Malware Analysis Report

2025-01-02 12:00

Sample ID 221227-1z6ynabg2z
Target mmc-stable-win32.zip
SHA256 2ef69f36d3a99e423ae6b8de52168fd26656d0c274845270000b013043daac7e
Tags
bazarbackdoor adware backdoor discovery persistence stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2ef69f36d3a99e423ae6b8de52168fd26656d0c274845270000b013043daac7e

Threat Level: Known bad

The file mmc-stable-win32.zip was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor adware backdoor discovery persistence stealer upx

BazarBackdoor

Suspicious use of NtCreateUserProcessOtherParentProcess

Bazar/Team9 Backdoor payload

Blocklisted process makes network request

Registers COM server for autorun

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Modifies file permissions

Loads dropped DLL

Looks up external IP address via web service

Installs/modifies Browser Helper Object

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

NTFS ADS

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-27 22:06

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-12-27 22:06

Reported

2022-12-27 22:27

Platform

win10v2004-20220901-en

Max time kernel

1187s

Max time network

1205s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0283-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0149-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0252-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0250-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0162-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0172-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBB}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0199-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0166-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0260-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0274-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0301-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0186-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0030-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0106-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0104-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0104-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0259-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0214-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0307-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0346-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0160-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0320-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0227-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0218-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0102-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0201-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSID84D.tmp N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSID84D.tmp N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSID84D.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\bin\mlib_image.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\ecc.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\LICENSE C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\decora_sse.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\javafx_font.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\cmm\LINEAR_RGB.pf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_es.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\plugin.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\server\jvm.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jsound.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\mlib_image.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\splashscreen.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\splashscreen.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.password.template C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-heap-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libxml2.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\calendars.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jfr\profile.jfc C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\snmp.acl.template C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\prism_sw.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ja.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-console-l1-2-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jsoundds.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\PYCC.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\[email protected] C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\zipfs.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\fontmanager.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\servertool.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\java.policy C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\hijrah-config-umalqura.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\cmm\PYCC.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_de.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_CopyDrop32x32.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\eula.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\javaws.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_CN.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\Welcome.html C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\nio.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\w2k_lsa_auth.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_241084359\javaw.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jsdt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\ext\jfxrt.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\splash.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\t2k.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jce.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jsdt.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\cldr.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\jaccess.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\fxplugins.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansDemiBold.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\resource.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e183b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI10B0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e183e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI31CE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e1771.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID03.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{4A03706F-666A-4037-7777-5F2748764D10} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e176e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2A2B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2DC6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI118C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e183b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFC5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180351F0} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6404.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDDE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE3D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID84D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC65.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e176e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI34DC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2298.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\Installer\MSID84D.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\Installer\MSID84D.tmp N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_37" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0213-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_213" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0325-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_50" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0173-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0118-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0224-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0216-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0169-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0148-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0266-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0163-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_195" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0169-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_32" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_206" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0213-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0252-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_252" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0290-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0169-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_47" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0209-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_209" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_261" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0102-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0279-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0160-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0204-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0028-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0326-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_326" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0212-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0249-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_92" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0280-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_280" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0194-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0097-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0115-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_115" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0193-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBC} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0218-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0058-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0154-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0336-ABCDEFFEDCBC} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_68" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0103-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0150-ABCDEFFEDCBA} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0296-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0102-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0195-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0246-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0234-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0245-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_245" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0347-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_347" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0080-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_80" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_43" C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0090-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBB} C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0305-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0328-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0190-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0107-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0061-ABCDEFFEDCBB} C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSID84D.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0146-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_146" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0287-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0218-ABCDEFFEDCBC} C:\Windows\Installer\MSID84D.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSID84D.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0134-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1016 wrote to memory of 3356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3356 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe

"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.0.89723322\1821456906" -parentBuildID 20200403170909 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 1 -prefMapSize 219940 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 1772 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.3.383131298\1830525967" -childID 1 -isForBrowser -prefsHandle 2276 -prefMapHandle 2384 -prefsLen 112 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 2468 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.13.788448982\779528989" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 6894 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 3708 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.20.1348307363\790292645" -parentBuildID 20200403170909 -prefsHandle 4956 -prefMapHandle 3876 -prefsLen 8463 -prefMapSize 219940 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 3552 rdd

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x518 0x544

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A5C3CCB56632A32EC362EBA32C1BE681

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding C99E607511DE3E8EB3A49D7DC47957B6 E Global\MSI0000

C:\Windows\Installer\MSID84D.tmp

"C:\Windows\Installer\MSID84D.tmp" ProductCode={26A24AE4-039D-4CA4-87B4-2F86418066F0} /s

C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_66" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzY2XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar

C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar

C:\ProgramData\Oracle\Java\javapath\javaw.exe

javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6B5833FEDE024A0AB5B5960C369DED2E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 07F5606D6828464E38797835970968D0 E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6822362F3CB4C099CE17856DDCF81930

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 94377E7E0096672FC8144DB975367827 E Global\MSI0000

