Malware Analysis Report

2025-01-02 12:00

Sample ID 221227-n79cjaeh29
Target TLauncher-2.86-Installer-1.0.11.exe
SHA256 5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38
Tags
bazarbackdoor backdoor discovery upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

Threat Level: Known bad

The file TLauncher-2.86-Installer-1.0.11.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor discovery upx

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

UPX packed file

Executes dropped EXE

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-27 12:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-27 12:03

Reported

2022-12-27 12:06

Platform

win10v2004-20221111-es

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\pack200.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\cryptix.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_ko.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\splash_11-lic.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\plugin.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\java-rmi.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\plugin2\vcruntime140.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\tnameserv.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\mesa3d.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\calendars.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\splash.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\blacklist C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-heap-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\decora_sse.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\npt.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\sunmscapi.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\jfxrt.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaBrightDemiBold.ttf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\xalan.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaTypewriterRegular.ttf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\meta-index C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\plugin.jar C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-synch-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\deploy.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\deployJava1.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\xmlresolver.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\flavormap.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\cmm\PYCC.pf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-datetime-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\klist.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\santuario.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libffi.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\javaws.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\awt.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\lcms.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\dom.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\amd64\jvm.cfg C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_TW.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_CN.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jfr\default.jfc C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\policy\unlimited\local_policy.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\localedata.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\mesa3d.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jfxswt.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\net.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaSansDemiBold.ttf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\jmxremote.password.template C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\policy\limited\local_policy.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_HK.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaSansRegular.ttf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\JavaAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jli.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\servertool.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaBrightRegular.ttf C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIE784.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDF93.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180351F0} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE561.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57c803.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57c803.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDE4A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57c806.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\PackageCode = "97BA944EF7A3CCC4488541CAD6E00626" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B33823269140800\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4EA42A62D9304AC4784BF2468130150F\jrecore C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\ProductName = "Java 8 Update 351 (64-bit)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_351_x64\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\PackageName = "jre1.8.0_35164.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\LocalLow\\Oracle\\Java\\jre1.8.0_351_x64\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Version = "134221238" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Transforms = ":1034" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\ProductIcon = "C:\\Program Files\\Java\\jre1.8.0_351\\\\bin\\javaws.exe" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B33823269140800 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2468130150F\SourceList\Media C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2256 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2256 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2256 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1016 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1016 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 868 wrote to memory of 2828 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.11.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-4246620582-653642754-1174164128-1000"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.0.351009854\709494800" -parentBuildID 20200403170909 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 1 -prefMapSize 219944 -appdir "C:\Program Files\Mozilla Firefox\browser" - 868 "\\.\pipe\gecko-crash-server-pipe.868" 1796 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.3.1112889368\2063539792" -childID 1 -isForBrowser -prefsHandle 2444 -prefMapHandle 2436 -prefsLen 112 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 868 "\\.\pipe\gecko-crash-server-pipe.868" 2512 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.13.835209899\2015704520" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3648 -prefsLen 6894 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 868 "\\.\pipe\gecko-crash-server-pipe.868" 3764 tab

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 931AADEF20F8ABA7F308A6F14E38ED69

