa911a36de26e7ce3b97313e3d36b00aede5352a8cf5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
a912447c379e429ead4ae21299c29030

SHA1
155f7995daf9cd9a9dfb5a48cbb3eb634837e265

SHA256
2467a6e47054020dda4d37a572cb45d072d039a54d453d5c1ffb83c054308ac9

SHA512
6e114dc5102efcaee8b74a195cab08fffc48596963e5454ecd79851c1971ccbfb057cf8e31d18a8a058881f724d7a3a649f96fa6eacde983fa5a607e2b9c3ebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4

Filesize
92KB

MD5
d76d581dd4952a2140526cce5c18d039

SHA1
951b322d04997fae9bfa5a42944ec4d8d1c5a6a4

SHA256
0b5ac75699271f9e14d7fde47428a515f77ff60f70b5afc72d2a4db2b42b8ec2

SHA512
14ed9f0a12267e35200375f4b6d2b5488af776e8cbf8244c666251da06e767445008e6c20e7e27639d91a9e11851c4122745698a2b23c694e1d34d3111f68bb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8f2288db0c8716bdaf429c2a7cd358e1

SHA1
8c871bc339d7e6f4804b65bee1e3bd8b1391f6c2

SHA256
60acaa60589c19b32cf13ba316eac29067d33d0e77f1192a3d0191ff6be3613e

SHA512
86cd985b3f2943e953795eaa53733907b030358d4294c683757fe78987c0bee53991fc8c0ec9f98219719be4723576ad39b5ae5a5b395b366e9ad28db50be9a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

Filesize
180B

MD5
afd4200046dccfbdeacb368a85048dfb

SHA1
d0969d3a6111328a3e4630fccd8a668b7c32e58f

SHA256
d31cee36fc9dea604bf6bacf4b71e98b7d885a9ca2aee57d39c245fd6ebc2f86

SHA512
3e63bf4b599a459e5abce198ecdb570a7b5aa4c13b6e80d31ac0126eb90b652f07d997e9125e9bc90e2089f4611911275ea3df135df875010a7f3ef5f24f6b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da801b38cfec84c34f827a69656d4570

SHA1
581590fade41e72ace4714b149c49f04a8bc5b15

SHA256
09fb9575b914ae24478d882e88fa05feb69d608060196ec4986b9d1169ddd3d2

SHA512
7ef6780d5e526306f13efc02a6b274756764edfa346f0c1904ccef1a9a16633f32d28e40f8897ff75c54546ceb1994b5fe8d8513230be80278bdfa337a8bd378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd9503546afc116d7ca8cf54018d401b

SHA1
23fdf6919b3014a141af8cdac489625e890a371a

SHA256
3903437f587f3aa645e5a9785b66dcbdc06337d80e3211254d704fbd44d465c5

SHA512
8e80e0709e09ccad04b0f955d4e96fa4eee8917a1cda06ac4dd8b9a37e3d489fc686cdeb5f8210df3e659389e88770b90cc9e6c766eb5615a7f9d320836cd596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82f090820b2e1cceaa1cbc11c79f607a

SHA1
a4e7e493fb91439ac97526db1335deca5f70c5df

SHA256
2af2698b2a76022cb2dcf838ed2a781fab92c2b6a6c54f618e60e8397db8bb00

SHA512
4aee64001476ef4d1dbec3c3d1b5733a270f465b7eb685021218aff0a3362d933c697496bee84e6f2006e466451aa25380fc937994b5f281370556523da449d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
406a5044b21de0e817537b865dbe66f8

SHA1
aaa34a92ba75ac38404f6ec19b3339985528ad39

SHA256
95b6ae57b6a3bcb99263fe073030b8a92970852c52f0afd27855f4e0b1f857d6

SHA512
b35afca797b82391fbf7856f1f0143471ea41828dd576a4ed1f568d76a9ffb2447369495c928c0ec73b6eec0801f8c4fe76550ed2fff5054e4bde3f9d38134f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e5b3af95e82f977347d9cb1066cf0ba

SHA1
7c8e7336f110fdf9094fb4100d727f3a852fafe6

SHA256
619137c956c7c2cf5d077b772f81df097c78c5ea66dcf02bdc398abcae6872ac

SHA512
9ad0041d11ea47adffb9eafb70f29d01db3fa01e4660ff67db537e1a1ff541b873c0e95666afdb24ec31c52fcfa7d1e1527cfda0236194498ab0ea963e1e6b60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4773002f597a36dd8d11075bde94d1

