Analysis
-
max time kernel
71s -
max time network
70s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 01:13
Static task
static1
Behavioral task
behavioral1
Sample
jre-8u51-windows-x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
jre-8u51-windows-x64.exe
Resource
win10v2004-20240611-en
General
-
Target
jre-8u51-windows-x64.exe
-
Size
41.2MB
-
MD5
b9919195f61824f980f4a088d7447a11
-
SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3
-
SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
-
SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6
-
SSDEEP
786432:lIL77/mXteC+c78UZnibhhr7pYA/NSkv7JrpzUyHTrD0N6U1cNYGOtss:lK7gf3iLrNYrk1rpwyPD0N6vYGOtT
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 19 IoCs
Processes:
installer.exebspatch.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exejp2launcher.exejavaws.exejp2launcher.exejavaw.exejavaw.exejaureg.exepid process 776 installer.exe 1644 bspatch.exe 1036 unpack200.exe 1780 unpack200.exe 1276 unpack200.exe 1396 unpack200.exe 2088 unpack200.exe 2072 unpack200.exe 720 unpack200.exe 2916 unpack200.exe 944 javaw.exe 2356 javaws.exe 1572 javaw.exe 2612 jp2launcher.exe 836 javaws.exe 1780 jp2launcher.exe 1744 javaw.exe 3032 javaw.exe 3044 jaureg.exe -
Loads dropped DLL 64 IoCs
Processes:
msiexec.exebspatch.exeinstaller.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejavaw.exejavaws.exejavaw.exejp2launcher.exejavaws.exejp2launcher.exepid process 2780 msiexec.exe 1644 bspatch.exe 1644 bspatch.exe 1644 bspatch.exe 776 installer.exe 1036 unpack200.exe 1780 unpack200.exe 1276 unpack200.exe 1396 unpack200.exe 2088 unpack200.exe 2072 unpack200.exe 720 unpack200.exe 2916 unpack200.exe 776 installer.exe 776 installer.exe 776 installer.exe 852 852 944 javaw.exe 944 javaw.exe 944 javaw.exe 944 javaw.exe 944 javaw.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 776 installer.exe 852 852 2356 javaws.exe 1572 javaw.exe 1572 javaw.exe 1572 javaw.exe 1572 javaw.exe 1572 javaw.exe 2356 javaws.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 2612 jp2launcher.exe 836 javaws.exe 1780 jp2launcher.exe 1780 jp2launcher.exe 1780 jp2launcher.exe 1780 jp2launcher.exe 1780 jp2launcher.exe -
Processes:
resource yara_rule behavioral1/memory/1644-209-0x0000000000400000-0x0000000000417000-memory.dmp upx C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe upx behavioral1/memory/1644-215-0x0000000000230000-0x0000000000247000-memory.dmp upx behavioral1/memory/1644-219-0x0000000000400000-0x0000000000417000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msiexec.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" msiexec.exe -
Blocklisted process makes network request 5 IoCs
Processes:
msiexec.exeflow pid process 16 2780 msiexec.exe 18 2780 msiexec.exe 20 2780 msiexec.exe 22 2780 msiexec.exe 24 2780 msiexec.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exedescription ioc process File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe -
Installs/modifies Browser Helper Object 2 TTPs 6 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
installer.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" installer.exe -
Drops file in System32 directory 2 IoCs
Processes:
installer.exedescription ioc process File created C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll installer.exe -
Drops file in Program Files directory 64 IoCs
Processes:
installer.exeunpack200.exeunpack200.exemsiexec.exeunpack200.exeunpack200.exejavaw.exedescription ioc process File created C:\Program Files\Java\jre1.8.0_51\bin\jpeg.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jvm.hprof.txt installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar unpack200.exe File created C:\Program Files\Java\jre1.8.0_51\Welcome.html installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\lcms.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\java_crw_demo.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_ja.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\bci.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\prism_es2.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\logging.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_font_t2k.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\tnameserv.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_HK.