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 files.multimc.org udp
N/A 172.67.147.103:443 files.multimc.org tcp
N/A 127.0.0.1:49766 tcp
N/A 127.0.0.1:49770 tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 search.services.mozilla.com udp
N/A 8.8.8.8:53 shavar.services.mozilla.com udp
N/A 34.160.46.54:443 search.services.mozilla.com tcp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 35.162.174.146:443 shavar.services.mozilla.com tcp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 8.8.8.8:53 push.services.mozilla.com udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 54.149.83.187:443 push.services.mozilla.com tcp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 snippets.cdn.mozilla.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 52.222.139.5:443 snippets.cdn.mozilla.net tcp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
N/A 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
N/A 104.109.143.71:80 a1887.dscq.akamai.net tcp
N/A 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 www.wikipedia.org udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 www.reddit.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 216.58.214.22:443 i.ytimg.com tcp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 172.217.168.237:443 accounts.google.com tcp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:49777 tcp
N/A 209.197.3.8:80 tcp
N/A 104.80.225.205:443 tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 142.250.179.194:443 googleads.g.doubleclick.net tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 support.mozilla.org udp
N/A 8.8.8.8:53 prod-tp.sumo.mozit.cloud udp
N/A 8.8.8.8:53 prod-tp.sumo.mozit.cloud udp
N/A 8.8.8.8:53 yt3.ggpht.com udp
N/A 142.251.39.97:443 yt3.ggpht.com tcp
N/A 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
N/A 142.251.39.97:443 photos-ugc.l.googleusercontent.com tcp
N/A 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
N/A 142.251.39.97:443 photos-ugc.l.googleusercontent.com tcp
N/A 142.251.39.97:443 photos-ugc.l.googleusercontent.com tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 216.58.208.106:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 142.251.39.102:443 static.doubleclick.net tcp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
N/A 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
N/A 216.58.208.110:443 suggestqueries-clients6.youtube.com tcp
N/A 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 142.251.36.46:443 youtube.com tcp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 20.189.173.12:443 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 8.8.8.8:53 i4.ytimg.com udp
N/A 8.8.8.8:53 i4.ytimg.com udp
N/A 8.8.8.8:53 i4.ytimg.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.39.110:443 play.google.com tcp
N/A 8.8.8.8:53 rr4---sn-5hnednss.googlevideo.com udp
N/A 8.8.8.8:53 rr4.sn-5hnednss.googlevideo.com udp
N/A 8.8.8.8:53 rr4.sn-5hnednss.googlevideo.com udp
N/A 172.217.132.201:443 rr4.sn-5hnednss.googlevideo.com tcp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 rr2---sn-5hnekn7l.googlevideo.com udp
N/A 8.8.8.8:53 rr2.sn-5hnekn7l.googlevideo.com udp
N/A 8.8.8.8:53 rr2.sn-5hnekn7l.googlevideo.com udp
N/A 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 172.217.132.201:443 rr4.sn-5hnednss.googlevideo.com tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 74.125.100.7:443 rr2.sn-5hnekn7l.googlevideo.com tcp
N/A 74.125.100.7:443 rr2.sn-5hnekn7l.googlevideo.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.174:443 encrypted-tbn3.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 8.8.8.8:53 ade.googlesyndication.com udp
N/A 8.8.8.8:53 ade.googlesyndication.com udp
N/A 8.8.8.8:53 ade.googlesyndication.com udp
N/A 142.251.36.2:443 ade.googlesyndication.com tcp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 www.reddit.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 apis.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 104.16.155.36:443 whatismyipaddress.com tcp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 8.8.8.8:53 script.crazyegg.com udp
N/A 8.8.8.8:53 script.crazyegg.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 script.crazyegg.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 cdn.whatismyipaddress.com udp
N/A 8.8.8.8:53 ds6.whatismyipaddress.com udp
N/A 8.8.8.8:53 cdn.whatismyipaddress.com udp
N/A 104.16.154.36:443 cdn.whatismyipaddress.com tcp
N/A 104.16.154.36:443 cdn.whatismyipaddress.com tcp
N/A 8.8.8.8:53 app.fusebox.fm udp
N/A 8.8.8.8:53 cdn.whatismyipaddress.com udp
N/A 172.67.70.40:443 app.fusebox.fm tcp
N/A 8.8.8.8:53 app.fusebox.fm udp
N/A 8.8.8.8:53 app.fusebox.fm udp
N/A 8.8.8.8:53 a.omappapi.com udp
N/A 185.93.1.251:443 a.omappapi.com tcp
N/A 8.8.8.8:53 omapp.b-cdn.net udp
N/A 8.8.8.8:53 omapp.b-cdn.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 quantcast.mgr.consensu.org udp
N/A 8.8.8.8:53 a.pub.network udp
N/A 8.8.8.8:53 www.clarity.ms udp
N/A 104.18.21.206:443 a.pub.network tcp
N/A 8.8.8.8:53 a.pub.network udp
N/A 8.8.8.8:53 quantcast.mgr.consensu.org udp
N/A 13.227.219.121:443 quantcast.mgr.consensu.org tcp
N/A 8.8.8.8:53 part-0039.t-0009.fdv2-t-msedge.net udp
N/A 8.8.8.8:53 a.pub.network udp
N/A 8.8.8.8:53 part-0039.t-0009.fdv2-t-msedge.net udp
N/A 13.107.237.67:443 part-0039.t-0009.fdv2-t-msedge.net tcp
N/A 8.8.8.8:53 quantcast.mgr.consensu.org udp
N/A 8.8.8.8:53 e1.o.lencr.org udp
N/A 8.8.8.8:53 maps.whatismyipaddress.info udp
N/A 104.109.143.71:80 e1.o.lencr.org tcp
N/A 172.67.69.80:443 maps.whatismyipaddress.info tcp
N/A 172.67.69.80:443 maps.whatismyipaddress.info tcp
N/A 172.67.69.80:443 maps.whatismyipaddress.info tcp
N/A 172.67.69.80:443 maps.whatismyipaddress.info tcp
N/A 8.8.8.8:53 maps.whatismyipaddress.info udp
N/A 8.8.8.8:53 maps.whatismyipaddress.info udp
N/A 104.19.147.8:443 script.crazyegg.com.cdn.cloudflare.net tcp
N/A 8.8.8.8:53 secure.quantserve.com udp
N/A 192.184.69.252:443 secure.quantserve.com tcp
N/A 8.8.8.8:53 global.px.quantserve.com udp
N/A 8.8.8.8:53 global.px.quantserve.com udp
N/A 172.67.70.40:443 app.fusebox.fm tcp
N/A 8.8.8.8:53 api.omappapi.com udp
N/A 52.222.139.6:443 api.omappapi.com tcp
N/A 8.8.8.8:53 d1lpgznae1530s.cloudfront.net udp
N/A 8.8.8.8:53 d1lpgznae1530s.cloudfront.net udp
N/A 8.8.8.8:53 rangeplayground.com udp
N/A 34.160.63.134:443 rangeplayground.com tcp
N/A 8.8.8.8:53 rangeplayground.com udp
N/A 8.8.8.8:53 rangeplayground.com udp
N/A 8.8.8.8:53 d.pub.network udp
N/A 34.160.110.8:443 d.pub.network tcp
N/A 8.8.8.8:53 d.pub.network udp
N/A 8.8.8.8:53 d.pub.network udp
N/A 8.8.8.8:53 ocsp.godaddy.com.akadns.net udp
N/A 8.8.8.8:53 ocsp.godaddy.com.akadns.net udp
N/A 8.8.8.8:53 onesignal.com udp
N/A 8.8.8.8:53 onesignal.com udp
N/A 104.18.226.52:443 onesignal.com tcp
N/A 8.8.8.8:53 onesignal.com udp
N/A 8.8.8.8:53 static.adsafeprotected.com udp
N/A 8.8.8.8:53 rules.quantcount.com udp
N/A 52.222.139.26:443 static.adsafeprotected.com tcp
N/A 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
N/A 52.222.139.5:443 rules.quantcount.com tcp
N/A 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
N/A 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
N/A 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
N/A 8.8.8.8:53 apis.cmp.quantcast.com udp
N/A 54.156.143.194:443 apis.cmp.quantcast.com tcp
N/A 8.8.8.8:53 apis.cmp.quantcast.com udp
N/A 8.8.8.8:53 apis.cmp.quantcast.com udp
N/A 8.8.8.8:53 c.clarity.ms udp
N/A 20.234.93.27:443 c.clarity.ms tcp
N/A 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
N/A 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
N/A 8.8.8.8:53 sb.scorecardresearch.com udp
N/A 8.8.8.8:53 sb.scorecardresearch.com udp
N/A 8.8.8.8:53 pixel.quantserve.com udp
N/A 8.8.8.8:53 sb.scorecardresearch.com udp
N/A 8.8.8.8:53 ssl-static.libsyn.com udp
N/A 52.222.139.96:443 ssl-static.libsyn.com tcp
N/A 8.8.8.8:53 d37nv3hmxce5yg.cloudfront.net udp
N/A 8.8.8.8:53 d37nv3hmxce5yg.cloudfront.net udp
N/A 8.8.8.8:53 c.bing.com udp
N/A 204.79.197.200:443 c.bing.com tcp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 confiant-integrations.global.ssl.fastly.net udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 151.101.1.194:443 confiant-integrations.global.ssl.fastly.net tcp
N/A 8.8.8.8:53 confiant-integrations.global.ssl.fastly.net udp
N/A 8.8.8.8:53 freestar-io.videoplayerhub.com udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 8.8.8.8:53 confiant-integrations.global.ssl.fastly.net udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 104.26.8.50:443 freestar-io.videoplayerhub.com tcp
N/A 8.8.8.8:53 freestar-io.videoplayerhub.com udp
N/A 8.8.8.8:53 freestar-io.videoplayerhub.com udp
N/A 52.222.139.23:443 sb.scorecardresearch.com tcp
N/A 91.228.74.206:443 pixel.quantserve.com tcp
N/A 142.251.39.98:443 www.googletagservices.com tcp
N/A 8.8.8.8:53 cdn.confiant-integrations.net udp
N/A 8.8.8.8:53 btloader.com udp
N/A 104.18.17.107:443 cdn.confiant-integrations.net tcp
N/A 8.8.8.8:53 cdn.confiant-integrations.net udp
N/A 172.67.70.134:443 btloader.com tcp
N/A 8.8.8.8:53 btloader.com udp
N/A 8.8.8.8:53 cdn.confiant-integrations.net udp
N/A 8.8.8.8:53 btloader.com udp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 104.26.2.70:443 ad-delivery.net tcp
N/A 104.26.2.70:443 ad-delivery.net tcp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 8.8.8.8:53 securepubads.g.doubleclick.net udp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 34.160.63.134:443 rangeplayground.com tcp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 142.250.27.155:443 stats.g.doubleclick.net tcp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 ajax.googleapis.com udp
N/A 142.251.36.10:443 ajax.googleapis.com tcp
N/A 8.8.8.8:53 ajax.googleapis.com udp
N/A 8.8.8.8:53 ajax.googleapis.com udp
N/A 8.8.8.8:53 api.btloader.com udp
N/A 130.211.23.194:443 api.btloader.com tcp
N/A 130.211.23.194:443 api.btloader.com tcp
N/A 8.8.8.8:53 api.btloader.com udp
N/A 8.8.8.8:53 api.btloader.com udp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 www.google.nl udp
N/A 142.251.39.99:443 www.google.nl tcp
N/A 8.8.8.8:53 www.google.nl udp
N/A 8.8.8.8:53 www.google.nl udp
N/A 8.8.8.8:53 api.floors.dev udp
N/A 34.160.128.112:443 api.floors.dev tcp
N/A 34.160.128.112:443 api.floors.dev tcp
N/A 8.8.8.8:53 api.floors.dev udp
N/A 8.8.8.8:53 api.floors.dev udp
N/A 8.8.8.8:53 c.pub.network udp
N/A 34.160.110.8:443 c.pub.network tcp
N/A 8.8.8.8:53 c.pub.network udp
N/A 8.8.8.8:53 a.optmstr.com udp
N/A 8.8.8.8:53 c.pub.network udp
N/A 185.93.1.251:443 a.optmstr.com tcp
N/A 8.8.8.8:53 c.amazon-adsystem.com udp
N/A 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
N/A 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
N/A 54.192.85.4:443 d1ykf07e75w7ss.cloudfront.net tcp
N/A 8.8.8.8:53 s2s.t13.io udp
N/A 34.107.140.113:443 s2s.t13.io tcp
N/A 8.8.8.8:53 s2s.t13.io udp
N/A 34.107.140.113:443 s2s.t13.io tcp
N/A 8.8.8.8:53 s2s.t13.io udp
N/A 8.8.8.8:53 ads.yieldmo.com udp
N/A 8.8.8.8:53 btlr.sharethrough.com udp
N/A 8.8.8.8:53 ib.adnxs.com udp
N/A 3.216.155.130:443 ads.yieldmo.com tcp
N/A 8.8.8.8:53 rw-yieldmo-com-1233107411.us-east-1.elb.amazonaws.com udp
N/A 185.89.210.90:443 ib.adnxs.com tcp
N/A 8.8.8.8:53 ib.anycast.adnxs.com udp
N/A 3.221.135.244:443 btlr.sharethrough.com tcp
N/A 8.8.8.8:53 btlr-ecs-us-east-1.sharethrough.com udp
N/A 8.8.8.8:53 ib.anycast.adnxs.com udp
N/A 8.8.8.8:53 rw-yieldmo-com-1233107411.us-east-1.elb.amazonaws.com udp
N/A 8.8.8.8:53 hbopenbid.pubmatic.com udp
N/A 8.8.8.8:53 fastlane.rubiconproject.com udp
N/A 185.64.190.77:443 hbopenbid.pubmatic.com tcp
N/A 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
N/A 8.8.8.8:53 btlr-ecs-us-east-1.sharethrough.com udp
N/A 8.8.8.8:53 apex.go.sonobi.com udp
N/A 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
N/A 213.19.162.51:443 fastlane.rubiconproject.com tcp
N/A 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
N/A 69.166.1.8:443 apex.go.sonobi.com tcp
N/A 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
N/A 8.8.8.8:53 tlx.3lift.com udp
N/A 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
N/A 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
N/A 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
N/A 18.204.157.197:443 tlx.3lift.com tcp
N/A 8.8.8.8:53 us-east-tlx.3lift.com udp
N/A 3.230.217.116:443 c2shb.pubgw.yahoo.com tcp
N/A 3.230.217.116:443 c2shb.pubgw.yahoo.com tcp
N/A 8.8.8.8:53 ssp-ats-prod-us-east-1.one-mobile-prod.aws.oath.cloud udp
N/A 8.8.8.8:53 grid.bidswitch.net udp
N/A 8.8.8.8:53 ap.lijit.com udp
N/A 8.8.8.8:53 ssp-ats-prod-us-east-1.one-mobile-prod.aws.oath.cloud udp
N/A 8.8.8.8:53 us-east-tlx.3lift.com udp
N/A 72.251.249.13:443 ap.lijit.com tcp
N/A 8.8.8.8:53 oeu.vap.lijit.com udp
N/A 3.230.217.116:443 ssp-ats-prod-us-east-1.one-mobile-prod.aws.oath.cloud tcp
N/A 8.8.8.8:53 oeu.vap.lijit.com udp
N/A 35.211.165.199:443 grid.bidswitch.net tcp
N/A 8.8.8.8:53 hb-api.omnitagjs.com udp
N/A 8.8.8.8:53 grid-lb-use.bidswitch.net udp
N/A 185.255.84.151:443 hb-api.omnitagjs.com tcp
N/A 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
N/A 3.230.217.116:443 ssp-ats-prod-us-east-1.one-mobile-prod.aws.oath.cloud tcp
N/A 8.8.8.8:53 c2shb.ssp.yahoo.com udp
N/A 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
N/A 8.8.8.8:53 grid-lb-use.bidswitch.net udp
N/A 8.8.8.8:53 colossusssp.com udp
N/A 8.2.111.122:443 colossusssp.com tcp
N/A 8.8.8.8:53 colossusssp.com udp
N/A 8.8.8.8:53 ssc.33across.com udp
N/A 8.8.8.8:53 htlb.casalemedia.com udp
N/A 8.8.8.8:53 g2.gumgum.com udp
N/A 8.8.8.8:53 colossusssp.com udp
N/A 8.8.8.8:53 htlb.casalemedia.com.cdn.cloudflare.net udp
N/A 172.64.154.237:443 htlb.casalemedia.com.cdn.cloudflare.net tcp
N/A 52.4.33.45:443 c2shb.ssp.yahoo.com tcp
N/A 52.4.33.45:443 c2shb.ssp.yahoo.com tcp
N/A 34.149.20.76:443 ssc.33across.com tcp
N/A 8.8.8.8:53 htlb.casalemedia.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 global.ssc.33across.com udp
N/A 54.243.204.88:443 g2.gumgum.com tcp
N/A 8.8.8.8:53 g2.gumgum.com udp
N/A 8.8.8.8:53 g2.gumgum.com udp
N/A 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 global.ssc.33across.com udp
N/A 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 prebid.a-mo.net udp
N/A 145.40.89.200:443 prebid.a-mo.net tcp
N/A 8.8.8.8:53 prebid.a-mo.net udp
N/A 8.8.8.8:53 prebid.a-mo.net udp
N/A 8.8.8.8:53 aax-dtb-cf.amazon-adsystem.com udp
N/A 13.227.198.171:443 aax-dtb-cf.amazon-adsystem.com tcp
N/A 13.227.198.171:443 aax-dtb-cf.amazon-adsystem.com tcp
N/A 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
N/A 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
N/A 8.8.8.8:53 a.teads.tv udp
N/A 8.8.8.8:53 e9957.b.akamaiedge.net udp
N/A 8.8.8.8:53 secure.cdn.fastclick.net udp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 104.85.1.56:443 a.teads.tv tcp
N/A 13.227.198.171:443 d1jvc9b8z3vcjs.cloudfront.net tcp
N/A 35.211.165.199:443 grid-lb-use.bidswitch.net tcp
N/A 8.8.8.8:53 e4536.g.akamaiedge.net udp
N/A 8.8.8.8:53 cdn.id5-sync.com udp
N/A 8.8.8.8:53 e4536.g.akamaiedge.net udp
N/A 8.8.8.8:53 cdn.id5-sync.com udp
N/A 8.8.8.8:53 cdn.id5-sync.com udp
N/A 8.8.8.8:53 adservice.google.nl udp
N/A 142.250.179.162:443 adservice.google.nl tcp
N/A 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
N/A 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
N/A 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
N/A 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
N/A 8.8.8.8:53 cms.quantserve.com udp
N/A 23.51.75.225:443 e4536.g.akamaiedge.net tcp
N/A 104.22.52.86:443 cdn.id5-sync.com tcp
N/A 192.184.69.167:443 cms.quantserve.com tcp
N/A 8.8.8.8:53 27be19675f447bbe0c38298006dce870.safeframe.googlesyndication.com udp
N/A 8.8.8.8:53 pagead-googlehosted.l.google.com udp
N/A 142.250.179.193:443 pagead-googlehosted.l.google.com tcp
N/A 8.8.8.8:53 pagead-googlehosted.l.google.com udp
N/A 8.8.8.8:53 lb.eu-1-id5-sync.com udp
N/A 8.8.8.8:53 lbs.eu-1-id5-sync.com udp
N/A 162.19.138.82:443 lbs.eu-1-id5-sync.com tcp
N/A 8.8.8.8:53 lb.eu-1-id5-sync.com udp
N/A 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
N/A 8.8.8.8:53 lbs.eu-1-id5-sync.com udp
N/A 8.8.8.8:53 lb.eu-1-id5-sync.com udp
N/A 8.8.8.8:53 lbs.eu-1-id5-sync.com udp
N/A 8.8.8.8:53 id5-sync.com udp
N/A 162.19.138.117:443 id5-sync.com tcp
N/A 8.8.8.8:53 id5-sync.com udp
N/A 8.8.8.8:53 id5-sync.com udp
N/A 8.8.8.8:53 cdn.jsdelivr.net udp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 8.8.8.8:53 jsdelivr.map.fastly.net udp
N/A 8.8.8.8:53 oa.openxcdn.net udp
N/A 34.102.146.192:443 oa.openxcdn.net tcp
N/A 8.8.8.8:53 cdn.prod.uidapi.com udp
N/A 8.8.8.8:53 jsdelivr.map.fastly.net udp
N/A 8.8.8.8:53 oa.openxcdn.net udp
N/A 8.8.8.8:53 cdn.ampproject.org udp
N/A 52.84.134.198:443 cdn.prod.uidapi.com tcp
N/A 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
N/A 142.250.179.193:443 cdn.ampproject.org tcp
N/A 8.8.8.8:53 cdn-content.ampproject.org udp
N/A 142.250.179.193:443 cdn-content.ampproject.org tcp
N/A 142.250.179.193:443 cdn-content.ampproject.org tcp
N/A 8.8.8.8:53 cdn-content.ampproject.org udp
N/A 142.250.179.193:443 cdn-content.ampproject.org tcp
N/A 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
N/A 142.250.179.193:443 cdn-content.ampproject.org tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 hbx.media.net udp
N/A 8.8.8.8:53 hbx.media.net udp
N/A 8.8.8.8:53 hbx.media.net udp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 104.123.44.23:443 hbx.media.net tcp
N/A 8.8.8.8:53 oajs.openx.net udp
N/A 34.120.107.143:443 oajs.openx.net tcp
N/A 8.8.8.8:53 oajs.openx.net udp
N/A 8.8.8.8:53 oajs.openx.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 widgets.outbrain.com udp
N/A 8.8.8.8:53 e10883.g.akamaiedge.net udp
N/A 8.8.8.8:53 e10883.g.akamaiedge.net udp
N/A 8.8.8.8:53 dabu.askmediagroup.com udp
N/A 151.101.2.114:443 dabu.askmediagroup.com tcp
N/A 8.8.8.8:53 askmedia.map.fastly.net udp
N/A 8.8.8.8:53 askmedia.map.fastly.net udp
N/A 8.8.8.8:53 d.pub.network udp
N/A 34.160.110.8:443 c.pub.network tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 40.76.174.66:443 d.clarity.ms tcp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 162.19.138.117:443 id5-sync.com tcp
N/A 104.80.225.74:443 e10883.g.akamaiedge.net tcp
N/A 8.8.8.8:53 x.bidswitch.net udp
N/A 8.8.8.8:53 google-bidout-d.openx.net udp
N/A 35.244.159.8:443 google-bidout-d.openx.net tcp
N/A 8.8.8.8:53 google-bidout-d.openx.net udp
N/A 8.8.8.8:53 google-bidout-d.openx.net udp
N/A 35.211.178.172:443 x.bidswitch.net tcp
N/A 8.8.8.8:53 user-data-us-east.bidswitch.net udp
N/A 8.8.8.8:53 user-data-us-east.bidswitch.net udp
N/A 8.8.8.8:53 c.pub.network udp
N/A 8.8.8.8:53 widget-pixels.outbrain.com udp
N/A 8.8.8.8:53 tcheck.outbrainimg.com udp
N/A 104.80.225.74:443 widget-pixels.outbrain.com tcp
N/A 104.123.45.181:443 tcheck.outbrainimg.com tcp
N/A 8.8.8.8:53 e15144.d.akamaiedge.net udp
N/A 8.8.8.8:53 e15144.d.akamaiedge.net udp
N/A 8.8.8.8:53 gum.criteo.com udp
N/A 8.8.8.8:53 api.rlcdn.com udp
N/A 178.250.0.157:443 gum.criteo.com tcp
N/A 178.250.0.157:443 gum.criteo.com tcp
N/A 8.8.8.8:53 gum.par.vip.prod.criteo.com udp
N/A 8.8.8.8:53 gum.par.vip.prod.criteo.com udp
N/A 8.8.8.8:53 match.adsrvr.org udp
N/A 8.8.8.8:53 api.rlcdn.com udp
N/A 34.120.155.137:443 api.rlcdn.com tcp
N/A 52.223.40.198:443 match.adsrvr.org tcp
N/A 8.8.8.8:53 match.adsrvr.org udp
N/A 8.8.8.8:53 match.adsrvr.org udp
N/A 8.8.8.8:53 api.rlcdn.com udp
N/A 151.101.2.114:443 askmedia.map.fastly.net tcp
N/A 8.8.8.8:53 askmedia.map.fastly.net udp
N/A 8.8.8.8:53 cdn.globalsigncdn.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 cdn.globalsigncdn.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 odb.outbrain.com udp
N/A 199.232.150.132:443 odb.outbrain.com tcp
N/A 8.8.8.8:53 outbrain.map.fastly.net udp
N/A 8.8.8.8:53 outbrain.map.fastly.net udp
N/A 8.8.8.8:53 eus.rubiconproject.com udp
N/A 8.8.8.8:53 eb2.3lift.com udp
N/A 13.248.245.213:443 eb2.3lift.com tcp
N/A 8.8.8.8:53 eu-eb2.3lift.com udp
N/A 8.8.8.8:53 eu-eb2.3lift.com udp
N/A 104.126.125.209:443 eus.rubiconproject.com tcp
N/A 8.8.8.8:53 e8960.b.akamaiedge.net udp
N/A 13.248.245.213:443 eu-eb2.3lift.com tcp
N/A 8.8.8.8:53 e8960.b.akamaiedge.net udp
N/A 8.8.8.8:53 acdn.adnxs.com udp
N/A 8.8.8.8:53 ads.pubmatic.com udp
N/A 151.101.1.108:443 acdn.adnxs.com tcp
N/A 8.8.8.8:53 prod.appnexus.map.fastly.net udp
N/A 8.8.8.8:53 cs.admanmedia.com udp
N/A 8.8.8.8:53 prod.appnexus.map.fastly.net udp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 104.80.224.197:443 e6603.g.akamaiedge.net tcp
N/A 80.77.87.162:443 cs.admanmedia.com tcp
N/A 8.8.8.8:53 cs.admanmedia.com udp
N/A 8.8.8.8:53 cm.g.doubleclick.net udp
N/A 8.8.8.8:53 cs.admanmedia.com udp
N/A 8.8.8.8:53 ssc-cms.33across.com udp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 142.251.36.34:443 cm.g.doubleclick.net tcp
N/A 8.8.8.8:53 cm.g.doubleclick.net udp
N/A 8.8.8.8:53 pixel.33across.com udp
N/A 67.202.105.21:443 ssc-cms.33across.com tcp
N/A 8.8.8.8:53 js-sec.indexww.com udp
N/A 8.8.8.8:53 pixel.33across.com udp
N/A 172.64.151.162:443 js-sec.indexww.com tcp
N/A 8.8.8.8:53 js-sec.indexww.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 js-sec.indexww.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 cm.g.doubleclick.net udp
N/A 8.8.8.8:53 stx-match.dotomi.com udp
N/A 8.8.8.8:53 bfp.global.dual.dotomi.weighted.com.akadns.net udp
N/A 8.8.8.8:53 pm.w55c.net udp
N/A 63.215.202.137:443 stx-match.dotomi.com tcp
N/A 54.85.186.21:443 pm.w55c.net tcp
N/A 8.8.8.8:53 dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com udp
N/A 8.8.8.8:53 dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com udp
N/A 8.8.8.8:53 mcdp-chidc2.outbrain.com udp
N/A 50.31.142.191:443 mcdp-chidc2.outbrain.com tcp
N/A 8.8.8.8:53 chidc2.outbrain.org udp
N/A 8.8.8.8:53 chidc2.outbrain.org udp
N/A 8.8.8.8:53 images.outbrainimg.com udp
N/A 104.123.45.181:443 images.outbrainimg.com tcp
N/A 8.8.8.8:53 log.outbrainimg.com udp
N/A 64.202.112.127:443 log.outbrainimg.com tcp
N/A 8.8.8.8:53 nydc1.outbrain.org udp
N/A 8.8.8.8:53 nydc1.outbrain.org udp
N/A 8.8.8.8:53 usersync.gumgum.com udp
N/A 35.172.99.217:443 usersync.gumgum.com tcp
N/A 8.8.8.8:53 usersync.gumgum.com udp
N/A 8.8.8.8:53 usersync.gumgum.com udp
N/A 8.8.8.8:53 de.tynt.com udp
N/A 67.202.105.31:443 de.tynt.com tcp
N/A 8.8.8.8:53 de.tynt.com udp
N/A 8.8.8.8:53 de.tynt.com udp
N/A 50.31.142.191:443 mcdp-chidc2.outbrain.com tcp
N/A 8.8.8.8:53 image6.pubmatic.com udp
N/A 185.64.190.78:443 image6.pubmatic.com tcp
N/A 8.8.8.8:53 pugm-lhrc.pubmnet.com udp
N/A 8.8.8.8:53 pugm-lhrc.pubmnet.com udp
N/A 185.89.210.90:443 ib.adnxs.com tcp
N/A 8.8.8.8:53 simage4.pubmatic.com udp
N/A 104.36.113.111:443 simage4.pubmatic.com tcp
N/A 8.8.8.8:53 spug33000-fpb.pubmnet.com udp
N/A 8.8.8.8:53 spug33000-fpb.pubmnet.com udp
N/A 104.36.113.111:443 spug33000-fpb.pubmnet.com tcp
N/A 8.8.8.8:53 secure-assets.rubiconproject.com udp
N/A 8.8.8.8:53 ups.analytics.yahoo.com udp
N/A 8.8.8.8:53 33across-match.dotomi.com udp
N/A 8.8.8.8:53 e8960.e2.akamaiedge.net udp
N/A 23.2.211.147:443 e8960.e2.akamaiedge.net tcp
N/A 8.8.8.8:53 prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud udp
N/A 8.8.8.8:53 e8960.e2.akamaiedge.net udp
N/A 8.8.8.8:53 prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud udp
N/A 8.8.8.8:53 token.rubiconproject.com udp
N/A 213.19.162.80:443 token.rubiconproject.com tcp
N/A 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
N/A 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
N/A 52.45.33.138:443 prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud tcp
N/A 64.158.223.137:443 33across-match.dotomi.com tcp
N/A 8.8.8.8:53 sync.mathtag.com udp
N/A 8.8.8.8:53 ads.betweendigital.com udp
N/A 188.42.191.196:443 ads.betweendigital.com tcp
N/A 8.8.8.8:53 ssp.ads.betweendigital.com udp
N/A 185.29.134.248:443 sync.mathtag.com tcp
N/A 8.8.8.8:53 pix-eu.mathtag.com udp
N/A 8.8.8.8:53 ssp.ads.betweendigital.com udp
N/A 8.8.8.8:53 pix-eu.mathtag.com udp
N/A 8.8.8.8:53 dsp.adfarm1.adition.com udp
N/A 85.114.159.93:443 dsp.adfarm1.adition.com tcp
N/A 8.8.8.8:53 dsp.adfarm1.adition.com udp
N/A 8.8.8.8:53 dsp.adfarm1.adition.com udp
N/A 8.8.8.8:53 events-ssc.33across.com udp
N/A 34.117.239.71:443 events-ssc.33across.com tcp
N/A 8.8.8.8:53 events-ssc.33across.com udp
N/A 8.8.8.8:53 events-ssc.33across.com udp
N/A 8.8.8.8:53 pixel.rubiconproject.com udp
N/A 213.19.162.80:443 pixel.rubiconproject.com tcp
N/A 8.8.8.8:53 mathid.mathtag.com udp
N/A 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
N/A 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
N/A 8.8.8.8:53 pixel-us-east.rubiconproject.net.akadns.net udp
N/A 8.8.8.8:53 pixel-us-east.rubiconproject.net.akadns.net udp
N/A 8.8.8.8:53 www.storygize.net udp
N/A 34.210.232.89:443 www.storygize.net tcp
N/A 8.8.8.8:53 prod-elb-ace-1350792799.us-west-2.elb.amazonaws.com udp
N/A 8.8.8.8:53 prod-elb-ace-1350792799.us-west-2.elb.amazonaws.com udp
N/A 64.202.112.127:443 log.outbrainimg.com tcp
N/A 8.8.8.8:53 sync.adotmob.com udp
N/A 8.8.8.8:53 ums.acuityplatform.com udp
N/A 8.8.8.8:53 match.deepintent.com udp
N/A 3.132.56.153:443 sync.adotmob.com tcp
N/A 69.90.254.78:443 ums.acuityplatform.com tcp
N/A 8.8.8.8:53 sync.adotmob.com udp
N/A 38.91.45.7:443 match.deepintent.com tcp
N/A 8.8.8.8:53 g.deepintent.com udp
N/A 8.8.8.8:53 ums.acuityplatform.com udp
N/A 8.8.8.8:53 sync.adotmob.com udp
N/A 8.8.8.8:53 g.deepintent.com udp
N/A 192.124.249.36:80 ocsp.godaddy.com.akadns.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 img.onesignal.com udp
N/A 8.8.8.8:53 img.onesignal.com udp
N/A 104.18.226.52:443 img.onesignal.com tcp
N/A 8.8.8.8:53 img.onesignal.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 64.202.112.127:443 log.outbrainimg.com tcp
N/A 8.8.8.8:53 nydc1.outbrain.org udp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 c.pub.network udp
N/A 8.8.8.8:53 thebreakdown.xyz udp
N/A 35.224.29.244:443 thebreakdown.xyz tcp
N/A 8.8.8.8:53 thebreakdown.xyz udp
N/A 8.8.8.8:53 thebreakdown.xyz udp
N/A 8.8.8.8:53 assets.mlcdn.com udp
N/A 104.22.7.203:443 assets.mlcdn.com tcp
N/A 8.8.8.8:53 assets.mlcdn.com udp
N/A 8.8.8.8:53 assets.mlcdn.com udp
N/A 8.8.8.8:53 fonts.mailerlite.com udp
N/A 104.18.12.69:443 fonts.mailerlite.com tcp
N/A 8.8.8.8:53 fonts.mailerlite.com udp
N/A 8.8.8.8:53 fonts.mailerlite.com udp
N/A 8.8.8.8:53 i0.wp.com udp
N/A 192.0.77.2:443 i0.wp.com tcp
N/A 8.8.8.8:53 i0.wp.com udp
N/A 8.8.8.8:53 i0.wp.com udp
N/A 8.8.8.8:53 c0.wp.com udp
N/A 192.0.77.37:443 c0.wp.com tcp
N/A 8.8.8.8:53 c0.wp.com udp
N/A 8.8.8.8:53 c0.wp.com udp
N/A 104.18.12.69:443 fonts.mailerlite.com tcp
N/A 104.18.12.69:443 fonts.mailerlite.com tcp
N/A 8.8.8.8:53 static.mailerlite.com udp
N/A 8.8.8.8:53 static.mailerlite.com udp
N/A 104.18.12.69:443 static.mailerlite.com tcp
N/A 8.8.8.8:53 static.mailerlite.com udp
N/A 8.8.8.8:53 stats.wp.com udp
N/A 192.0.76.3:443 stats.wp.com tcp
N/A 8.8.8.8:53 stats.wp.com udp
N/A 8.8.8.8:53 stats.wp.com udp
N/A 8.8.8.8:53 pixel.wp.com udp
N/A 192.0.76.3:443 pixel.wp.com tcp
N/A 8.8.8.8:53 pixel.wp.com udp
N/A 8.8.8.8:53 pixel.wp.com udp
N/A 8.8.8.8:53 s.nitropay.com udp
N/A 8.8.8.8:53 s.nitropay.com udp
N/A 104.18.3.78:443 s.nitropay.com tcp
N/A 8.8.8.8:53 s.nitropay.com udp
N/A 142.250.179.194:443 cm.g.doubleclick.net tcp
N/A 142.250.27.155:443 stats.g.doubleclick.net tcp
N/A 8.8.8.8:53 tracker.nitropay.com udp
N/A 104.18.2.78:443 tracker.nitropay.com tcp
N/A 8.8.8.8:53 tracker.nitropay.com udp
N/A 8.8.8.8:53 tracker.nitropay.com udp
N/A 8.8.8.8:53 ggsoftware-d.openx.net udp
N/A 8.8.8.8:53 ggsoftware-d.openx.net udp
N/A 35.244.159.8:443 ggsoftware-d.openx.net tcp
N/A 8.8.8.8:53 ggsoftware-d.openx.net udp
N/A 8.8.8.8:53 targeting.unrulymedia.com udp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 8.8.8.8:53 btlr-ecs-us-east-1.sharethrough.com udp
N/A 67.226.210.221:443 targeting.unrulymedia.com tcp
N/A 8.8.8.8:53 tag.1rx.io udp
N/A 67.226.210.221:443 targeting.unrulymedia.com tcp
N/A 8.8.8.8:53 tag.1rx.io udp
N/A 8.8.8.8:53 nitropay.technoratimedia.com udp
N/A 129.158.42.199:443 nitropay.technoratimedia.com tcp
N/A 8.8.8.8:53 adserver.technoratimedia.com udp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 129.158.42.199:443 nitropay.technoratimedia.com tcp
N/A 34.107.148.139:443 prebid.media.net tcp
N/A 8.8.8.8:53 adserver.technoratimedia.com udp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 8.8.8.8:53 bidder.criteo.com udp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 178.250.0.165:443 bidder.criteo.com tcp
N/A 8.8.8.8:53 bidder.par.vip.prod.criteo.com udp
N/A 8.8.8.8:53 bidder.par.vip.prod.criteo.com udp
N/A 185.89.210.90:443 ib.adnxs.com tcp
N/A 8.8.8.8:53 ib.anycast.adnxs.com udp
N/A 8.8.8.8:53 ib.anycast.adnxs.com udp
N/A 8.8.8.8:53 ssc.33across.com udp
N/A 34.149.20.76:443 ssc.33across.com tcp
N/A 18.204.157.197:443 tlx.3lift.com tcp
N/A 8.8.8.8:53 us-east-tlx.3lift.com udp
N/A 213.19.162.51:443 tagged-by.rubiconproject.net.akadns.net tcp
N/A 8.8.8.8:53 global.ssc.33across.com udp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 3.221.135.244:443 btlr-ecs-us-east-1.sharethrough.com tcp
N/A 172.64.155.188:80 ocsp.comodoca.com.cdn.cloudflare.net tcp
N/A 172.64.155.188:80 ocsp.comodoca.com.cdn.cloudflare.net tcp
N/A 67.226.210.221:443 targeting.unrulymedia.com tcp
N/A 67.226.210.221:443 targeting.unrulymedia.com tcp
N/A 8.8.8.8:53 connect.facebook.net udp
N/A 8.8.8.8:53 i.imgur.com udp
N/A 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
N/A 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
N/A 199.232.148.193:443 ipv4.imgur.map.fastly.net tcp
N/A 8.8.8.8:53 scontent.xx.fbcdn.net udp
N/A 8.8.8.8:53 scontent.xx.fbcdn.net udp
N/A 179.60.193.2:443 scontent.xx.fbcdn.net tcp
N/A 8.8.8.8:53 partner.googleadservices.com udp
N/A 8.8.8.8:53 partner46.googleadservices.com udp
N/A 142.251.39.98:443 partner46.googleadservices.com tcp
N/A 8.8.8.8:53 partner46.googleadservices.com udp
N/A 104.18.2.78:443 tracker.nitropay.com tcp
N/A 8.8.8.8:53 static.criteo.net udp
N/A 8.8.8.8:53 static.am5.vip.prod.criteo.net udp
N/A 178.250.2.130:443 static.criteo.net tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 8.8.8.8:53 833c1ad784928d1374f2c4708fb84f10.safeframe.googlesyndication.com udp
N/A 142.250.179.193:443 833c1ad784928d1374f2c4708fb84f10.safeframe.googlesyndication.com tcp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 178.250.0.157:443 gum.par.vip.prod.criteo.com tcp
N/A 178.250.2.130:443 static.criteo.net tcp
N/A 8.8.8.8:53 dnacdn.net udp
N/A 8.8.8.8:53 ag.gbc.criteo.com udp
N/A 74.119.119.139:443 dnacdn.net tcp
N/A 8.8.8.8:53 dnacdn.net udp
N/A 8.8.8.8:53 gem.gbc.criteo.com udp
N/A 8.8.8.8:53 gbc3.fr.eu.criteo.com udp
N/A 157.240.247.35:443 www.facebook.com tcp
N/A 8.8.8.8:53 dnacdn.net udp
N/A 8.8.8.8:53 gbc3.fr.eu.criteo.com udp
N/A 8.8.8.8:53 gbc2.va.us.criteo.com udp
N/A 8.8.8.8:53 gbc2.va.us.criteo.com udp
N/A 185.235.84.100:443 gbc3.fr.eu.criteo.com tcp
N/A 185.235.85.63:443 gbc2.va.us.criteo.com tcp
N/A 142.251.39.98:443 partner46.googleadservices.com tcp
N/A 52.223.40.198:443 match.adsrvr.org tcp
N/A 8.8.8.8:53 contextual.media.net udp
N/A 13.248.245.213:443 eu-eb2.3lift.com tcp
N/A 104.123.40.23:443 contextual.media.net tcp
N/A 67.202.105.21:443 ssc-cms.33across.com tcp
N/A 8.8.8.8:53 ad-cdn.technoratimedia.com udp
N/A 8.8.8.8:53 pixel.33across.com udp
N/A 8.8.8.8:53 cs1561.wpc.edgecastcdn.net udp
N/A 8.8.8.8:53 contextual.media.net udp
N/A 152.199.5.184:443 cs1561.wpc.edgecastcdn.net tcp
N/A 151.101.1.108:443 prod.appnexus.map.fastly.net tcp
N/A 8.8.8.8:53 acdn.adnxs.com udp
N/A 8.8.8.8:53 cs1561.wpc.edgecastcdn.net udp
N/A 8.8.8.8:53 e6115.g.akamaiedge.net udp
N/A 8.8.8.8:53 e6115.g.akamaiedge.net udp
N/A 8.8.8.8:53 eus.rubiconproject.com udp
N/A 104.126.125.209:443 eus.rubiconproject.com tcp
N/A 8.8.8.8:53 e8960.b.akamaiedge.net udp
N/A 152.199.5.184:443 cs1561.wpc.edgecastcdn.net tcp
N/A 8.8.8.8:53 e8960.b.akamaiedge.net udp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 8.8.8.8:53 b1sync.zemanta.com udp
N/A 8.8.8.8:53 bttrack.com udp
N/A 8.8.8.8:53 pixel-sync.sitescout.com udp
N/A 8.8.8.8:53 sync.adkernel.com udp
N/A 52.45.33.138:443 prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud tcp
N/A 77.245.57.72:443 sync.adkernel.com tcp
N/A 8.8.8.8:53 b1sync.zemanta.com tcp
N/A 207.198.113.90:443 pixel-sync.sitescout.com tcp
N/A 8.8.8.8:53 1.cpm.ak-is2.net udp
N/A 8.8.8.8:53 pixel-a.sitescout.com udp
N/A 192.132.33.46:443 bttrack.com tcp
N/A 8.8.8.8:53 bttrack.com udp
N/A 35.244.159.8:443 eu-u.openx.net tcp
N/A 35.244.159.8:443 eu-u.openx.net tcp
N/A 8.8.8.8:53 bttrack.com udp
N/A 8.8.8.8:53 pixel-a.sitescout.com udp
N/A 8.8.8.8:53 1.cpm.ak-is2.net udp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 64.202.112.127:443 b1sync.zemanta.com tcp
N/A 8.8.8.8:53 zemanta-nychi.zemanta.com udp
N/A 8.8.8.8:53 zemanta-nychi.zemanta.com udp
N/A 8.8.8.8:53 de.tynt.com udp
N/A 67.202.105.31:443 de.tynt.com tcp
N/A 8.8.8.8:53 sync.technoratimedia.com udp
N/A 132.226.41.106:443 sync.technoratimedia.com tcp
N/A 8.8.8.8:53 adserver.technoratimedia.com udp
N/A 132.226.41.106:443 sync.technoratimedia.com tcp
N/A 8.8.8.8:53 stags.bluekai.com udp
N/A 104.126.124.21:443 stags.bluekai.com tcp
N/A 8.8.8.8:53 e9126.x.akamaiedge.net udp
N/A 8.8.8.8:53 e9126.x.akamaiedge.net udp
N/A 8.8.8.8:53 sync.srv.stackadapt.com udp
N/A 54.85.209.208:443 sync.srv.stackadapt.com tcp
N/A 8.8.8.8:53 sync.srv.stackadapt.com udp
N/A 8.8.8.8:53 sync.srv.stackadapt.com udp
N/A 8.8.8.8:53 ads.pubmatic.com udp
N/A 104.80.224.197:443 ads.pubmatic.com tcp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 8.8.8.8:53 us-u.openx.net udp
N/A 8.8.8.8:53 us-u.openx.net udp
N/A 35.244.159.8:443 us-u.openx.net tcp
N/A 8.8.8.8:53 us-u.openx.net udp
N/A 8.8.8.8:53 ssum-sec.casalemedia.com.cdn.cloudflare.net udp
N/A 104.18.33.19:443 ssum-sec.casalemedia.com.cdn.cloudflare.net tcp
N/A 8.8.8.8:53 ssum-sec.casalemedia.com.cdn.cloudflare.net udp
N/A 34.117.239.71:443 events-ssc.33across.com tcp
N/A 8.8.8.8:53 events-ssc.33across.com udp
N/A 8.8.8.8:53 events-ssc.33across.com udp
N/A 8.8.8.8:53 billing.apexminecrafthosting.com udp
N/A 8.8.8.8:53 billing.apexminecrafthosting.com udp
N/A 172.66.43.114:443 billing.apexminecrafthosting.com tcp
N/A 8.8.8.8:53 billing.apexminecrafthosting.com udp
N/A 8.8.8.8:53 apexminecrafthosting.com udp
N/A 8.8.8.8:53 apexminecrafthosting.com udp
N/A 172.66.40.142:443 apexminecrafthosting.com tcp
N/A 8.8.8.8:53 apexminecrafthosting.com udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 consent.truste.com udp
N/A 8.8.8.8:53 tms.oracle.com udp
N/A 52.222.139.83:443 consent.truste.com tcp
N/A 8.8.8.8:53 consent.truste.com udp
N/A 13.227.219.72:443 tms.oracle.com tcp
N/A 8.8.8.8:53 tms.oracle.com.greylabeldelivery.com udp
N/A 8.8.8.8:53 consent.truste.com udp
N/A 8.8.8.8:53 tms.oracle.com.greylabeldelivery.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 13.227.219.116:443 consent.trustarc.com tcp
N/A 13.227.219.116:443 consent.trustarc.com tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 www.oracleimg.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 23.0.84.121:443 www.oracleimg.com tcp
N/A 23.0.84.121:443 www.oracleimg.com tcp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 104.109.248.155:443 s.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 tags.tiqcdn.com udp
N/A 104.80.228.241:443 tags.tiqcdn.com tcp
N/A 8.8.8.8:53 e8091.a.akamaiedge.net udp
N/A 8.8.8.8:53 e8091.a.akamaiedge.net udp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 d.oracleinfinity.io udp
N/A 23.2.174.96:443 d.oracleinfinity.io tcp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 8.8.8.8:53 dc.oracleinfinity.io udp
N/A 104.109.248.155:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 684dd311.akstat.io udp
N/A 104.109.248.155:443 684dd311.akstat.io tcp
N/A 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
N/A 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
N/A 96.16.53.165:443 trial-eum-clientnsv4-s.akamaihd.net tcp
N/A 104.109.143.73:443 trial-eum-clienttons-s.akamaihd.net tcp
N/A 8.8.8.8:53 a248.b.akamai.net udp
N/A 8.8.8.8:53 a1024.dscg.akamai.net udp
N/A 8.8.8.8:53 a248.b.akamai.net udp
N/A 8.8.8.8:53 a1024.dscg.akamai.net udp
N/A 8.8.8.8:53 154-61-71-51_s-104-109-143-73_ts-1672179006-clienttons-s.akamaihd.net udp
N/A 8.8.8.8:53 ti6uom3aca22ky5lnu7a-pf8k0c-99744fd3e-clientnsv4-s.akamaihd.net udp
N/A 104.109.143.73:443 154-61-71-51_s-104-109-143-73_ts-1672179006-clienttons-s.akamaihd.net tcp
N/A 96.16.53.165:443 ti6uom3aca22ky5lnu7a-pf8k0c-99744fd3e-clientnsv4-s.akamaihd.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 aus5.mozilla.org udp
N/A 35.244.181.201:443 aus5.mozilla.org tcp
N/A 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 ciscobinary.openh264.org udp
N/A 2.22.61.59:80 ciscobinary.openh264.org tcp
N/A 8.8.8.8:53 a19.dscg10.akamai.net udp
N/A 8.8.8.8:53 a19.dscg10.akamai.net udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 redirector.gvt1.com udp
N/A 8.8.8.8:53 redirector.gvt1.com udp
N/A 8.8.8.8:53 r2---sn-aigl6n6s.gvt1.com udp
N/A 173.194.3.71:443 r2---sn-aigl6n6s.gvt1.com tcp
N/A 8.8.8.8:53 r2.sn-aigl6n6s.gvt1.com udp
N/A 8.8.8.8:53 r2.sn-aigl6n6s.gvt1.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
N/A 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
N/A 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 40.76.174.66:443 d.clarity.ms tcp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 23.0.84.121:443 e2581.dscx.akamaiedge.net tcp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 35.224.29.244:443 thebreakdown.xyz tcp
N/A 8.8.8.8:53 thebreakdown.xyz udp
N/A 104.16.155.36:443 cdn.whatismyipaddress.com tcp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 normandy.cdn.mozilla.net udp
N/A 35.201.103.21:443 normandy.cdn.mozilla.net tcp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 classify-client.services.mozilla.com udp
N/A 34.98.75.36:443 classify-client.services.mozilla.com tcp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 15.236.176.210:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 684dd311.akstat.io udp
N/A 104.109.248.155:443 684dd311.akstat.io tcp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 consent.truste.com udp
N/A 8.8.8.8:53 tms.oracle.com udp
N/A 52.222.139.30:443 consent.truste.com tcp
N/A 13.227.219.29:443 tms.oracle.com tcp
N/A 8.8.8.8:53 tms.oracle.com.greylabeldelivery.com udp
N/A 8.8.8.8:53 tms.oracle.com.greylabeldelivery.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 13.227.219.40:443 consent.trustarc.com tcp
N/A 13.227.219.40:443 consent.trustarc.com tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 www.oracleimg.com udp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 104.109.248.155:443 s.go-mpulse.net tcp
N/A 8.8.8.8:53 d.oracleinfinity.io udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 23.2.174.96:443 e11123.x.akamaiedge.net tcp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 104.109.248.155:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 8.8.8.8:53 684dd311.akstat.io udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracleimg.com udp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 8.8.8.8:53 d.oracleinfinity.io udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
N/A 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
N/A 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
N/A 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 15.236.176.210:443 oracle.112.2o7.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 www.java.com udp
N/A 96.16.53.205:443 www.java.com tcp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
N/A 23.2.175.165:443 static.ocecdn.oraclecloud.com tcp
N/A 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
N/A 104.109.248.155:443 e4518.dscapi7.akamaiedge.net tcp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 c.oracleinfinity.io udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 23.2.174.96:443 e11123.x.akamaiedge.net tcp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 104.85.4.134:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 104.109.248.155:443 e4518.dscapi7.akamaiedge.net tcp
N/A 23.2.174.96:443 e11123.x.akamaiedge.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 d.clarity.ms udp
N/A 8.8.8.8:53 vmss-clarity-ingest-eus.eastus.cloudapp.azure.com udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 104.74.228.243:443 javadl.oracle.com tcp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 104.123.44.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 184.29.202.68:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 services.addons.mozilla.org udp
N/A 52.222.139.37:443 services.addons.mozilla.org tcp
N/A 8.8.8.8:53 services.addons.mozilla.org udp
N/A 8.8.8.8:53 services.addons.mozilla.org udp
N/A 8.8.8.8:53 aus5.mozilla.org udp
N/A 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
N/A 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 204.79.197.200:443 dual-a-0001.a-msedge.net tcp
N/A 8.8.8.8:53 www.java.com udp
N/A 96.16.53.205:443 www.java.com tcp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 8.8.8.8:53 whatismyipaddress.com udp
N/A 8.8.8.8:53 multimc.org udp
N/A 8.8.8.8:53 files.multimc.org udp
N/A 104.21.39.176:443 files.multimc.org tcp
N/A 104.21.39.176:443 files.multimc.org tcp
N/A 104.21.39.176:443 files.multimc.org tcp
N/A 104.21.39.176:80 files.multimc.org tcp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 104.85.4.134:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 meta.multimc.org udp
N/A 172.67.147.103:443 meta.multimc.org tcp
N/A 8.8.8.8:53 sjremetrics.java.com udp
N/A 15.188.95.229:443 sjremetrics.java.com tcp
N/A 8.8.8.8:53 login.microsoftonline.com udp
N/A 8.8.8.8:53 normandy.cdn.mozilla.net udp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 35.201.103.21:443 normandy-cdn.services.mozilla.com tcp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 classify-client.services.mozilla.com udp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 34.98.75.36:443 prod-classifyclient.normandy.prod.cloudops.mozgcp.net tcp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
N/A 8.8.8.8:53 authserver.mojang.com udp
N/A 13.227.199.42:443 authserver.mojang.com tcp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 login.microsoftonline.com udp
N/A 40.126.32.72:443 login.microsoftonline.com tcp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 104.85.4.134:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp

Files

memory/644-132-0x00000000013E0000-0x0000000001955000-memory.dmp

memory/644-134-0x0000000000D81000-0x0000000000D83000-memory.dmp

memory/644-135-0x00000000013E0000-0x0000000001955000-memory.dmp

memory/644-136-0x0000000070940000-0x000000007095C000-memory.dmp

memory/644-137-0x0000000061740000-0x0000000061771000-memory.dmp

memory/644-138-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

memory/644-140-0x0000000068880000-0x0000000068DAF000-memory.dmp

memory/644-139-0x0000000000400000-0x00000000009FB000-memory.dmp

memory/644-141-0x00000000013E0000-0x0000000001955000-memory.dmp

memory/644-145-0x0000000063400000-0x0000000063415000-memory.dmp

memory/644-144-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

memory/644-143-0x0000000061740000-0x0000000061771000-memory.dmp

memory/644-142-0x0000000070940000-0x000000007095C000-memory.dmp

memory/644-146-0x0000000061DC0000-0x0000000062404000-memory.dmp

memory/644-147-0x0000000000400000-0x00000000009FB000-memory.dmp

memory/644-148-0x00000000053F0000-0x0000000005602000-memory.dmp

memory/644-150-0x0000000068880000-0x0000000068DAF000-memory.dmp

memory/644-151-0x00000000013E0000-0x0000000001955000-memory.dmp

memory/644-152-0x0000000070940000-0x000000007095C000-memory.dmp

memory/644-153-0x0000000061740000-0x0000000061771000-memory.dmp

memory/644-154-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

memory/644-155-0x0000000063400000-0x0000000063415000-memory.dmp

memory/644-156-0x0000000061DC0000-0x0000000062404000-memory.dmp

memory/644-157-0x0000000000400000-0x00000000009FB000-memory.dmp

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds241022640.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/3104-160-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 30bc3cdbd93a7d3c490d6b3cf933ff22
SHA1 32476728a3d6c76a545e2f441ae6ebe8a50993e9
SHA256 58178a73cb636b7509a8c3af79c8f77aedf421c284ef5f38ad5b6c9ff394fe43
SHA512 4c45bb87acfa5f87f501fa5157a6b3d7bf9a14fa9e9864c5e8da1f37fc8fb385f5c91d4248664d1ae722573792bb3b92b35efadb0c57ffa47ebe0bdf6f1e62e2

memory/3104-165-0x000002199C300000-0x000002199C308000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/2512-167-0x0000000000000000-mapping.dmp

C:\Windows\Installer\MSI2A2B.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 cef219b199735d6984935af9d97c9c1b
SHA1 b4c7f059b7923c12beca726256dd8d8599725c1a
SHA256 28499767fe5a7eef342fb5e75cd7d4219abc55672fa06a94dacf9e94a9dca475
SHA512 279dddbd6e39ad67ceff2eacf9ef6a5bd9a2c4dae1ae13c32c12b9db0c79eb01cf52879ecb74843153e0cdecffaef3679ffbc23cf058cb4c98013cccea3b81e6

C:\Windows\Installer\MSI2A2B.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI2DC6.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI2DC6.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI34DC.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSI34DC.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

memory/4896-175-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 6981964e543dbe8ff4e39ff9f1ddc34f
SHA1 ccf1d8957f912cc2e5f27284c2039d2bea363fe5
SHA256 eeedaf3c0594874899e39c8743e6f6aaa743b93ab5275c5aa8f7122c78bd0112
SHA512 a7a3cec97172606692ef066cda83dc7a0251aa8b667711e6ec4d783e567e6565e596439694949a16e47710b08dc1f94b5ef665d9af6a9d610e2b850d7626b67c

C:\Windows\Installer\e5e1771.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/3792-180-0x0000000000000000-mapping.dmp

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\baseimagefam8

MD5 22646919b87d1a6dfc371464405b373b
SHA1 2296c69b12c3e0244fc59586f794457a4735e692
SHA256 0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11
SHA512 b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\diff

MD5 926bc57fb311cc95bcefa1e1ad0ce459
SHA1 8c43b4d7aa223eaf9c73c789072545da0b2c55df
SHA256 9ccf1e30069b4781362f85c4a30993d86da99f211c2aaad4447ad051cc61600a
SHA512 216cb6483598960f5aea83beeb37fa700d047352d0b3c6c2405a7ee668554e0ab15358c178a6a2fc8c067f4177a0452cde93783797c15fccf224e640715f0743

memory/3792-185-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3792-186-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3792-187-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\241057312.tmp\newimage

MD5 42f911bd9577dba41abfec153b50afdc
SHA1 e75303e84e59c81105db4aeb0e09ba92c0edfaa5
SHA256 a81763f447f212a42eddeecc63c58e580f1e4fb695480d24fba0bc43aa8c17e0
SHA512 40e22192db53eb84a117fbf729f83cbc79ff168509149b2281357295b72770816f260c9320cb7c5559f2242d7f7362dd7af4fa80d99a5db327cb2b690c9b6c59

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/2044-189-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\bin\VCRUNTIME140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\lib\plugin.pack

MD5 2e5895b42f691d0b5ffbf762a855d57a
SHA1 da5cf1070281dd0296dbd386c2b4acd7007bfde9
SHA256 a08b4b853224a3ce9b69ce89dd9aebdb965b08021dc56edce880ecf1708a7d42
SHA512 b9f0f38973c9bacb5b59764275af04bbbcb468e83e7396824607ff67b59386989b3e15dfe9365b1d7cfa0917e99010d3172206bf6962f868660bcd77cafc7df6

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/4028-199-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\lib\javaws.pack

MD5 398dd239fc7fdabfcbc3f6e1ed8e9299
SHA1 2e0ce32c9dd3c5deb6db3931274b40c9d75d6625
SHA256 e63d7f634e2a0a3588f0d21801999079bf17553fe5557f8be22b25b8b239dd8b
SHA512 b955c9440bf6e3aa8da3de2823038392c4ba6884e60a1248676190b2537b5b7acc9a15c8b75910d65bf61f53a4ed256ce85ef0b77b9c6e678a32ea1b5fffb014

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

memory/2240-195-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\lib\deploy.pack

MD5 9a1df89656c2efa2604abf5c1d065c3b
SHA1 da862ff64b4275af98bba7d7f6a0fb827e834e92
SHA256 8e2153a824643beb9a9d6e9452cf5722d8c237504e5b6e122cb5c381cffcb606
SHA512 da2a055fc779b5667fd10491f262f72c4adce9b66070b9eab50e1b285366e552931ec539e228f3b4ecad58cc811967db836f79cc3a53a610ac38dc56a81d320e

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

memory/4892-203-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\lib\rt.pack

MD5 152b037c146bade23bd897d0ecf3d916
SHA1 fa5e38cb04843badb81ebdfde844bc95dbbf7266
SHA256 76573e89844f3fedab7fb2bff86b7345f8f425cde3e9a9b1206aa742aa558699
SHA512 558a22d3e94c8f2bdb92556583ddddeca36f887c1897a6ee1dea6cc041c519d0f0d30126c46178f057f4598b05ab39357f7487ebaaafea85b63a15c45ef70ed1

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/4820-207-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\lib\jsse.pack

MD5 7975fdb318f2a3dbf0334a8e44246ce6
SHA1 00ae46374a1afd3935411ed482dca76f4e136d6d
SHA256 5beb08c202b97aba829b553a7df0d4f4c264129463086c4f74bbaeddea02b423
SHA512 67e4385deae6f6ad74862fef8be61d50c7f24f258a1a8901565ce4664390aeaabeeca85a6cc03299939da5a38592d849873f7305b9a650b9a6924407fc4003a4

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

memory/1592-211-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\lib\charsets.pack

MD5 69c154fa6bf54fbc27705dca6ff2e7ca
SHA1 471cd6b78e555d20df07480238585fed63fa6404
SHA256 26f353903c3aaae51c4164baeff854a0990fc7c29b5c604d5edc3dbd53332a26
SHA512 8bbe37f87fee307f9e0657ed4d277d369ab2ff32a71ff6217e4cefa328256584476aeba8765af604bd7be5938b7cadb61b6bc1b038f4e98dd333d76dffce53bb

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/1724-215-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\lib\ext\localedata.pack

MD5 a30484139ffc2a94ee7c46149e632877
SHA1 7d25767b070767f7bf09390a3fe08eabf93756b0
SHA256 703694a40d7a75251eabd87631074545695a55910ef400bbfdf888a6f3188f9e
SHA512 fbd176b65a34e5a9b8420cc078f652c09ac2e990d26a3db315b98cdf313af38725cb073f6c5fc08e446024c18643f61b01798f06737396b597edf47415eabea3

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

memory/4080-219-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

MD5 5d5fa010a61dc8496ff4e701b6d6d743
SHA1 8b1737ef8a566fb2b5b490c8fd6053ecc7419da2
SHA256 5719255fe30787d2a26390c16e0795698b219451787dbc466bc1bc00631bedae
SHA512 f1fe17e0324a637da498447299ab6d3cffbe02ca9a313a99a9060aff1e8dfa9fd4cadb531e4a4c668ec70001f7ec1820583f24587bc8d59ea0e336e8c39a5988

C:\Program Files\Java\jre1.8.0_351\bin\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Program Files\Java\jre1.8.0_351\bin\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\server\jvm.dll

MD5 15df4b9267d77e8f7a344d9c2f17b6b8
SHA1 4a2db3a9764216d1283984258b4c8c6cbe094759
SHA256 b9b9fa49bcfc8db39899be818aa0ce66b28651939ca81967176a029eb8277704
SHA512 d2e17177395b7f531c720f4ff7cd60125fe17bb5b5a86cf930a8e5c3c39d1f9aba9d1a42e44d4691be9e9abb394c5ef6c8925f285dfa5923232c3c21ff8bcd5d

C:\Program Files\Java\jre1.8.0_351\bin\server\jvm.dll

MD5 15df4b9267d77e8f7a344d9c2f17b6b8
SHA1 4a2db3a9764216d1283984258b4c8c6cbe094759
SHA256 b9b9fa49bcfc8db39899be818aa0ce66b28651939ca81967176a029eb8277704
SHA512 d2e17177395b7f531c720f4ff7cd60125fe17bb5b5a86cf930a8e5c3c39d1f9aba9d1a42e44d4691be9e9abb394c5ef6c8925f285dfa5923232c3c21ff8bcd5d

C:\Program Files\Java\jre1.8.0_351\lib\charsets.jar

MD5 1b051d8e583e888c31a4ce92ca00af24
SHA1 85d8c2185dfa650ddc4e920bf252152f912d5023
SHA256 c2d61232ae7e0d2f80b1e6c2fffdcaa2c307383bb21318a5475e98ae7ee2caae
SHA512 a9081aad813edcec81ee74b770b897d896119562b7e79c492d55e4c0ccad76934429336ee8ed2a894209bb2cf96523c6d5705cc5a46ac750f47c1339b44b0083

C:\Program Files\Java\jre1.8.0_351\lib\jce.jar

MD5 1f4d4fc6b33c30c5782c66b80d92c4f9
SHA1 194df32fb23b470dae4929605d18abd041c743c6
SHA256 81b8de0e148ed3601cf5f1bdf2787c5b15213d842bc537af9ede9635d692b904
SHA512 dfde7e03fc106b785887f2a409b3528c5862663f188c95f6a95c739bdfcc8c6205c03b739de1b259e9a8a0360aa4e10e8d4bce1a57445797a214160b8d98a085

C:\Program Files\Java\jre1.8.0_351\lib\jsse.jar

MD5 9223c116343251d7d790b3b0a1982b36
SHA1 aee99c89912298eda4b466d112c753009dd3ce46
SHA256 93a79c1072166fabc0bd22f16bbe51d0af37f5cc953cc7a835e274e35b2725d6
SHA512 419210474530d50b1ee43491078e3668c9a01eb613d89fc603d0adf96660e1232d4caa619cb7d0b41cde9822c9fe4aa2179f664161c0d9e1dd55fafd8dc09a38

C:\Program Files\Java\jre1.8.0_351\lib\rt.jar

MD5 c395d671fcf4a45966d3cb756543fc5c
SHA1 893edd0af57e9f64acfa4d813413023e02b1742d
SHA256 bf5acb932060cdc3b704e44a09e6d5d13ffedc76f591196a9fa42cd741eebb3a
SHA512 dd156a3a741fdf4f561ce69d4a63160ed5f85f181e8c5ace5f984f4ced463b3868d37287d3294a484725507db9740ee48b8b505478f85ded2fd9e29b0a6c7649

C:\Program Files\Java\jre1.8.0_351\lib\resources.jar

MD5 899a7ccd9b9a475948aff05ea0235acc
SHA1 92e425c62cf6fdc620922e86122a4a03bcc75202
SHA256 8c0f972d376f51bb93bf85856d06932064f8a7a55fa697e992021e30e294aeb3
SHA512 21083ff798d2a55a4c618324c8eadbf01118d61616c90e3174d06f8f9263cb78761331267323aa7bba72e3dd3430fd3fd9e45275da7de659fe63f3536f5e3611

C:\Program Files\Java\jre1.8.0_351\bin\zip.dll

MD5 c0109f47979656fc9d1fc541fca861d6
SHA1 57b080ca919555cfc32bf3fe9ddedc291ee874ef
SHA256 557ec729a54839e9c6c90c1aa1f1bf9b1350ca7f787c48e36ae20fee1ee74929
SHA512 e9e225fcc3eb5e287578a1d40c5ebda99262675a3a0693d4bbacee21e1b85dd5b8581915971bb1eef7babedcde15b76e8ee021cc1ff221c48e1926a2705d48f3

C:\Program Files\Java\jre1.8.0_351\bin\zip.dll

MD5 c0109f47979656fc9d1fc541fca861d6
SHA1 57b080ca919555cfc32bf3fe9ddedc291ee874ef
SHA256 557ec729a54839e9c6c90c1aa1f1bf9b1350ca7f787c48e36ae20fee1ee74929
SHA512 e9e225fcc3eb5e287578a1d40c5ebda99262675a3a0693d4bbacee21e1b85dd5b8581915971bb1eef7babedcde15b76e8ee021cc1ff221c48e1926a2705d48f3

C:\Program Files\Java\jre1.8.0_351\bin\java.dll

MD5 3cc93cc2e870fff4a1d957a0e621c2e1
SHA1 10b2d12bc7c029beba5a1e4a1114be855e882c7f
SHA256 95e25cd432b064b4f0eb8ffa306eb973782427077aeb639fbe80cbdc839ce753
SHA512 2e7f4ba5e4366df83f6f1caf7746e7bad1e4b6353140167036fed73c7afed1453f87bc8622b7a9b6b05ffa299308700ad3f20c847e96b8202188ecbbfb9f79e3

C:\Program Files\Java\jre1.8.0_351\bin\verify.dll

MD5 6d8c0d9597b311157198be3042a609ae
SHA1 1f2a8d9e775872750a20d3e5beb19890c1023c86
SHA256 5f31154e8a788f88624c7ab21de960830692019cb697da1a0364b97868360e8e
SHA512 79b4588990bc00c353462bf234d1b03a5874bbd1bcfc1627321bb60853ab30d247d0492a9cc19413f6a467a78482d61bc7bea9c12c1d993e7ac163aebfefd592

C:\Program Files\Java\jre1.8.0_351\bin\verify.dll

MD5 6d8c0d9597b311157198be3042a609ae
SHA1 1f2a8d9e775872750a20d3e5beb19890c1023c86
SHA256 5f31154e8a788f88624c7ab21de960830692019cb697da1a0364b97868360e8e
SHA512 79b4588990bc00c353462bf234d1b03a5874bbd1bcfc1627321bb60853ab30d247d0492a9cc19413f6a467a78482d61bc7bea9c12c1d993e7ac163aebfefd592

C:\Program Files\Java\jre1.8.0_351\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

C:\Program Files\Java\jre1.8.0_351\bin\java.dll

MD5 3cc93cc2e870fff4a1d957a0e621c2e1
SHA1 10b2d12bc7c029beba5a1e4a1114be855e882c7f
SHA256 95e25cd432b064b4f0eb8ffa306eb973782427077aeb639fbe80cbdc839ce753
SHA512 2e7f4ba5e4366df83f6f1caf7746e7bad1e4b6353140167036fed73c7afed1453f87bc8622b7a9b6b05ffa299308700ad3f20c847e96b8202188ecbbfb9f79e3

memory/4080-240-0x0000025D00000000-0x0000025D01000000-memory.dmp

memory/3148-241-0x0000000000000000-mapping.dmp

memory/2516-242-0x0000000000000000-mapping.dmp

memory/2136-243-0x0000000000000000-mapping.dmp

memory/2136-254-0x0000024380000000-0x0000024381000000-memory.dmp

memory/2136-272-0x0000024380000000-0x0000024381000000-memory.dmp

memory/2136-273-0x0000024380000000-0x0000024381000000-memory.dmp

memory/2980-274-0x0000000000000000-mapping.dmp

memory/3792-276-0x0000000000000000-mapping.dmp

memory/2136-275-0x0000024380000000-0x0000024381000000-memory.dmp

memory/4080-285-0x0000025D00000000-0x0000025D01000000-memory.dmp

memory/3792-288-0x0000014180000000-0x0000014181000000-memory.dmp

memory/3792-306-0x0000014180000000-0x0000014181000000-memory.dmp

memory/3792-307-0x0000014180000000-0x0000014181000000-memory.dmp

memory/3792-308-0x0000014180000000-0x0000014181000000-memory.dmp

memory/3092-309-0x0000000000000000-mapping.dmp

memory/2136-310-0x0000024380000000-0x0000024381000000-memory.dmp

memory/3792-311-0x0000014180000000-0x0000014181000000-memory.dmp

memory/5084-312-0x0000000000000000-mapping.dmp

memory/932-313-0x0000000000000000-mapping.dmp

memory/3588-314-0x0000000000000000-mapping.dmp

memory/1880-327-0x0000000000000000-mapping.dmp

memory/4008-326-0x0000000000000000-mapping.dmp

memory/3588-328-0x0000000004D00000-0x0000000005D00000-memory.dmp

memory/1568-332-0x0000000000000000-mapping.dmp

memory/2764-329-0x0000000000000000-mapping.dmp

memory/644-337-0x0000000000C00000-0x0000000000C11000-memory.dmp

memory/3228-348-0x0000000000000000-mapping.dmp

memory/852-349-0x0000000000000000-mapping.dmp

memory/852-358-0x00000246D7D40000-0x00000246D8D40000-memory.dmp

memory/3624-360-0x0000000000000000-mapping.dmp

memory/852-361-0x00000246D7D40000-0x00000246D8D40000-memory.dmp

memory/644-362-0x00000000013B0000-0x00000000013C0000-memory.dmp

memory/644-363-0x00000000013B0000-0x00000000013C0000-memory.dmp

memory/4292-364-0x0000000000000000-mapping.dmp

memory/4292-374-0x0000018F44E00000-0x0000018F45E00000-memory.dmp

memory/3896-375-0x0000000000000000-mapping.dmp

memory/4780-385-0x0000000000000000-mapping.dmp

memory/4076-386-0x0000000000000000-mapping.dmp

memory/3556-387-0x0000000000000000-mapping.dmp

memory/1252-388-0x0000000000000000-mapping.dmp

memory/4292-389-0x0000018F44E00000-0x0000018F45E00000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-27 22:06

Reported

2022-12-27 22:27

Platform

win7-20221111-en

Max time kernel

892s

Max time network

895s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe

"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"

Network

N/A

Files

memory/1580-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

memory/1580-55-0x00000000002C0000-0x00000000002D8000-memory.dmp

memory/1580-56-0x0000000000BD0000-0x0000000001214000-memory.dmp

memory/1580-58-0x0000000070940000-0x000000007095C000-memory.dmp

memory/1580-59-0x0000000061740000-0x0000000061771000-memory.dmp

memory/1580-60-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

memory/1580-61-0x0000000068880000-0x0000000068DAF000-memory.dmp

memory/1580-63-0x0000000061940000-0x0000000061EB5000-memory.dmp

memory/1580-65-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

memory/1580-66-0x0000000063400000-0x0000000063415000-memory.dmp

memory/1580-64-0x0000000061740000-0x0000000061771000-memory.dmp

memory/1580-62-0x0000000070940000-0x000000007095C000-memory.dmp

memory/1580-67-0x0000000063400000-0x0000000063415000-memory.dmp