Malware Analysis Report

2025-01-02 12:06

Sample ID 221218-x4ehesde52
Target ProxyChecker.exe
SHA256 45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c
Tags
bazarbackdoor adware backdoor persistence stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

45d8f58be85155165282d500c6cb8e135c66791294c85362ff43f541ab9f8d8c

Threat Level: Known bad

The file ProxyChecker.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor adware backdoor persistence stealer upx

BazarBackdoor

Bazar/Team9 Backdoor payload

UPX packed file

Registers COM server for autorun

Blocklisted process makes network request

Executes dropped EXE

Downloads MZ/PE file

Loads dropped DLL

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-18 19:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-18 19:24

Reported

2022-12-18 19:28

Platform

win7-20220812-en

Max time kernel

163s

Max time network

189s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0086-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0153-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0234-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0139-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0080-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0153-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0329-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0224-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0247-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0270-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0292-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0065-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0048-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0133-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0283-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0209-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0215-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0075-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0295-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0081-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0096-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0252-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\bin\jsound.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\tzdb.dat C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jp2native.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\policy\limited\local_policy.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\JAWTAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fontconfig.bfc C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\logging.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\tzmappings C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\freebxml.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\cldrdata.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7243578\java.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-convert-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\thaidict.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jce.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\dom.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\zipfs.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\t2k.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\glib.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\prism_sw.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\zip.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\blacklisted.certs C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\policy\unlimited\US_export_policy.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-memory-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jfxmedia.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-synch-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-sysinfo-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\blacklist C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processenvironment-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\net.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jvm.hprof.txt C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-heap-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\tnameserv.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\relaxngcc.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_es.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\[email protected] C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\cursors.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy.jar C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\decora_sse.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\w2k_lsa_auth.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\wsdetect.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\santuario.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\javaws.jar C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jabswitch.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\public_suffix.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libffi.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_HK.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\splash.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jsse.jar C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-console-l1-2-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-heap-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\ucrtbase.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\xerces.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\psfontj2d.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\dcpr.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\j2pcsc.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\cryptix.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-timezone-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\sunec.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\resource.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\verify.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIA3D4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6d840f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI962A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA144.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6d840f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6d8411.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D7B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6d8413.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Width = "290" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d3382d60451e44eaeec7eb99e15413600000000020000000000106600000001000020000000ccefb5c71db8230e4aa363844e1476b96bbb2641c6be57ba7b013e38afadc836000000000e8000000002000020000000099357d2421f09edc0ce459010a39c85581d3b11983eb42e31c9596add0a5f9f200000007030d66fc54d73e944b4e148aee5ac55456bf5153fd12cd9191857cb27c6ef254000000062aa2f2201d7651c59a3227715cdcfdb4fea124943aaf485ae705c8dcd9489b8b808b9b2ee6dac11a1f66c51e493b69e2ad25bfbb31189dc72ff5df7d90ecffc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b585db1e13d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LinksExplorer\LinksType = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d3382d60451e44eaeec7eb99e1541360000000002000000000010660000000100002000000008a4466dbaa82e5291806f01c6c6f1b336fdff5e40b29fa21cf3d8379ce4db7a000000000e80000000020000200000009165b1f5d3c9cd8f9500226e5e7b5fc740f30bb8bf0b0bc287c707c0d3f2f77c400100007b2da9d3b5dfa07635d392946492b31e9cea7fdfdc3e92195c6c1db7e1d30d70cd8088d596311631f3823496ef4b6a69057e84042c710de4ffbc9f6795114216638fc5995e11cbc0ea9c59a2cdb9cbf83d1ccf22067356e5128a5cbb93bc91458d5c0f322c349ba19dbc6978b9e68e0cef267da31c4c20c257c2caf9a1687934ae7bc2afad71649b8558edd89bb365f54a5f9e2ed5e50d14c4f2a76e810fa385ac78e10fc04df533b39e613f0216d5b25a6fd573d451b23d06af1707fba86be899ef4bac7d63564aef981f70be8e7d57133b4a94a5af80fbb67eadf03dfdd1d6f1b6125a098a07cf55b17d79271bcad740f15d7e86af4c6380a2ce8f58bc753251607c3f4af643780c611611e6af7c661b7d0a0e65ab6a74fc961d06422f5902feacd1d3f3fc64b483182577ddfa25fc29a056dd6bd15432534b4d51ed3d1b3b400000003ef1cad0c970c9a6f88297d175dd3769fe53b8c86364dc2686b41919ab7dfa563905335556faa1deaf4b5e2902e86ff9bdbf959e87c3c3f52d495ee995d01a99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEFD15A1-7F11-11ED-B40B-E20468906380} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LinksExplorer C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0197-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0067-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0062-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0126-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0200-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_200" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0141-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_68" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0142-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0283-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0359-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_167" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0205-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0356-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_356" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0212-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_10" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0112-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0060-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0171-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_165" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_34" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0222-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0262-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0302-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_302" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0322-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_52" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0202-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0244-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_244" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0138-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0052-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_52" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0229-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_229" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_33" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0046-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0126-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0103-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0220-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0217-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0203-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_203" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_75" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0032-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0172-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0151-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0092-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0316-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_183" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0215-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0164-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0113-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_113" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0185-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_11" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0135-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0147-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_147" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_96" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0304-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ = "Java(tm) Plug-In SSV Helper" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0123-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0074-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_74" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0340-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0258-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_03" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2044 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1284 wrote to memory of 1788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1284 wrote to memory of 1788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1284 wrote to memory of 1788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1284 wrote to memory of 1788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1652 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 1936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe

"C:\Users\Admin\AppData\Local\Temp\ProxyChecker.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7144f50,0x7fef7144f60,0x7fef7144f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1052 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1348 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3288 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4628 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1044,18267594294783761156,10805553836766644611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 /prefetch:8

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 229643B6DDAD242056155E85F42E29E3

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x544

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 java.com udp
N/A 96.16.53.205:80 java.com tcp
N/A 96.16.53.205:80 java.com tcp
N/A 8.8.8.8:53 www.java.com udp
N/A 96.16.53.202:80 www.java.com tcp
N/A 96.16.53.202:80 www.java.com tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
N/A 23.2.175.165:443 static.ocecdn.oraclecloud.com tcp
N/A 23.2.175.165:443 static.ocecdn.oraclecloud.com tcp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 104.109.248.155:443 s.go-mpulse.net tcp
N/A 104.109.248.155:443 s.go-mpulse.net tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 96.16.53.202:443 www.java.com tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 8.8.8.8:53 c.oracleinfinity.io udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 23.2.174.96:443 c.oracleinfinity.io tcp
N/A 23.2.174.96:443 c.oracleinfinity.io tcp
N/A 8.8.8.8:53 api.bing.com udp
N/A 2.16.84.148:443 c.go-mpulse.net tcp
N/A 2.16.84.148:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 13.224.132.105:443 consent.trustarc.com tcp
N/A 8.8.8.8:53 dc.oracleinfinity.io udp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 96.16.53.202:443 www.java.com tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 15.236.176.210:443 oracle.112.2o7.net tcp
N/A 15.236.176.210:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 684dd32d.akstat.io udp
N/A 104.109.248.155:443 684dd32d.akstat.io tcp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 172.217.168.237:443 accounts.google.com tcp
N/A 142.250.179.174:443 clients2.google.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.131:443 ssl.gstatic.com tcp
N/A 142.250.179.142:443 apis.google.com tcp
N/A 96.16.53.205:443 www.java.com tcp
N/A 96.16.53.205:443 www.java.com tcp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 23.2.174.96:443 c.oracleinfinity.io tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 23.2.175.165:443 static.ocecdn.oraclecloud.com tcp
N/A 104.109.248.155:443 684dd32d.akstat.io tcp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 23.2.174.96:443 c.oracleinfinity.io tcp
N/A 13.224.132.116:443 consent.trustarc.com tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 104.109.248.155:443 684dd32d.akstat.io tcp
N/A 13.224.132.116:443 consent.trustarc.com tcp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 104.74.228.243:443 tcp
N/A 104.74.228.243:443 tcp
N/A 104.123.44.85:443 sdlc-esd.oracle.com tcp
N/A 104.123.44.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:53 sb-ssl.google.com udp
N/A 142.251.36.14:443 sb-ssl.google.com tcp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 184.29.202.68:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 rps-svcs.oracle.com udp
N/A 184.29.202.68:443 rps-svcs.oracle.com tcp

Files

memory/2044-54-0x0000000075F81000-0x0000000075F83000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

MD5 07ed01b858cd423d9ec51779c57558db
SHA1 e95acedc045915fea70b833df43527c98bf33105
SHA256 6c1a5a1d323d7d77533019ed2f315d90d4bb458cccf77fda963a66d459fdb154
SHA512 a30a239e8a7a850c54e0c7f566b65c051dac4145bcdcbde810c5c79fded0a9644768d58942a43cc359bb76c3f95ed88efaa6e63c78fb9ec511f96a5a6d41c955

\??\pipe\crashpad_1652_RMWSLNVAQSUGCHDM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 b7a6a2604b23d8fbc6afa1e71994fef1
SHA1 a9c659ec5c3546148de6f132ffee8af385743f4a
SHA256 eac50324516eb0342ee1921ff9fbb95ab9a090fa0f7c578d47d90f1d80fc2dec
SHA512 369f5accf2083d7e69941638df6852b46f239ce326b962aee1d002f1a86fd969801afdf58d5870a562039b874fd642e7aa640c0f3880f57844d02f2e60596c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 932e9bebb75940f5e64f8f12d6cc64ec
SHA1 255d867beafcbdccad6acbe58b74033a0cad6575
SHA256 4ab28518e21845e4aaef32e9cc1f7c2cadf5f2cc7bad260b596794918881db45
SHA512 b40e7b21b5bae7e8a103703f9ae3c8e8d2875ab3900cbcb80386f8f292ef5b3be92240cf72edeb297da00543bb78db7984c4b5fdc887c2c8c8e0fb115ba4fab4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_E746E584744B423128B6E8E7B6F11DE4

MD5 3df8e4bc3c31ec7d69aa9d0aa5d4bc5a
SHA1 c106e9dea6a23bd1fe02da0082228869b66323ec
SHA256 a3916439fb472b60c5b1c4d249079199876b8961e1afe39241934d0af3f15712
SHA512 a8a58071cd0577c3d4785a328b34df62866b15304b60b19ebe4855238f6f7cda6ad7b9770d72a19fc0f5e5eb70fab5eb5b40ea8de8505d937cad105c42ca8970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_E746E584744B423128B6E8E7B6F11DE4

MD5 d26d6ecdf8500dc087f43762e9d6a981
SHA1 07c9034edd9cd2303f8072b012f8d402c5fe32dc
SHA256 cb2d8c18e777436f50a2ff07f55589ffb61236a745412fa6edbd15feb29e7879
SHA512 f9efe18f64908a23ffbb858e7e21bd60fe5435791f6918424f435b054333282b0aaf324299343916c2843ac7e9c68152d967e53c95bbf1f4b7437f15cb1381c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

MD5 61f89f6fac289de749c6f5d87cdf1716
SHA1 bbcadce783b92604139f1f2db83e23a2bd5f72ea
SHA256 ee425000da50b0c40cc9ab4fa8377ff4cbfeede633c690275c66a2032a978a00
SHA512 7c6bcbbf4d5ae6626eab78fa8e24c566569de3a825481b9ee0d26b0bebabfdaab9a154a0d2f9c1f22719d32073141e9a4a4820a3ccebeb5def09b0e961b905d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

MD5 d1129e0929ca7de1e2855338b77f6563
SHA1 8ebe6d164783131165043d9fc9398b73343780a4
SHA256 1146474dbd3f44ed9c2ee4591875de5357901d76c550d8f296a9923c411aa27b
SHA512 e08cf64d161f0f89223615425a4eff752a556aeb6d8dc41b17cd21005871d767a66548ae1fed4cebb8fbab4b403b12959a2cddf54a851bcc706c4b53a7dfb99d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 ffac66ae10c695e93ec5e387833f1803
SHA1 2f93d338a14e69e12065a1215d91541955a5cbd8
SHA256 619ea089e5fc605deb01822464b7ad145f0820fe0c06157c751c3604b9140cfb
SHA512 0c44592afa6183acc7e64333125d6314339a7831dbbc5521d34df536d28170318aeab41973fd7f728aa143699a6a6118ec26e3fad9f0da0108ec2717ba106bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 81681f94cbc62f50e47e885ce6fd959f
SHA1 1b4ed463ffed36ee179c7bc5c59549c4e7d73461
SHA256 c8ab65c58126f076a7a1e75fcab6e0106e65b2d8c7c1130531eba2c7e0125d63
SHA512 7afda1170ba49022ab6c749d2ef7312369bdc018195b6fabf0ab4830e2f046920ef278b1a3d51001c6ed83b851743d6037b24dbca7ab0d43027f1fabb19c8aa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53b3ed2e329b2330a3bc0d152513178f
SHA1 f04ac62ed992ad3a1e534cfb09983edb626cf811
SHA256 bc370b610375ae800a4186b3187760b47d327cbe6f3268bc3d86063da61db014
SHA512 e0fdd8f5bbc2e0808ff1244778484cf3986c9fbc5e1cc127f02049ffbfabab0b93812a0038c2c7cd3c24fccff67ca6fe53bc0c42e0f424c1d21b568bd750af67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_E9CFF73A4BE3A1E2CD981E5918F3F1FC

MD5 e701426c5b448a6c507f2739948d4168
SHA1 28ce8c5d8d3eff8e4a669c8207668c7ec6f6aefd
SHA256 77e8643c96128958904798dbe0d6df5b1fffa5fbad9b8fc290e9fa1dac425b16
SHA512 ef5a2c1d92513b91bce37c606079891b93d396c23acd2f4490a83f532fcd8feff8c236c006e7d2f32a0b262f2698c687cac69c97131f1c1f3d9fb5370bd61db6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_E9CFF73A4BE3A1E2CD981E5918F3F1FC

MD5 b4d8adabb9c69f97bc8a6d38dc1c7ced
SHA1 14bbbe6bced6bb54159ed5affb5a037e76197bf5
SHA256 3ab49ea1eb99a3ffb5d1816c154d461eebacdd0f0db040db6775008a972594de
SHA512 a467defd9a2346b263a504521fd2bf5912081b738eacd220363a8b2269a86a9deb35b0fd19d4e5f5def51b86a2fd4a2f7bcd04496270f6f1e2f30d3809216283

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

memory/2904-71-0x0000000000000000-mapping.dmp

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/2976-76-0x0000000000000000-mapping.dmp

memory/2976-78-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 b71ddc43d5d164a918405d1291232b1a
SHA1 6666078b65eee232dd3c90f4dd32ad1c60c8bfe2
SHA256 95d335c2285404d0ce42b98dfc35001d2809013e5063dd1859a71b43d25b4bda
SHA512 4a08de31c7ebc4774ab0bfae5663188aca1a4271eeb63ee5fa777bfdffc963c9e1e9e8e33ff468ae6e9064c5b3911c0e0dcfc87fac52355fc5466c62b46e1a10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6b0c3f0b5347da477f5b61830ef0fd16
SHA1 0b7994e22541aa8b0b28d95fbdc7cbcbaab512a2
SHA256 564d361d5c865c2e3fdc470bd9cdce33d531e739b900afffe759a6d98e76b014
SHA512 fdcf1d9a5eb2b43fbc9daf3583f5814081d7451003f006d206c9e552a6a52b7d2b9646917b3e2c7dd67f804d284ea2ded7f4e77cbe679764ec6e31820b7f5a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b41b6dcb0253f9a401d047c53facc802
SHA1 5fc3f1f42c588c042a2183e9d883263e0af1c1c9
SHA256 b132d1769e945bbd578d9291e138d773f457d9b8f78ceff5562a4446336e69f7
SHA512 51c06dfee977c8078de9103e826ddc441b5513cd9d93d58423e56f5cff45b675750b9d57d80033826c11b2a4106b79d2b31c4823c25da5a682764a119fd7ce88

C:\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7165157.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67637087326c2752b1b41d7864f5dca0
SHA1 82648d1f868a33b3e0c031d8cfe6674a13885d87
SHA256 e6f90188603c38f999add6ab01f2c10e1aba8066684fb38f9d8dc4cdae536ba3
SHA512 03b6eff4e45f36fe3ab1a3a6090365a71c918c05c9d0f976d575a4bed72b487ea7fda5f332d7860e5228617c3818b24eaaee6829ea76fb0210100ce2b0efc5f4

memory/856-92-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 61d824ef62a2ba970d9261bff370051f
SHA1 d857f6c8baeedcc8842065a54afa62b5590cef53
SHA256 579871833f7ac2244b15f0474f70128bd787582dc7abb84b79300ba996b3def2
SHA512 c980ad5354a6fb37c6a60c84d508d299f57e47920c8b1ff87949427304b04630d7851c45bccdda065834fb9cbe008435baea66e80afc683baf5ed5f4e65fbac2

\Windows\Installer\MSI962A.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI962A.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI9D7B.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSI9D7B.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSIA3D4.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIA3D4.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

memory/956-102-0x0000000000000000-mapping.dmp

C:\Windows\Installer\6d8413.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f95b32cb5e995c408854c0f1baa4420b
SHA1 7fd71bcc51698539ad7b205908944680f7a436b3
SHA256 6b6a45b6ad94d82dd1042b4ff32b2c038d2e2c1d726f86b890dc75f428dcaade
SHA512 b84d1ee8c2a1bff1d375cd543bd5be2ca9930dfc6a2a0e22a7d3645fde023ac967a997c989cf179c37469dae58923fed419485f631f98ba46d56830446a92ca9

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

memory/2476-106-0x0000000000000000-mapping.dmp

C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2476-110-0x0000000000400000-0x0000000000417000-memory.dmp

\ProgramData\Oracle\Java\installcache_x64\7191661.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2476-112-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-113-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-114-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-115-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2476-116-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-117-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-118-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2476-119-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2644-120-0x0000000000000000-mapping.dmp

memory/2692-121-0x0000000000000000-mapping.dmp

memory/2584-122-0x0000000000000000-mapping.dmp

memory/2612-123-0x0000000000000000-mapping.dmp

memory/1640-125-0x0000000000000000-mapping.dmp

memory/2848-126-0x0000000000000000-mapping.dmp

memory/2796-127-0x0000000000000000-mapping.dmp

memory/2816-128-0x0000000000000000-mapping.dmp

memory/2164-133-0x0000000000000000-mapping.dmp

memory/2176-134-0x0000000000000000-mapping.dmp

memory/2176-147-0x0000000002470000-0x0000000003470000-memory.dmp

memory/2176-154-0x0000000002470000-0x0000000003470000-memory.dmp