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\rt.jar unpack200.exe File created C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe msiexec.exe File created C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\dnsns.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyNoDrop32x32.gif installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar unpack200.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar unpack200.exe File created C:\Program Files (x86)\Common Files\Java\Java Update\task64.xml msiexec.exe File created C:\Program Files\Java\jre1.8.0_51\bin\net.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\pack200.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\splashscreen.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_MoveNoDrop32x32.gif installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jabswitch.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.properties.src installer.exe File created C:\Program Files (x86)\Common Files\Java\Java Update\task.xml msiexec.exe File created C:\Program Files\Java\jre1.8.0_51\bin\hprof.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\LICENSE installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_sv.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\jfr\default.jfc installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\server\Xusage.txt installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\javafx_font.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\orbd.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\deploy\ffjcext.zip installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\klist.exe installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\ext\sunec.jar installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\j2pcsc.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\accessibility.properties installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\awt.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\instrument.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\plugin2\msvcr100.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\lib\security\java.security installer.exe File created C:\Program Files\Java\jre1.8.0_51\COPYRIGHT installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll installer.exe File created C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa javaw.exe File created C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe msiexec.exe -
Drops file in Windows directory 16 IoCs
Processes:
msiexec.exedescription ioc process File created C:\Windows\Installer\f76d0db.msi msiexec.exe File created C:\Windows\Installer\f76d0df.ipi msiexec.exe File opened for modification C:\Windows\Installer\f76d0df.ipi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSIDA62.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI1689.tmp msiexec.exe File opened for modification C:\Windows\Installer\f76d0d9.ipi msiexec.exe File created C:\Windows\Installer\f76d0dc.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI252B.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI275E.tmp msiexec.exe File created C:\Windows\Installer\f76d0d6.msi msiexec.exe File created C:\Windows\Installer\f76d0d9.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI284B.tmp msiexec.exe File opened for modification C:\Windows\Installer\f76d0d6.msi msiexec.exe File created C:\Windows\Installer\f76d0e1.msi msiexec.exe File opened for modification C:\Windows\Installer\f76d0dc.msi msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
msiexec.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msiexec.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msiexec.exe -
Processes:
installer.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} installer.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" installer.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
msiexec.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D msiexec.exe -
Modifies registry class 64 IoCs
Processes:
installer.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_15" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_68" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_45" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_11" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}\InprocServer32 installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_56" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_30" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBC} installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0027-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_49" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_13" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}\InprocServer32 installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA}\InprocServer32 installer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_65" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0065-ABCDEFFEDCBB}\InprocServer32 installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB} installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC} installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA} installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}\InprocServer32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_22" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_84" installer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC} installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" installer.exe Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}\INPROCSERVER32 installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_35" installer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}\InprocServer32 installer.exe -
Processes:
jre-8u51-windows-x64.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 jre-8u51-windows-x64.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde jre-8u51-windows-x64.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
jp2launcher.exejp2launcher.exemsiexec.exepid process 2612 jp2launcher.exe 1780 jp2launcher.exe 2780 msiexec.exe 2780 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
jre-8u51-windows-x64.exemsiexec.exedescription pid process Token: SeShutdownPrivilege 1032 jre-8u51-windows-x64.exe Token: SeIncreaseQuotaPrivilege 1032 jre-8u51-windows-x64.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeSecurityPrivilege 2780 msiexec.exe Token: SeCreateTokenPrivilege 1032 jre-8u51-windows-x64.exe Token: SeAssignPrimaryTokenPrivilege 1032 jre-8u51-windows-x64.exe Token: SeLockMemoryPrivilege 1032 jre-8u51-windows-x64.exe Token: SeIncreaseQuotaPrivilege 1032 jre-8u51-windows-x64.exe Token: SeMachineAccountPrivilege 1032 jre-8u51-windows-x64.exe Token: SeTcbPrivilege 1032 jre-8u51-windows-x64.exe Token: SeSecurityPrivilege 1032 jre-8u51-windows-x64.exe Token: SeTakeOwnershipPrivilege 1032 jre-8u51-windows-x64.exe Token: SeLoadDriverPrivilege 1032 jre-8u51-windows-x64.exe Token: SeSystemProfilePrivilege 1032 jre-8u51-windows-x64.exe Token: SeSystemtimePrivilege 1032 jre-8u51-windows-x64.exe Token: SeProfSingleProcessPrivilege 1032 jre-8u51-windows-x64.exe Token: SeIncBasePriorityPrivilege 1032 jre-8u51-windows-x64.exe Token: SeCreatePagefilePrivilege 1032 jre-8u51-windows-x64.exe Token: SeCreatePermanentPrivilege 1032 jre-8u51-windows-x64.exe Token: SeBackupPrivilege 1032 jre-8u51-windows-x64.exe Token: SeRestorePrivilege 1032 jre-8u51-windows-x64.exe Token: SeShutdownPrivilege 1032 jre-8u51-windows-x64.exe Token: SeDebugPrivilege 1032 jre-8u51-windows-x64.exe Token: SeAuditPrivilege 1032 jre-8u51-windows-x64.exe Token: SeSystemEnvironmentPrivilege 1032 jre-8u51-windows-x64.exe Token: SeChangeNotifyPrivilege 1032 jre-8u51-windows-x64.exe Token: SeRemoteShutdownPrivilege 1032 jre-8u51-windows-x64.exe Token: SeUndockPrivilege 1032 jre-8u51-windows-x64.exe Token: SeSyncAgentPrivilege 1032 jre-8u51-windows-x64.exe Token: SeEnableDelegationPrivilege 1032 jre-8u51-windows-x64.exe Token: SeManageVolumePrivilege 1032 jre-8u51-windows-x64.exe Token: SeImpersonatePrivilege 1032 jre-8u51-windows-x64.exe Token: SeCreateGlobalPrivilege 1032 jre-8u51-windows-x64.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe Token: SeRestorePrivilege 2780 msiexec.exe Token: SeTakeOwnershipPrivilege 2780 msiexec.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