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 dl2.tlauncher.org udp
N/A 104.20.235.70:443 dl2.tlauncher.org tcp
N/A 127.0.0.1:49753 tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 search.services.mozilla.com udp
N/A 34.160.46.54:443 search.services.mozilla.com tcp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 shavar.services.mozilla.com udp
N/A 52.37.82.102:443 shavar.services.mozilla.com tcp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 normandy.cdn.mozilla.net udp
N/A 8.8.8.8:53 push.services.mozilla.com udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 35.201.103.21:443 normandy.cdn.mozilla.net tcp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 127.0.0.1:49757 tcp
N/A 35.160.122.190:443 push.services.mozilla.com tcp
N/A 8.8.8.8:53 classify-client.services.mozilla.com udp
N/A 34.98.75.36:443 classify-client.services.mozilla.com tcp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 snippets.cdn.mozilla.net udp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 65.9.86.24:443 snippets.cdn.mozilla.net tcp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 www.wikipedia.org udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 www.reddit.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 127.0.0.1:49762 tcp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 apis.google.com udp
N/A 142.250.179.142:443 apis.google.com tcp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.39.110:443 play.google.com tcp
N/A 142.251.39.110:443 play.google.com tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 142.251.36.34:443 googleads.g.doubleclick.net tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 www.java.com udp
N/A 96.16.53.211:443 www.java.com tcp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
N/A 23.2.175.165:443 static.ocecdn.oraclecloud.com tcp
N/A 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 104.109.248.155:443 s.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 23.0.84.121:443 www.oracle.com tcp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 c.oracleinfinity.io udp
N/A 23.2.174.96:443 c.oracleinfinity.io tcp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 23.2.174.96:443 e11123.x.akamaiedge.net tcp
N/A 8.8.8.8:53 dc.oracleinfinity.io udp
N/A 147.154.233.124:443 dc.oracleinfinity.io tcp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 108.156.60.13:443 consent.trustarc.com tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 95.101.58.226:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.238.110.126:80 tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 104.80.225.205:443 tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 104.74.228.243:443 javadl.oracle.com tcp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 104.123.44.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 52.182.143.208:443 tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 147.154.233.124:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.238.110.126:80 tcp
N/A 8.238.110.126:80 tcp
N/A 8.238.110.126:80 tcp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 104.74.228.243:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 104.74.228.243:443 javadl.oracle.com tcp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 104.123.44.85:443 sdlc-esd.oracle.com tcp

Files

memory/544-132-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 1313bb5df6c6e0d5c358735044fbebef
SHA1 cac3e2e3ed63dc147318e18f202a9da849830a91
SHA256 7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d
SHA512 596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 1313bb5df6c6e0d5c358735044fbebef
SHA1 cac3e2e3ed63dc147318e18f202a9da849830a91
SHA256 7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d
SHA512 596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/544-137-0x00000000000A0000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/544-140-0x0000000010000000-0x0000000010051000-memory.dmp

memory/544-141-0x00000000065E0000-0x00000000065E3000-memory.dmp

memory/544-142-0x00000000000A0000-0x0000000000488000-memory.dmp

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 d0e9f7df39a4dd138b49ca75a9479ff4
SHA1 d04265ddb18d8e70167a0f633faedc8558e0b789
SHA256 566f9075fec519f8af32e695bd71b49cbe84b6094412e5cfee65d5a60b374548
SHA512 3e339e104c3d56f70740f059cc2a04d1a18dd15bb271f76ca5dbb30252d4eb95bf69072f70c4dfffc3d3a6f071f7b98ef0c116dd7a9877e7367282f4ec9ec216

C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds240599984.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/2800-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/3720-151-0x0000000000000000-mapping.dmp

C:\Windows\Installer\MSIDE4A.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 75c2a72bbcb7c7ec6ecadb745479928c
SHA1 c259f379d4cf7851f69d19fac5d28b1cfc9e7579
SHA256 0335d5024d4b102b388e93ae4b383ef73b5bd4b37a17dfbae5dad30ad0aee505
SHA512 7646983546740c33c73300ad3578f63494a30c3700b8c11abfd2812349da5e29ab6fd6900e05916084204ef6d7a85a173da8cb3cf2a98923cd09a96d1d995a84

C:\Windows\Installer\MSIDE4A.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIDF93.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIDF93.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIE784.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIE784.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

memory/2076-159-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 773ff25ba6fc63d55705472aafed97dd
SHA1 91125fcf61e5c8c16ce439e64ad20d98644754af
SHA256 53a59eb75dd10d5cc234adb735117241a980063ae6c535e3d7bb90461eafb7fd
SHA512 f59cad94a0717f72488e713190be845eb9877b87c18582b23e84bd269d9d142fc0c66d732d6d0e96fbe3dd9ee40c0291edfbca62d5cac6b826995b1c8e9e6ac0

C:\Windows\Installer\e57c806.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

memory/544-164-0x0000000010000000-0x0000000010051000-memory.dmp

memory/832-165-0x0000000000000000-mapping.dmp

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\diff

MD5 926bc57fb311cc95bcefa1e1ad0ce459
SHA1 8c43b4d7aa223eaf9c73c789072545da0b2c55df
SHA256 9ccf1e30069b4781362f85c4a30993d86da99f211c2aaad4447ad051cc61600a
SHA512 216cb6483598960f5aea83beeb37fa700d047352d0b3c6c2405a7ee668554e0ab15358c178a6a2fc8c067f4177a0452cde93783797c15fccf224e640715f0743

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\baseimagefam8

MD5 22646919b87d1a6dfc371464405b373b
SHA1 2296c69b12c3e0244fc59586f794457a4735e692
SHA256 0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11
SHA512 b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

memory/832-170-0x0000000000400000-0x0000000000417000-memory.dmp

memory/832-171-0x0000000000400000-0x0000000000417000-memory.dmp

memory/832-172-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\240644328.tmp\newimage

MD5 bf7f4ee3b52920828fe25d1e3dbdaa76
SHA1 897e1d85e67a23a6faa1a7f4baf2cc4fe8458714
SHA256 e9b6b537289667b673516bc5c54e0f2bb3bee69df01fac5c1d526a3ec6667dc4
SHA512 04c1931373c9c19bd0ca2be9e441224ebd12052aa96609f6a574e259f2069c3262b77027e5c2ad4fdf336fbd2a3494df2ae2923706d5568557386c3782f2ecfc

memory/2868-174-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\bin\VCRUNTIME140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\lib\plugin.pack

MD5 2e5895b42f691d0b5ffbf762a855d57a
SHA1 da5cf1070281dd0296dbd386c2b4acd7007bfde9
SHA256 a08b4b853224a3ce9b69ce89dd9aebdb965b08021dc56edce880ecf1708a7d42
SHA512 b9f0f38973c9bacb5b59764275af04bbbcb468e83e7396824607ff67b59386989b3e15dfe9365b1d7cfa0917e99010d3172206bf6962f868660bcd77cafc7df6

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

memory/3684-180-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\lib\javaws.pack

MD5 398dd239fc7fdabfcbc3f6e1ed8e9299
SHA1 2e0ce32c9dd3c5deb6db3931274b40c9d75d6625
SHA256 e63d7f634e2a0a3588f0d21801999079bf17553fe5557f8be22b25b8b239dd8b
SHA512 b955c9440bf6e3aa8da3de2823038392c4ba6884e60a1248676190b2537b5b7acc9a15c8b75910d65bf61f53a4ed256ce85ef0b77b9c6e678a32ea1b5fffb014

memory/2308-184-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\lib\deploy.pack

MD5 9a1df89656c2efa2604abf5c1d065c3b
SHA1 da862ff64b4275af98bba7d7f6a0fb827e834e92
SHA256 8e2153a824643beb9a9d6e9452cf5722d8c237504e5b6e122cb5c381cffcb606
SHA512 da2a055fc779b5667fd10491f262f72c4adce9b66070b9eab50e1b285366e552931ec539e228f3b4ecad58cc811967db836f79cc3a53a610ac38dc56a81d320e

memory/5036-188-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\lib\rt.pack

MD5 8ee69e587ce353d6a60aea5d119a765a
SHA1 b4afa917a36708bd04b194c02f6a5a5f71210c98
SHA256 890998bc8178a0c415a0af7538b0614ede2da333adb11148a2460a99c1f890aa
SHA512 f3ba45d0845fc6b85c804387366a8d4d86669161b3bb17221d94ea5547d88d950df1f07441521c5257562f6e2dc3ad459a6088fbb91e6df75c96d90528bd099e

C:\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91