SHA1
1ab296962bac50c6b2f84c8cd47851d8667c5747

SHA256
47081bf00c3e92f86e68ffd2ebb3d385631d01ddcdc4129d3873e03f30a47969

SHA512
c1f020ab0b8b9566679d2668f25cd01e795edd4e8773ba5f42e8a398e0f701380f470d24e0141b12bdc87fb99e1977f2ef9739c601b05b23d893d15f778c457b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11404784a181c7e266d24e025d250bba

SHA1
68f16a323f5d2c45a674420fbf9770aca5e91777

SHA256
97caebabd16e11045edddc30a62fb2d6ff13f477bbbfa5b3aebe5d03b23f3daa

SHA512
87a839c2b5f93857edc8c76fba1088770ff8a134c670cf2b97a0b74ed8d2e69fc9e21ff3af6cffac0a23c68df15878ef224d30a1be041aea5f73fe0b4463f1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a49240c3a0b797100a2a56de3e7d1fae

SHA1
11278f003f967f4fd4d21eb81f2277cb350099d6

SHA256
c7367138c2d38967cfb6eda1de0b25bd044993e615ff0bf41f3b4aed7917be38

SHA512
8204d03fb32ee86def3ba5941f2db3a5210d28e0f97bbac977a1e19512edb3ed62d2a95410dcb3e1ab38322ecd70deec5981bc61d05ff7ce716fffd6b3c0c1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51d478366c9e405ddb97cb8c8c745558

SHA1
52b1a6a953897e7541fb9b62042dc77b810c366b

SHA256
1136306552d580ca7e6678d647d5ad3266811c0f74f20b1dce7aba351e48f3db

SHA512
574c53208c7eaf8f7456b72a5905d4fcf980bd4c15f190c6985fc19f04bba24d560f730a698f8ed1b19be24b51ac107fc73a878dd6d30bf250e7bdc3ececbcfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd9d2fa76950593dafb7019e5c903eda

SHA1
d7c26546d69574eecb8ae883c334681659e65a2d

SHA256
12f39a8ec05d37e7e7f6fc746a9c220c347335e7bf2ec75ddcc5588d6fc1b402

SHA512
b6a0712d71e5655c198d7023759b5a71af8b11a6f531c4ed0c130018beb2a2deefc8cf3506ebb8580f0d2ae7685a4f8ed2f2565151df5995dc7bcf21faf2a9a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
652e2ac2b8d3af03cbdf9aaf4bde7746

SHA1
c7901f0db86b9b57e6ae53dba4594cd4a785a72e

SHA256
865e7e86a765e26e9f2afabc5f2f3d0f3146deb7ea95b2449e0039ad7650a6f1

SHA512
326738a60881292aa4f5726df6efe235823282fa3beb9c5e3fa55c52f9d1015d280a0271dcddb52f40b402555d73cbf529133015ff38dcac47c3cc1cb7a3d1db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac1591689422b49878074c70099a008

SHA1
30438082ec243274a6db844045ff676381e6f3a1

SHA256
8d6330f9a77d00aec78a9234d50697d4809f81e0528d7d29f78f9121e627e777

SHA512
9c78b470edd92af3d1d4cec72a6594afe7be4d3e3f822c878e5041ffedac4d12c3e486889bc809b4ff7df72f8c5dd4aa15b5479cc023ae68d50c0f5cd620e9d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23bcfaa6f2681aa281e0d544515b0d50

SHA1
6912067ebe23db87b39894da005120a3f8ac858c

SHA256
fc52bc27dd981ade31cb3245c15b3918724b7bf15b2c142c33a579ac40a8c84b

SHA512
0348db3ff2e00d9c6634d633e33588c53d833deb6c61801dc891b23b4382e8fd879ef559d1c2e8167da1ded33875ce587952a8b5e4f78bf94446844c528202d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16f1d6d68844c74c66128e6ef2aa1e91

SHA1
e1794ebadc469456656e25ff39e706a654ecee7b

SHA256
9f9aa445f076b1cc1d90feeb7415a4471b0aff3a94a9fa93e26329b039092884

SHA512
bee4eed92a2f5ce5801fa22eacc02ad8bad66c53b8e9cbb019f6f2f3c912eb73b843a12da2f217288e793428159dbbea7b3eb4ee0f88716b5d268b16534167b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a848ff4d2950f9c92363dfa05de912bc

SHA1
68afb6817b6ebc4a2a012d8dfeb5141fe26e1a07

SHA256
d776ed5caa418500921a0b25cf3ab5b48769319b3a34dfb51d1b02e39ab4ad12

SHA512
27cbe46d4caf705d57c573dfb5964bde269f8ad479853dbd1e25d7fad83f8bae2c948f28cd160755c292623171826ce715f7b5830b4a54b51df7c2116e76080d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19027c90621c99769eb5c27532a939c2

SHA1
b64d534d0b8ca8e9d04063d53fbde7321abb6721

SHA256
fdd9722cd5c0008d66e4d17f25bcc7fe206350c967a27021a34cfc2b01c45437

SHA512
d76d46c9ca226e0481469ca9a5279d8773d8e40e8870e39db0b996c15c69e3fe611d698de214d36bc2471979f63738aee004763361a96f136ca6cd01f3fdd7a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e050466ca7c4042bb6ede307d2a92771

SHA1
44a478757b2c9d89b5778f5b68cdaede43f55ef4

SHA256
ade8a018bb0e57b9503e15881d0441bcc6d867ba1fcf7d019592cdf6743576b8

SHA512
01f43d9e8ce6a4fd72383a3abad6544ec1bac7cce13ed5af54d2c9820500452991875dd20cdbfdf298d7a90de234dddcad34569c77d2db146bca2869f8118166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3f6da84f8f4c26c217e37167b929c8c

SHA1
b2792108ae82ef9357feacb13ceac6adcf8192dc

SHA256
ec9019b4490a137f9b3812f4ab7bd22398eda2e3544e14ba8998fc81fd3038dd

SHA512
78dc3fce51fc20f8bb0449e6d04b1c5dad1d6aef7dcdca8d81beb12f51a56c9cac6a92384156986780a960342dc7150697ceff94b6bb8d4f2f751f93e27be906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb73ddc8bc839eebb087295c5cf5f0a

SHA1
1beefd01041010233bfe7390953bf19585905096

SHA256
d85930014e7228858563beae463c623fc775b6cbe94fa676ea90d4cbaba001c3

SHA512
3adab8ee07323b32f70cbbde929949e96d44419ca395b8f64abd25e110099f3949a97cf513b4c86b02b1a2732e01de9801d0858937c00d1f2a34d3a2cfd3a36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
fca59db27eba530373950df6e5924a30

SHA1
cc74746869584617adb05d285ecccd0d297ab5f6

SHA256
ebcd566dd1db8ce53f7b6a029b9db3108cd93697141adae519507c02879ea284

SHA512
a6345c03268daf63e5c2d1150da4905f0f3cdcb79efbd58da52be91433eacfe5bd9496c85796a131c2d8a26a6789ef78d9d929d7c6473641a98cebe6a6adf017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
026b64e892ae4c212814a61a61abfb29

SHA1
f4d7a34a801986f5db9afc75a53d35800a2669d4

SHA256
df8e7ff964c79902bf761780eda3398bf832ba765a8c07b1fe4298ec12991ad1

SHA512
2082012f8718882d98878a31a63be515ded4e150c9101c13d7fbb2488aefebfc1dbcd49bb645d89b63dfaa2e9e2cfca6f3cf1eb7d656601fa58522daf4b2cbbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

Filesize
402B

MD5
1a79a7ed99810ced0ae7f13e4ff1e9fa

SHA1
3da547d785da9d30a0eef75ff2f8aa36ae342081

SHA256
34c7bbdb4f3f63a1319dcb3d9a0c09ef3b9f5b258fff579f7a713b947191ec4f

SHA512
025215f8b6ed832960205757424a5cad27a9fad46b470b8c704748d1839ad0a26602d9d25c73e88ca49e9bbe545701e6cff1339338b5936964a883e7347f5800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4

Filesize
170B

MD5
71bab1a5a4cc4881022b011d99461a21

SHA1
62d3fe04aede8fdeddeb7d6a7bba0ae214c33649

SHA256
a24d097fa4bef1c68daef2fdc7b6fabf675bbcabc005173f3b2476de5e9616d6

SHA512
942f07c94ebaa56ac00f400f4ca3e644737628fd09012aacd180b22cf045c40c0d465ad3330461b1ef8c2b79971727aeb149d2348538b328be9ceda2aa878703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c8b6098f09829c44f790a60b819b265d

SHA1
87a9a230b923e05779e1b49e54275cb225c681a6

SHA256
79706bd666981f70db52602653fe99df4af157d7990500dd1a9c937cccdff67d

SHA512
be6c3e6986d9c49246d0c536caa89754f214a6e5fc0c67268010962cd7e9b2f0a058e4dccf656f2edd29778ce6323efc9f3253ad30c7d4598e102d541f9679dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
483baa038e3b9ee9e4313f1e15b12592

SHA1
b3e6a0250d49fb0d75ecb8594028d131e837c7e8

SHA256
bdf1fefcf8bc50ff507d8a9c0b29733636e621028c5285c681c139c4119da25a

SHA512
2bfa99c5597e82983724d1cf20c5c9847b37d7081dabc01c4111c4c73763f56cc88ecd902ddb4b95cd91d2b62d6029e88acaa1ca25cb9e5cae9835bb51d8b17a

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
1KB

MD5
d75a447954afb375d7e95972c75c30ee

SHA1
b1784c074c5b8b06ad2a411e59303abd7c548b93

SHA256
62071cd8cbd3b4d1b3ca8e4e326eb948cc781610c8618f9db708db006ca4fd6b

SHA512
f6767ff584e9444d34663ae0e07467e971c057d9d2076c96aef93914f05d144f66be1bb331a6ba635fb44ff58adf9785465fa949cf80eed13ea6bc229fcc2a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi

Filesize
38.7MB

MD5
1ef598379ff589e452e9fc7f93563740

SHA1
82ad65425fa627176592ed5e55c0093e685bfeef

SHA256
d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2

SHA512
673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z8d0nzh\imagestore.dat

Filesize
28KB

MD5
2dccec1026e15dbf88e37b1961896a77

SHA1
862fab2e1f8a692679fba535bd77e0d2c2fcca9d

SHA256
912034fdaec87f981747d9bdef90a20e8ef65e42d9402e6c82b5393d3cf68a75

SHA512
8316196b82743a362ae2d6c37eac5ad0eaa05e9378575e061bb446b53a503a8dd2a8d08c6508699c199a8c762a7bc44a1a31065da43845fcb4556ac82647924d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GWW47WY\favicon-196x196[1].png

Filesize
28KB

MD5
a75485f99fd7e589f7a784e87c0eecf7

SHA1
389cc19d374a79ad9779fc0b4165a36b84d55554

SHA256
d38a40b5fe5403a5b6d0a3f6892c99718b31c9a62d3287c1c7292d7ed36ba44a

SHA512
3f594a05e0e6809d47bb1c3d016ae0374b452c0fc6d44f27bc8be447f4dbccdd795e67b5e5356356732708b3ddbf65e1b9479fdddd1ba965618dfa6eed93e11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\jre-8u51-windows-x64.exe.ai1p4jx.partial

Filesize
41.2MB

MD5
b9919195f61824f980f4a088d7447a11

SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3

SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA9AA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA9AB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
7KB

MD5
64aedbe4bb0493b1108ddd6513a213a5

SHA1
3efb490513433a81661e24deeab1ea9212717534

SHA256
400e0ffd3d7ad230b3f1fbde363ad93dab95db188ca4858f45fc463fb13e71ab

SHA512
c2dcc116f50972601fbdbac810ff2c7898ed04a3e237ed15682a7aeb70233217335aeed51fa61d2b958840b5cc911a5d2ad33d1039ed5afa14724d9f58dcdebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
18KB

MD5
aa7386d1a93b4d4f188afc9df6a01a7e

SHA1
ef4c852f477cbaccb3e1aa99b2223f8e81ca2428

SHA256
344397581c9a285b524faf56e8c3df86f7a53172526920aa47b1d8699df0610d

SHA512
6877ed660d718a7c8666c62f9f47ff0909cfb0f7287f8e30ebf4a8627249592c15d45f10999fb5edb50cf004de96bef4ff804029d1cef26a909c8b06c178ef42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XZ3XI4CC.txt

Filesize
488B

MD5
0a8ef2b587056a60a9a72e39d6362db7

SHA1
62bb8601ce94f321b371acf4a3d3fd61b2eb48a6

SHA256
85a2c7caec6a1a513ff583810c6a54540bb3f1f90ca83310a7d9f9fa714bb921

SHA512
bcc17244e244675a7422126ff919d08992d2e810591eae4f7a3a486bb88df9505ada5c29d9ff742c457b015b7411d50c582f0a5a0e07a5a3b00aa1b5f87c434f

Download Submit
\Program Files\Java\jre1.8.0_51\bin\java.dll

Filesize
154KB

MD5
31401e170ddd8437635c4c8571a80341

SHA1
b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

SHA256
3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

SHA512
fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

Download Submit
\Program Files\Java\jre1.8.0_51\bin\javaw.exe

Filesize
202KB

MD5
7b23b0aab68e65b93bb6477f05999574

SHA1
920752e4c22e1165e6df27f69599483187edfbb3

SHA256
32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

SHA512
e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

Download Submit
\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

Filesize
192KB

MD5
5b071854133d3eb6848a301a2a75c9b2

SHA1
ffa1045c55b039760aa2632a227012bb359d764f

SHA256
cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf

SHA512
f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

Download Submit
memory/1128-1784-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1128-1781-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1300-1736-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1300-1730-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1300-1693-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/1616-1287-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1616-1279-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2228-1803-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2228-1801-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2604-1639-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2828-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2860-1559-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2936-1689-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/2936-1688-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2936-1684-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2936-1681-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2936-1653-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2936-1643-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download