jp2launcher.exejp2launcher.exepid process 2612 jp2launcher.exe 1780 jp2launcher.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msiexec.exeinstaller.exejavaws.exejavaws.exeMsiExec.exejre-8u51-windows-x64.exedescription pid process target process PID 2780 wrote to memory of 776 2780 msiexec.exe installer.exe PID 2780 wrote to memory of 776 2780 msiexec.exe installer.exe PID 2780 wrote to memory of 776 2780 msiexec.exe installer.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1644 776 installer.exe bspatch.exe PID 776 wrote to memory of 1036 776 installer.exe unpack200.exe PID 776 wrote to memory of 1036 776 installer.exe unpack200.exe PID 776 wrote to memory of 1036 776 installer.exe unpack200.exe PID 776 wrote to memory of 1780 776 installer.exe unpack200.exe PID 776 wrote to memory of 1780 776 installer.exe unpack200.exe PID 776 wrote to memory of 1780 776 installer.exe unpack200.exe PID 776 wrote to memory of 1276 776 installer.exe unpack200.exe PID 776 wrote to memory of 1276 776 installer.exe unpack200.exe PID 776 wrote to memory of 1276 776 installer.exe unpack200.exe PID 776 wrote to memory of 1396 776 installer.exe unpack200.exe PID 776 wrote to memory of 1396 776 installer.exe unpack200.exe PID 776 wrote to memory of 1396 776 installer.exe unpack200.exe PID 776 wrote to memory of 2088 776 installer.exe unpack200.exe PID 776 wrote to memory of 2088 776 installer.exe unpack200.exe PID 776 wrote to memory of 2088 776 installer.exe unpack200.exe PID 776 wrote to memory of 2072 776 installer.exe unpack200.exe PID 776 wrote to memory of 2072 776 installer.exe unpack200.exe PID 776 wrote to memory of 2072 776 installer.exe unpack200.exe PID 776 wrote to memory of 720 776 installer.exe unpack200.exe PID 776 wrote to memory of 720 776 installer.exe unpack200.exe PID 776 wrote to memory of 720 776 installer.exe unpack200.exe PID 776 wrote to memory of 2916 776 installer.exe unpack200.exe PID 776 wrote to memory of 2916 776 installer.exe unpack200.exe PID 776 wrote to memory of 2916 776 installer.exe unpack200.exe PID 776 wrote to memory of 944 776 installer.exe javaw.exe PID 776 wrote to memory of 944 776 installer.exe javaw.exe PID 776 wrote to memory of 944 776 installer.exe javaw.exe PID 776 wrote to memory of 2356 776 installer.exe javaws.exe PID 776 wrote to memory of 2356 776 installer.exe javaws.exe PID 776 wrote to memory of 2356 776 installer.exe javaws.exe PID 2356 wrote to memory of 1572 2356 javaws.exe javaw.exe PID 2356 wrote to memory of 1572 2356 javaws.exe javaw.exe PID 2356 wrote to memory of 1572 2356 javaws.exe javaw.exe PID 2356 wrote to memory of 2612 2356 javaws.exe jp2launcher.exe PID 2356 wrote to memory of 2612 2356 javaws.exe jp2launcher.exe PID 2356 wrote to memory of 2612 2356 javaws.exe jp2launcher.exe PID 776 wrote to memory of 836 776 installer.exe javaws.exe PID 776 wrote to memory of 836 776 installer.exe javaws.exe PID 776 wrote to memory of 836 776 installer.exe javaws.exe PID 836 wrote to memory of 1780 836 javaws.exe jp2launcher.exe PID 836 wrote to memory of 1780 836 javaws.exe jp2launcher.exe PID 836 wrote to memory of 1780 836 javaws.exe jp2launcher.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2780 wrote to memory of 2052 2780 msiexec.exe MsiExec.exe PID 2052 wrote to memory of 1728 2052 MsiExec.exe cmd.exe PID 2052 wrote to memory of 1728 2052 MsiExec.exe cmd.exe PID 2052 wrote to memory of 1728 2052 MsiExec.exe cmd.exe PID 2052 wrote to memory of 1728 2052 MsiExec.exe cmd.exe PID 1032 wrote to memory of 2812 1032 jre-8u51-windows-x64.exe msiexec.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\jre-8u51-windows-x64.exe"C:\Users\Admin\AppData\Local\Temp\jre-8u51-windows-x64.exe"1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus2⤵
- Executes dropped EXE
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 302⤵
- Executes dropped EXE
-
C:\Windows\system32\msiexec.exe"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn2⤵
-
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b162⤵
- Executes dropped EXE
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Loads dropped DLL
- Adds Run key to start application
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_51\installer.exe"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=02⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe"bspatch.exe" baseimagefam8 newimage diff3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DBAD1BAD17A8A15E24203C71A4562E4A2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"3⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A73F156E9F4D57B74334C054A58151DF2⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\f76d0da.rbsFilesize
788KB
MD509ed6f7c313584a0b80397a9eb07e978
SHA145c65ecac2085b56c0d28718177a4fbde14d895b
SHA25629768d244f7d1bb425b7243b66fa981d8af4e952ca33b7a38fca762fa8db7c42
SHA512345f270d3c9110295e2892887c916e1a03db27247e22ebfc5ed6910e0703461ae078a873740d77d31679948a02c032c204bbd3e6fd0054e1df055c82fc6cc972
-
C:\Config.Msi\f76d0e0.rbsFilesize
8KB
MD55b79ba0e55b0f85fd49fb735a264d006
SHA1f690f8070da0621ae8fcf53f8a3cde1106da0c93
SHA2568d514f6e51d4ed0164d15c980737efe3144a180cd7b123bcff350760602f1171
SHA51260c4307f940bd4315728586ff21a7256d00715c96ae99079a6e12b01ecd54bd0e1c5fe82662ad6a7fbb441cc2a2dbdad53e24ec6fbb439db0338ece32ba38ee6
-
C:\Program Files\Java\jre1.8.0_51\bin\MSVCR100.dllFilesize
809KB
MD5df3ca8d16bded6a54977b30e66864d33
SHA1b7b9349b33230c5b80886f5c1f0a42848661c883
SHA2561d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0
-
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dllFilesize
1.1MB
MD5cb63e262f0850bd8c3e282d6cd5493db
SHA1aca74def7a2cd033f18fc938ceb2feef2de8cb8c
SHA256b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012
SHA5128e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b
-
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exeFilesize
75KB
MD5f49218872d803801934638f44274000d
SHA1871d70960ff7db8c6d11fad68d0a325d7fc540f1
SHA256bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528
SHA51294432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d
-
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exeFilesize
314KB
MD55ed6faed0b5fe8a02bb78c93c422f948
SHA1823ed6c635bd7851ccef43cbe23518267327ae9a
SHA25660f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA5125a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92
-
C:\Program Files\Java\jre1.8.0_51\bin\zip.dllFilesize
75KB
MD5d027f8fd7d74aff3bf8cbddba3aa04e4
SHA1f6b97d03bfc4870f33414ec235160f77581452ec
SHA256d62088f0dc6aff56b2bc71185a88b225d61700bca55fcc721c9e9d5b02459790
SHA512eab8cfc41482bbcdfba5d0e77397b15d65227d98ed764cde0c56cffe75a314ed4aca9d3a12414ab6718e01064d6939a2b75f2c845f91742bd02aae5bcaa05b59
-
C:\Program Files\Java\jre1.8.0_51\lib\amd64\jvm.cfgFilesize
634B
MD5499f2a4e0a25a41c1ff80df2d073e4fd
SHA1e2469cbe07e92d817637be4e889ebb74c3c46253
SHA25680847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA5127828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d
-
C:\Program Files\Java\jre1.8.0_51\lib\charsets.jarFilesize
2.9MB
MD5eadb8bf14fa96d280b7c754df1f6e347
SHA15b8d6ef3c38cf9211dcc25aacfcd872d26ff406f
SHA2562b44da184819640f10a93fa64f1cdde2bbad735017f7c20d504d5379bf126cdc
SHA512274ff96580c1524707554329e9e9c44b807e8592cda48c844f375cc778a04268de785457b79624794acb59ee12bb72182fd6786f3d1a617c0743689dc2c826ee
-
C:\Program Files\Java\jre1.8.0_51\lib\charsets.packFilesize
1.0MB
MD545288142b863dc4761b634f9de75e5e5
SHA19d07fca553e08c47e38dd48a9c7824e376e4ce80
SHA25691517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac
SHA512f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8
-
C:\Program Files\Java\jre1.8.0_51\lib\classlistFilesize
78KB
MD551531cbbe256939e7ab12fcc256fbf3a
SHA15754126190f818b7d39d5b725a1878fb33233d26
SHA256406b68d923e9ce01f19194bca03eaaf9fc0efce6590713b6d066485cd94d1339
SHA512dae90c8f429bfc7782bed9116b6a3b30110ce2b2da865f63fefdbd6be965284c7d90ff8ebf869481e01246d35264110a3d8690b397cb1a109faf61d2f937bcc2
-
C:\Program Files\Java\jre1.8.0_51\lib\deploy.packFilesize
1.8MB
MD55cfc3a1b269312f7a2d2f1d7c0497819
SHA1d048284db9ce7103156f8bbce988b4d9978786b7
SHA25680ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26
SHA5128735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b
-
C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.packFilesize
4.8MB
MD58dfebf0b78c6e3bf5aa5002ca9a6da1a
SHA11edee53b9e0af5d767d0051c2beccc474035024f
SHA2560840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
SHA512f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444
-
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.packFilesize
1.3MB
MD52ad7c3462a7494b29edbe3701ebeab4c
SHA17358ab9b0c4771efdc0d28764b90a46aac55e865
SHA2567cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db
SHA5128b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb
-
C:\Program Files\Java\jre1.8.0_51\lib\javaws.packFilesize
211KB
MD55a83bc9b3e4a7e960fd757f3ad7cd263
SHA1f5f308aec7e93accb5d6714c178b8bf0840fb38d
SHA2560a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5
SHA512b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c
-
C:\Program Files\Java\jre1.8.0_51\lib\jce.jarFilesize
111KB
MD5df21aa9a2da9f94763bdcc80f07c9afd
SHA1bccfe5cfbbf0791e752754b964313f9079f748bf
SHA256c57cf3b05d552d8a573b31a46e97a13201cf1df8f0d5cd4645514ba9a3f1c6a8
SHA512034bbbb0a12eb21a08947e70ab30c15bb938e295f40d414b1a8df57db0a47828f23e7c612dcb936c4ab745f8ee217da571632d29fe115d946851538040d51756
-
C:\Program Files\Java\jre1.8.0_51\lib\jfr.jarFilesize
542KB
MD5efa3ad7225fb79074246e8911e473264
SHA11e19fe8dccf71d430dec20d613ace2b99e380d7a
SHA2561bbcb162afe5db029fa889fde95ac0551f01395bce09fcc749feb26b5a10e6da
SHA512cc1245475c0652b08e53e503b3917262999c2db8a1962bc9b12a4fc87e689a8d51570c6432c3e55c3e7f6c3ed19892afc51868bc815bfc34ab5ad3b10e0a706d
-
C:\Program Files\Java\jre1.8.0_51\lib\jsse.jarFilesize
549KB
MD5411db7604ce2ca0ca1782d04f861e610
SHA1fd88154b1cf75333ed59753f722595a133d2ee4a
SHA256134730589e2c0519b1885df121869725903abcdb05a5e844348d56bdb84efb3a
SHA512a2a9c82b515b2d90172e27cc7558b956112d1ca6678665ee847d63a79826059cac9161e4c3a0005711af6e21400f9850d6879348517bd9242700fa1e19c9fd82
-
C:\Program Files\Java\jre1.8.0_51\lib\jsse.packFilesize
150KB
MD5168f72fd2f288a96ee9c4e845339db02
SHA1e25b521b0ed663e2b050af2b454d571c5145904f
SHA2565552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6
SHA51201cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1
-
C:\Program Files\Java\jre1.8.0_51\lib\meta-indexFilesize
2KB
MD591aa6ea7320140f30379f758d626e59d
SHA13be2febe28723b1033ccdaa110eaf59bbd6d1f96
SHA2564af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4
SHA51203428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb
-
C:\Program Files\Java\jre1.8.0_51\lib\plugin.packFilesize
482KB
MD5538777ddaa33641aa2c17b8f71eed307
SHA1ac7b5fdba952ce65b5a85578f2a81b37daed0948
SHA2569948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135
SHA5127a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b
-
C:\Program Files\Java\jre1.8.0_51\lib\resources.jarFilesize
3.3MB
MD5d00b062395ebbcc4269c4e1fba474d11
SHA1a82654f4b8cb34856e30f10973a85b386b4c8d47
SHA256d4d63c2e0743c901ac579c5bcd7b438a3c02619aec1a148cd335b37bf9600c57
SHA512173271af48b4ddb89b7d11b989ae104b0e58070e96b7d5be447ff5597c3c2db8457f76a1a44680e8315cdedc3d747e3cab21b3e2cae17e61be48549c665fef4a
-
C:\Program Files\Java\jre1.8.0_51\lib\rt.packFilesize
13.1MB
MD5f0177701b36068c9a2bb4924dd409fa5
SHA171e4b32c95e20dd565a6603d3de3819eb4f19d33
SHA25693c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec
SHA5128e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641
-
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exeFilesize
34KB
MD52e7543a4deec9620c101771ca9b45d85
SHA1fa33f3098c511a1192111f0b29a09064a7568029
SHA25632a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA5128a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d
-
C:\ProgramData\Oracle\Java\installcache_x64\diffFilesize
9.1MB
MD5d417682702b140d7131851bae877f046
SHA1aa78da727e8a62c839a9bb6f7a93b48d3a04be70
SHA2563b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8
SHA5129e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d5d40b5c618b280c3dddaee03a5ba4b1
SHA1df6689d3adc415f2679f339e7815020b87c0c7b3
SHA2562e5c82b7d79c0637285a161dee75a392365aad99717f6d4561f4cc588df753c1
SHA512f34bfa26a0dd1e75dabc5e2544a9ea359845bc1d6b6ee9961b99e87bdd177c997dce73ea352c428ca0a78f5472732a9cc7268fb03abd50068d56aab53ab21f31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD5802826622bcd777161301ccfb8c9b246
SHA1168498227bfdcd79e8f758ff0810417294266731
SHA25630b7114dd1db0d0fc0b2a8398e2160b27bceea52d73be592aac0dc52e100d44c
SHA512285f39d1c757ed8db559e1e91423420e975041bfd845d2d3a9de4afe9d04e90cbf422e150c634e33af7914647c59145a14991e53e7fef17f3edc99cc4077d278
-
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiesFilesize
1KB
MD519d04f9020112f72a56abb3a41fb71a9
SHA154c0b5988be95c7ecf3ec0144217583a10a76d86
SHA2562ceb325d30bfacaf623184e189356e2ef98b1b07e36a788531911b2b5c2bb926
SHA5126004fab75107ebb1769a16ece81ead87e16ee6506682ff4960f99d6eb198aa6bf29b74345b22a6e8c4fa30aa639a433f2470e91ac8c4057173571af7de166dc5
-
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiesFilesize
1KB
MD51e2dab143c73a0362704659906ce226a
SHA185b1fdabaa23c49843533e561db3b10e2f7aeebe
SHA25680f065bbc8470ba1c97e2c50c146533850e8f57778d064134e253964fd8bd2f1
SHA5124b5f264c8bc092c5640e66224bed67368b580574540d3024c3d1697a29deb4d9d7f925abdd0d1eb40dde399c097796ddacd1b38cbf1a74990fcacc710e94fe85
-
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msiFilesize
38.7MB
MD51ef598379ff589e452e9fc7f93563740
SHA182ad65425fa627176592ed5e55c0093e685bfeef
SHA256d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23
-
C:\Users\Admin\AppData\Local\Temp\CabD365.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarD669.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
9KB
MD50f9d414e057d78626781254903689a63
SHA1fe917f4828fd47c9ffd779fba20c415c51fa9213
SHA25612cfdc9c11b47ef3cd072c0d24bcd66b40b18125b4b6f3618f3771656bd6f37f
SHA51253198a2df90beaf8ec079fd73386cfdf6880ab97aa9c644cf435310633d74f2d64aceb16fe3381f46b33c0dea4c63b30cfff9f651ce9ad6fdd61013c4cb99003
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
18KB
MD5a9d3cbb5ab37e9bf2d9466b887c16232
SHA1737afaf0a8132dee661c8b9cfc3b05d5be4d65f4
SHA25689bd24a35516e69144c6ec389de5a33e2837ceefd41893ba8eb2597405b320dd
SHA5120d9b6a5e9fb64d2d9bb4352c1ab3c873ae4f4336ffa4b967bf9ea6e99330e808edf20cfc5e0ff21a5d7d2841cb9af8827c5523ddb5ce7c1bbaf2ac94632afe72
-
C:\Windows\Installer\f76d0dc.msiFilesize
660KB
MD54afca17a0a4d54c04b8c3af40fb2a775
SHA196934a0657f09b25640b6ad18f26af6bd928d62f
SHA256b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8
SHA512ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305
-
\Program Files\Java\jre1.8.0_51\bin\java.dllFilesize
154KB
MD531401e170ddd8437635c4c8571a80341
SHA1b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7
SHA2563e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533
SHA512fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9
-
\Program Files\Java\jre1.8.0_51\bin\javaw.exeFilesize
202KB
MD57b23b0aab68e65b93bb6477f05999574
SHA1920752e4c22e1165e6df27f69599483187edfbb3
SHA25632546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a
SHA512e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604
-
\Program Files\Java\jre1.8.0_51\bin\server\jvm.dllFilesize
8.3MB
MD52894ece7b8de355b13978d6b8ec6e68c
SHA1cec5cd8450498ee6f81eae2f10e56726b6125be2
SHA25604d85639dacb86c6efca146051681608727f0376ca5293b9f83b232fc4db6a54
SHA512634e1cedf63d384c072bbd32dbca35982f7b2a7a77ab6d11130f2d45fd164d17ad080206a650854473370e824ec1153c61821c318a2af7954d2031a38d37bfd4
-
\Program Files\Java\jre1.8.0_51\bin\unpack200.exeFilesize
192KB
MD55b071854133d3eb6848a301a2a75c9b2
SHA1ffa1045c55b039760aa2632a227012bb359d764f
SHA256cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf
SHA512f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c
-
\Program Files\Java\jre1.8.0_51\bin\verify.dllFilesize
48KB
MD55f317dc17d83fd8d80df4eee1a6f1024
SHA1256a67812cf7e6f6d41884d290e995e144c41c6e
SHA256238f96dc1effcb719a9efe8472c34aa880e2cff4af94e26b8a48b5c00695d688
SHA5125f0e62e0c314d9aed7d61bb79d77c3389855afbfc3765262ec61ab8c4b1648c1d1b7cd7b23f54319d4139ab2132a2471c115790ec25ac4a03d340abde0fe0e75
-
memory/944-510-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1032-66-0x00000000002E0000-0x00000000002E1000-memory.dmpFilesize
4KB
-
memory/1572-591-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/1644-215-0x0000000000230000-0x0000000000247000-memory.dmpFilesize
92KB
-
memory/1644-213-0x0000000000230000-0x0000000000247000-memory.dmpFilesize
92KB
-
memory/1644-209-0x0000000000400000-0x0000000000417000-memory.dmpFilesize
92KB
-
memory/1644-219-0x0000000000400000-0x0000000000417000-memory.dmpFilesize
92KB
-
memory/1744-738-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/1744-735-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/1780-647-0x0000000000180000-0x000000000018A000-memory.dmpFilesize
40KB
-
memory/1780-684-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/1780-690-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/1780-646-0x0000000000180000-0x000000000018A000-memory.dmpFilesize
40KB
-
memory/2612-595-0x0000000000320000-0x000000000032A000-memory.dmpFilesize
40KB
-
memory/2612-642-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2612-633-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2612-596-0x0000000000320000-0x000000000032A000-memory.dmpFilesize
40KB
-
memory/3032-755-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/3032-757-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB