Malware Analysis Report

2025-01-02 11:46

Sample ID 230109-cjnkdaca47
Target jre-8u351-windows-x64.exe
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
Tags
bazarbackdoor adware backdoor discovery persistence stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6

Threat Level: Known bad

The file jre-8u351-windows-x64.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor adware backdoor discovery persistence stealer upx

BazarBackdoor

Bazarbackdoor family

Bazar/Team9 Backdoor payload

Bazar/Team9 Backdoor payload

Registers COM server for autorun

UPX packed file

Executes dropped EXE

Blocklisted process makes network request

Downloads MZ/PE file

Loads dropped DLL

Modifies file permissions

Enumerates connected drives

Installs/modifies Browser Helper Object

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Modifies system certificate store

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-09 02:06

Signatures

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A

Bazarbackdoor family

bazarbackdoor

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-09 02:06

Reported

2023-01-09 02:27

Platform

win7-20220812-en

Max time kernel

551s

Max time network

611s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0174-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0260-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0031-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0119-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0213-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0356-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0139-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0288-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0287-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0012-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0064-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0090-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0260-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0306-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0302-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0224-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0248-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0297-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0270-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0236-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0217-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0214-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0295-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0338-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0189-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-libraryloader-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\cldr.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\flavormap.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\jmxremote.access C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processenvironment-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\dcpr.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libxml2.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\xerces.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\tzdb.dat C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\LICENSE C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\instrument.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\java.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jp2native.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jsse.jar C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\installer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-time-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\nio.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\jcup.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_7165765\javaws.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\awt.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\java_crw_demo.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\rmiregistry.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\servertool.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\ecc.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jaas_nt.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\jsound.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\content-types.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\jfxswt.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javacpl.cpl C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_CN.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\security\java.security C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-environment-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\invalid32x32.gif C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management-agent.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\charsets.pack C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\dt_shmem.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\eula.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\management.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\server\Xusage.txt C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\mesa3d.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\accessibility.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\calendars.properties C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\COPYRIGHT C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\policytool.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\javafx\libffi.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\amd64\jvm.cfg C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\classlist C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\sunmscapi.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\decora_sse.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\javafx_iio.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\tnameserv.exe C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\dom.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\dynalink.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\legal\jdk\pkcs11wrapper.md C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\lib\management\jmxremote.password.template C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-console-l1-2-0.dll C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\6ca7f4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC4EE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9683.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6ca7fb.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBDBB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC51D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6ca7f8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6ca7f9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9C50.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6ca7fd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6ca7fb.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC441.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6ca7f4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6ca7f6.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFD01.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\6ca7f6.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\6ca7f9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9BC2.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0357-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0270-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0220-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_332" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0058-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_58" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0201-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_08" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0152-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0313-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0351-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0145-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0143-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0268-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0293-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_293" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0318-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_06" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0062-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_62" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0209-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0131-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0186-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0302-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0076-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_03" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0277-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0092-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0308-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_308" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0340-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0336-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0107-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0185-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0142-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0358-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0290-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_290" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0346-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0102-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0303-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0080-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0304-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0094-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_24" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0076-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0138-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0237-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0265-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0146-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0093-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_37" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0137-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_137" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_99" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_124" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_114" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0220-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0331-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0190-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0353-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0161-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0175-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_175" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0344-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0235-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_235" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0197-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_28" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_75" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0110-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_111" C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0133-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0351-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_351\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Temp\MultiMC.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SKlauncher 3.0.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SKlauncher 3.0(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 548 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe
PID 548 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe
PID 548 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe
PID 2012 wrote to memory of 816 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2012 wrote to memory of 816 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2012 wrote to memory of 816 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2012 wrote to memory of 816 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2012 wrote to memory of 816 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 304 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 732 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_351\installer.exe
PID 2012 wrote to memory of 732 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_351\installer.exe
PID 2012 wrote to memory of 732 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_351\installer.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 732 wrote to memory of 1132 N/A C:\Program Files\Java\jre1.8.0_351\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 304 wrote to memory of 2104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 5E5EDC058542B1A151B651FCA0A6FC57

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="304.0.1582328335\883795980" -parentBuildID 20200403170909 -prefsHandle 1188 -prefMapHandle 1164 -prefsLen 1 -prefMapSize 219796 -appdir "C:\Program Files\Mozilla Firefox\browser" - 304 "\\.\pipe\gecko-crash-server-pipe.304" 1256 gpu

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="304.3.1094118371\1456832394" -childID 1 -isForBrowser -prefsHandle 1804 -prefMapHandle 1872 -prefsLen 156 -prefMapSize 219796 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 304 "\\.\pipe\gecko-crash-server-pipe.304" 1888 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="304.13.799830911\1083306238" -childID 2 -isForBrowser -prefsHandle 2628 -prefMapHandle 2624 -prefsLen 6938 -prefMapSize 219796 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 304 "\\.\pipe\gecko-crash-server-pipe.304" 2640 tab

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 1B2E2027BB58B646189F1776E917530E M Global\MSI0000

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_351\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="304.20.806115932\619600879" -parentBuildID 20200403170909 -prefsHandle 3704 -prefMapHandle 1756 -prefsLen 8544 -prefMapSize 219796 -appdir "C:\Program Files\Mozilla Firefox\browser" - 304 "\\.\pipe\gecko-crash-server-pipe.304" 3568 rdd

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1a8

C:\Users\Admin\Documents\MultiMC\MultiMC\MultiMC.exe

"C:\Users\Admin\Documents\MultiMC\MultiMC\MultiMC.exe"

C:\Users\Admin\Documents\MultiMC\MultiMC\MultiMC.exe

"C:\Users\Admin\Documents\MultiMC\MultiMC\MultiMC.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 245F91683D71581C63918527F03AA881

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 34DB0E81C4819931B45CD9F8514CC2D0 M Global\MSI0000

C:\Users\Admin\Downloads\SKlauncher 3.0.exe

"C:\Users\Admin\Downloads\SKlauncher 3.0.exe"

C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xms32m -Xmx256m -jar "C:\Users\Admin\Downloads\SKlauncher 3.0.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 23.65.205.24:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 rps-svcs.oracle.com udp
N/A 23.65.205.24:443 rps-svcs.oracle.com tcp
N/A 127.0.0.1:49186 tcp
N/A 127.0.0.1:49201 tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 search.services.mozilla.com udp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 34.160.46.54:443 search.r53-2.services.mozilla.com tcp
N/A 8.8.8.8:53 shavar.services.mozilla.com udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 35.162.26.97:443 shavar.prod.mozaws.net tcp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 2.19.126.208:80 a1887.dscq.akamai.net tcp
N/A 2.19.126.208:80 a1887.dscq.akamai.net tcp
N/A 127.0.0.1:49208 tcp
N/A 8.8.8.8:53 push.services.mozilla.com udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 54.201.77.8:443 push.services.mozilla.com tcp
N/A 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
N/A 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
N/A 2.19.126.208:80 a1887.dscq.akamai.net tcp
N/A 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 142.251.36.35:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 snippets.cdn.mozilla.net udp
N/A 65.9.86.64:443 snippets.cdn.mozilla.net tcp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 www.wikipedia.org udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 www.reddit.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 id.google.com udp
N/A 142.250.178.131:443 id.google.com tcp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 142.250.179.150:443 i.ytimg.com tcp
N/A 142.250.179.150:443 i.ytimg.com tcp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 142.251.36.35:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 apis.google.com udp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 support.mozilla.org udp
N/A 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 www.java.com udp
N/A 95.101.74.134:443 www.java.com tcp
N/A 8.8.8.8:53 yt3.ggpht.com udp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
N/A 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
N/A 142.251.36.35:80 pki-goog.l.google.com tcp
N/A 142.251.36.35:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 youtube.com udp
N/A 8.8.8.8:53 rr1---sn-5hne6nzd.googlevideo.com udp
N/A 8.8.8.8:53 rr1.sn-5hne6nzd.googlevideo.com udp
N/A 8.8.8.8:53 rr1.sn-5hne6nzd.googlevideo.com udp
N/A 74.125.100.230:443 rr1.sn-5hne6nzd.googlevideo.com tcp
N/A 8.8.8.8:53 rr3---sn-5hnednss.googlevideo.com udp
N/A 8.8.8.8:53 rr3.sn-5hnednss.googlevideo.com udp
N/A 8.8.8.8:53 rr3.sn-5hnednss.googlevideo.com udp
N/A 172.217.132.200:443 rr3.sn-5hnednss.googlevideo.com tcp
N/A 172.217.132.200:443 rr3.sn-5hnednss.googlevideo.com tcp
N/A 8.8.8.8:53 www.mediafire.com udp
N/A 104.16.53.48:80 www.mediafire.com tcp
N/A 8.8.8.8:53 www.mediafire.com udp
N/A 8.8.8.8:53 www.mediafire.com udp
N/A 8.8.8.8:53 translate.google.com udp
N/A 8.8.8.8:53 btloader.com udp
N/A 104.16.53.48:80 www.mediafire.com tcp
N/A 8.8.8.8:53 fundingchoicesmessages.google.com udp
N/A 8.8.8.8:53 securepubads.g.doubleclick.net udp
N/A 142.250.179.206:80 fundingchoicesmessages.google.com tcp
N/A 8.8.8.8:53 www3.l.google.com udp
N/A 142.250.179.206:443 www3.l.google.com tcp
N/A 172.67.70.134:443 btloader.com tcp
N/A 8.8.8.8:53 www3.l.google.com udp
N/A 8.8.8.8:53 static.cloudflareinsights.com udp
N/A 8.8.8.8:53 cdn.amplitude.com udp
N/A 8.8.8.8:53 cdn.otnolatrnup.com udp
N/A 8.8.8.8:53 www3.l.google.com udp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 8.8.8.8:53 btloader.com udp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 8.8.8.8:53 cdn.otnolatrnup.com udp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 8.8.8.8:53 btloader.com udp
N/A 104.19.215.37:443 cdn.otnolatrnup.com tcp
N/A 104.16.56.101:443 static.cloudflareinsights.com tcp
N/A 8.8.8.8:53 cdn.otnolatrnup.com udp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 8.8.8.8:53 cdn.amplitude.com udp
N/A 8.8.8.8:53 static.cloudflareinsights.com udp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 104.16.54.48:80 static.mediafire.com tcp
N/A 8.8.8.8:53 static.cloudflareinsights.com udp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 8.8.8.8:53 cdn.amplitude.com udp
N/A 142.250.179.206:443 www3.l.google.com tcp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 8.8.8.8:53 mediafire-d.openx.net udp
N/A 34.107.148.139:443 prebid.media.net tcp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 8.8.8.8:53 hbopenbid.pubmatic.com udp
N/A 8.8.8.8:53 prebid.media.net udp
N/A 35.244.159.8:443 mediafire-d.openx.net tcp
N/A 8.8.8.8:53 mediafire-d.openx.net udp
N/A 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
N/A 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
N/A 8.8.8.8:53 btlr.sharethrough.com udp
N/A 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
N/A 8.8.8.8:53 mediafire-d.openx.net udp
N/A 18.235.106.172:443 btlr.sharethrough.com tcp
N/A 18.235.106.172:443 btlr.sharethrough.com tcp
N/A 18.235.106.172:443 btlr.sharethrough.com tcp
N/A 18.235.106.172:443 btlr.sharethrough.com tcp
N/A 18.235.106.172:443 btlr.sharethrough.com tcp
N/A 8.8.8.8:53 btlr-ecs-us-east-1.sharethrough.com udp
N/A 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 btlr-ecs-us-east-1.sharethrough.com udp
N/A 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 172.67.69.19:443 ad-delivery.net tcp
N/A 172.67.69.19:443 ad-delivery.net tcp
N/A 8.8.8.8:53 ad-delivery.net udp
N/A 8.8.8.8:53 otnolatrnup.com udp
N/A 8.8.8.8:53 otnolatrnup.com udp
N/A 104.19.215.37:443 otnolatrnup.com tcp
N/A 8.8.8.8:53 translate.googleapis.com udp
N/A 8.8.8.8:53 otnolatrnup.com udp
N/A 142.251.36.10:443 translate.googleapis.com tcp
N/A 142.251.36.10:443 translate.googleapis.com tcp
N/A 8.8.8.8:53 translate.googleapis.com udp
N/A 8.8.8.8:53 translate.googleapis.com udp
N/A 216.58.208.98:443 securepubads46.g.doubleclick.net tcp
N/A 108.156.61.101:443 cdn.amplitude.com tcp
N/A 8.8.8.8:53 api.btloader.com udp
N/A 8.8.8.8:53 api.amplitude.com udp
N/A 34.209.74.230:443 api.amplitude.com tcp
N/A 8.8.8.8:53 api.amplitude.com udp
N/A 130.211.23.194:443 api.btloader.com tcp
N/A 130.211.23.194:443 api.btloader.com tcp
N/A 8.8.8.8:53 api.btloader.com udp
N/A 8.8.8.8:53 api.amplitude.com udp
N/A 8.8.8.8:53 download2281.mediafire.com udp
N/A 8.8.8.8:53 prf.hn udp
N/A 8.8.8.8:53 blog.mediafire.com udp
N/A 8.8.8.8:53 prf.hn udp
N/A 8.8.8.8:53 prf.hn udp
N/A 8.8.8.8:53 download2281.mediafire.com udp
N/A 8.8.8.8:53 vividengine.com udp
N/A 8.8.8.8:53 download2281.mediafire.com udp
N/A 8.8.8.8:53 blog.mediafire.com udp
N/A 8.8.8.8:53 blog.mediafire.com udp
N/A 8.8.8.8:53 vividengine.com udp
N/A 8.8.8.8:53 mediafire.zendesk.com udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 vividengine.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 mediafire.zendesk.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 mediafire.zendesk.com udp
N/A 8.8.8.8:53 www.mediafire.com udp
N/A 8.8.8.8:53 www.mediafire.com udp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 e59d1bf5ebd51f5f5acb415b2bd7f6fe.safeframe.googlesyndication.com udp
N/A 142.250.27.157:443 stats.g.doubleclick.net tcp
N/A 142.250.179.193:443 e59d1bf5ebd51f5f5acb415b2bd7f6fe.safeframe.googlesyndication.com tcp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 pagead-googlehosted.l.google.com udp
N/A 8.8.8.8:53 pagead-googlehosted.l.google.com udp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 cdn.ampproject.org udp
N/A 142.250.179.161:443 cdn.ampproject.org tcp
N/A 142.250.179.161:443 cdn.ampproject.org tcp
N/A 142.250.179.161:443 cdn.ampproject.org tcp
N/A 142.250.179.161:443 cdn.ampproject.org tcp
N/A 142.250.179.161:443 cdn.ampproject.org tcp
N/A 142.251.36.1:443 tpc.googlesyndication.com tcp
N/A 8.8.8.8:53 cdn-content.ampproject.org udp
N/A 8.8.8.8:53 adssettings.google.com udp
N/A 8.8.8.8:53 support.google.com udp
N/A 142.250.179.161:443 cdn-content.ampproject.org tcp
N/A 8.8.8.8:53 cdn-content.ampproject.org udp
N/A 142.251.36.35:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 support.google.com udp
N/A 199.91.155.22:80 download2281.mediafire.com tcp
N/A 8.8.8.8:53 ads.pubmatic.com udp
N/A 8.8.8.8:53 contextual.media.net udp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 35.244.159.8:443 eu-u.openx.net tcp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 2.20.8.202:443 e6603.g.akamaiedge.net tcp
N/A 173.223.112.20:443 contextual.media.net tcp
N/A 8.8.8.8:53 contextual.media.net udp
N/A 8.8.8.8:53 eu-u.openx.net udp
N/A 8.8.8.8:53 contextual.media.net udp
N/A 8.8.8.8:53 e6603.g.akamaiedge.net udp
N/A 8.8.8.8:53 image6.pubmatic.com udp
N/A 8.8.8.8:53 pugm-vac.pubmnet.com udp
N/A 8.28.7.81:443 pugm-vac.pubmnet.com tcp
N/A 8.8.8.8:53 pugm-vac.pubmnet.com udp
N/A 8.8.8.8:53 simage4.pubmatic.com udp
N/A 104.19.215.37:80 otnolatrnup.com tcp
N/A 8.8.8.8:53 otnolatrnup.com udp
N/A 104.19.214.37:80 otnolatrnup.com tcp
N/A 104.19.215.37:443 otnolatrnup.com tcp
N/A 8.8.8.8:53 otnolatrnup.com udp
N/A 8.8.8.8:53 woreppercomming.com udp
N/A 34.199.180.187:443 woreppercomming.com tcp
N/A 8.8.8.8:53 woreppercomming.com udp
N/A 8.8.8.8:53 woreppercomming.com udp
N/A 8.8.8.8:53 www.ostlon.com udp
N/A 8.8.8.8:53 www.ostlon.com udp
N/A 188.114.96.0:443 www.ostlon.com tcp
N/A 8.8.8.8:53 www.ostlon.com udp
N/A 8.8.8.8:53 www.opera.com udp
N/A 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
N/A 18.217.147.191:443 front-geo.production.opera-website.route53.opera.com tcp
N/A 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
N/A 104.36.113.111:443 simage4.pubmatic.com tcp
N/A 8.8.8.8:53 spug33000-fpb.pubmnet.com udp
N/A 8.8.8.8:53 spug33000-fpb.pubmnet.com udp
N/A 8.8.8.8:53 www.googleoptimize.com udp
N/A 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
N/A 8.8.8.8:53 www.googleoptimize.com udp
N/A 23.46.213.144:443 cdn-production-opera-website.operacdn.com tcp
N/A 23.46.213.144:443 cdn-production-opera-website.operacdn.com tcp
N/A 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
N/A 23.46.213.144:443 e11604.dscf.akamaiedge.net tcp
N/A 23.46.213.144:443 e11604.dscf.akamaiedge.net tcp
N/A 23.46.213.144:443 e11604.dscf.akamaiedge.net tcp
N/A 8.8.8.8:53 www.googleoptimize.com udp
N/A 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
N/A 8.8.8.8:53 mathid.mathtag.com udp
N/A 8.8.8.8:53 static.hotjar.com udp
N/A 8.8.8.8:53 www.redditstatic.com udp
N/A 8.8.8.8:53 cdn.taboola.com udp
N/A 151.101.1.140:443 www.redditstatic.com tcp
N/A 8.8.8.8:53 connect.facebook.net udp
N/A 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
N/A 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
N/A 8.8.8.8:53 tls13.taboola.map.fastly.net udp
N/A 8.8.8.8:53 s.yimg.com udp
N/A 8.8.8.8:53 static-cdn.hotjar.com udp
N/A 8.8.8.8:53 scontent.xx.fbcdn.net udp
N/A 8.8.8.8:53 tls13.taboola.map.fastly.net udp
N/A 87.248.116.12:443 s.yimg.com tcp
N/A 8.8.8.8:53 edge.gycpi.b.yahoodns.net udp
N/A 8.8.8.8:53 scontent.xx.fbcdn.net udp
N/A 8.8.8.8:53 static-cdn.hotjar.com udp
N/A 8.8.8.8:53 edge.gycpi.b.yahoodns.net udp
N/A 108.156.60.37:443 static-cdn.hotjar.com tcp
N/A 151.101.1.44:443 tls13.taboola.map.fastly.net tcp
N/A 157.240.247.8:443 connect.facebook.net tcp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 204.79.197.200:443 bat.bing.com tcp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 alb.reddit.com udp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 analytics.google.com udp
N/A 87.248.116.12:443 edge.gycpi.b.yahoodns.net tcp
N/A 216.239.34.181:443 analytics.google.com tcp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 analytics-alv.google.com udp
N/A 142.250.27.157:443 stats.g.doubleclick.net tcp
N/A 8.8.8.8:53 analytics-alv.google.com udp
N/A 8.8.8.8:53 stats.g.doubleclick.net udp
N/A 8.8.8.8:53 trc.taboola.com udp
N/A 151.101.1.140:443 reddit.map.fastly.net tcp
N/A 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
N/A 151.101.1.44:443 dualstack.tls13.taboola.map.fastly.net tcp
N/A 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
N/A 8.8.8.8:53 script.hotjar.com udp
N/A 8.8.8.8:53 sp.analytics.yahoo.com udp
N/A 8.8.8.8:53 vars.hotjar.com udp
N/A 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
N/A 8.8.8.8:53 script.hotjar.com udp
N/A 108.156.60.38:443 vars.hotjar.com tcp
N/A 8.8.8.8:53 vars.hotjar.com udp
N/A 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
N/A 8.8.8.8:53 script.hotjar.com udp
N/A 8.8.8.8:53 vars.hotjar.com udp
N/A 18.65.39.37:443 script.hotjar.com tcp
N/A 212.82.100.181:443 spdc-global.pbp.gysm.yahoodns.net tcp
N/A 157.240.201.35:443 star-mini.c10r.facebook.com tcp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 104.16.54.48:443 static.mediafire.com tcp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 8.8.8.8:53 static.mediafire.com udp
N/A 8.8.8.8:53 trc-events.taboola.com udp
N/A 141.226.124.48:443 trc-events.taboola.com tcp
N/A 8.8.8.8:53 ch-vip001.taboola.com udp
N/A 8.8.8.8:53 ch-vip001.taboola.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 142.250.179.138:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.138:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 142.251.36.6:443 static.doubleclick.net tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.250.178.131:443 id.google.com tcp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 188.114.96.0:443 skmedix.pl tcp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 e1.o.lencr.org udp
N/A 2.19.126.223:80 e1.o.lencr.org tcp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 partner.googleadservices.com udp
N/A 8.8.8.8:53 partner46.googleadservices.com udp
N/A 8.8.8.8:53 partner46.googleadservices.com udp
N/A 8.8.8.8:53 sjremetrics.java.com udp
N/A 15.236.117.205:443 sjremetrics.java.com tcp
N/A 142.251.36.1:443 tpc.googlesyndication.com tcp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 142.250.179.162:443 www.googletagservices.com tcp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
N/A 8.8.8.8:53 normandy.cdn.mozilla.net udp
N/A 35.201.103.21:443 normandy.cdn.mozilla.net tcp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 classify-client.services.mozilla.com udp
N/A 34.98.75.36:443 classify-client.services.mozilla.com tcp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
N/A 141.226.124.48:443 ch-vip001.taboola.com tcp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 204.79.197.200:443 bat.bing.com tcp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 bat.bing.com udp
N/A 8.8.8.8:53 dual-a-0001.a-msedge.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 skmedix.pl udp
N/A 8.8.8.8:53 skmedix.pl udp

Files

\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/1392-55-0x0000000000000000-mapping.dmp

memory/1392-57-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 7bf4fd9c786395c7ec7e4522001e3da7
SHA1 b9b8bf05e9222ba90b235e2c5cb316d67eafffed
SHA256 333383b040ac7ca3cfa1c649976461f363d1104e6b46c4e73184817a372c6b5e
SHA512 c852dff1c337e5f62291fd3e1d53c5e0f3fec05ebc9e590848d8892c2eab89f764bcb3ee179173e8618e63da5ba466f0d71083c325832e0326e4beb278982dea

C:\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7092928.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_351_x64\jre1.8.0_35164.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 457c340522a91d87625b057fff759d30
SHA1 b365f3020f1dfe997decd1318ba80b5591de2a16
SHA256 db66e9b003a0ba23f74e45fa7aedcb2fcc8c373b86dbbf500ebfb31d07e7d5fe
SHA512 5195095d321ad2a1367aaf84a799428110dbe7ba9c9f24616e7c88d32e1795dc450bbda673a9eea968d6e2327551726ca9536a993bee63ea7f3f7ef6387cff19

memory/816-66-0x0000000000000000-mapping.dmp

C:\Windows\Installer\MSIBDBB.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 2f062432e6bf1b74bdf11dbaa2082d20
SHA1 548e50a630d884995e8e465a429ca77cc3a63e0b
SHA256 89185e454aa8c467a6d70323b99b10d4396c7d9fae65f0db05a5d24d8534ccb1
SHA512 6f1bd6b71c09c78f6aed30fd50f4042ef541a717c6805c3bf76bc1b62e0f18893ace082ee57f078554cacfb266f99af9e3e90a3fd0a10a285deb69fad6ea951c

\Windows\Installer\MSIBDBB.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIC441.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSIC441.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIC51D.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSIC51D.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

memory/732-76-0x0000000000000000-mapping.dmp

C:\Windows\Installer\6ca7f8.msi

MD5 1794aaa17d114a315a95473c9780fc8b
SHA1 7f250c022b916b88e22254985e7552bc3ac8db04
SHA256 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4
SHA512 fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ed61d9a398d64bbc2ecf0a8e3e73e661
SHA1 24ba0219e8eca7829c51ea3066c58f5597722e22
SHA256 6bff6aac82d41cbb73e60e7754c0e25a8f5a392d46d98731f58d980a96936ff9
SHA512 c9e0c9e8ff4833e1d0ffa9fd8a4b1765d37a46bbfe6a995aaea299200cfedbf0fe5d9fb7cb4f6124377c622f1445dd9be8dbadfc946b5f988f09142b6b7b5fc9

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 1b7d3a2eb4a3893ea7fec68dbcc09a81
SHA1 5abe3f871f41d9226f6b330e0d76f4aeb4987891
SHA256 75fe10b94b9570bff04d8440340bead917ce46fc20f0a9795bca73053c3aa5d5
SHA512 b834ec60c4fba13e1065d248bede905f386e92207d91a2e1c7465eddc9767a5b0d27f49b19cdf64b241dcb7664ef5976f9367c90b10ff2ea7adb281e6aaf7953

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/1132-80-0x0000000000000000-mapping.dmp

memory/1132-82-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/1132-84-0x0000000074C11000-0x0000000074C13000-memory.dmp

\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\diff

MD5 926bc57fb311cc95bcefa1e1ad0ce459
SHA1 8c43b4d7aa223eaf9c73c789072545da0b2c55df
SHA256 9ccf1e30069b4781362f85c4a30993d86da99f211c2aaad4447ad051cc61600a
SHA512 216cb6483598960f5aea83beeb37fa700d047352d0b3c6c2405a7ee668554e0ab15358c178a6a2fc8c067f4177a0452cde93783797c15fccf224e640715f0743

\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\baseimagefam8

MD5 22646919b87d1a6dfc371464405b373b
SHA1 2296c69b12c3e0244fc59586f794457a4735e692
SHA256 0a01e1f33b0dd6af5d71fd26261b97eda1f9da77553704afd0a9d176de733c11
SHA512 b5cfe6640c3755f3094e248dcd852ade852f904e80bc7d8dfef5772620ef75eac788f503c3df4baa712e73dafcca51c4ef0c73659ae55c1e0afd59b73f90d3a0

memory/1132-90-0x00000000002C0000-0x00000000002D7000-memory.dmp

memory/1132-91-0x00000000002C0000-0x00000000002D7000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\7131819.tmp\newimage

MD5 42f911bd9577dba41abfec153b50afdc
SHA1 e75303e84e59c81105db4aeb0e09ba92c0edfaa5
SHA256 a81763f447f212a42eddeecc63c58e580f1e4fb695480d24fba0bc43aa8c17e0
SHA512 40e22192db53eb84a117fbf729f83cbc79ff168509149b2281357295b72770816f260c9320cb7c5559f2242d7f7362dd7af4fa80d99a5db327cb2b690c9b6c59

memory/1132-93-0x00000000002C0000-0x00000000002CD000-memory.dmp

memory/1132-92-0x0000000000400000-0x0000000000417000-memory.dmp

\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

memory/2768-96-0x0000000000000000-mapping.dmp

C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe

MD5 691f68efcd902bfdfb60b556a3e11c2c
SHA1 c279fa09293185bddfd73d1170b6a73bd266cf07
SHA256 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70
SHA512 a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f

C:\Program Files\Java\jre1.8.0_351\bin\VCRUNTIME140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 883120f9c25633b6c688577d024efd12
SHA1 e4fa6254623a2b4cdea61712cdfa9c91aa905f18
SHA256 4390c389bbbf9ec7215d12d22723efd77beb4cd83311c75ffe215725ecfd55dc
SHA512 f17d3b667cc8002f4b6e6b96b630913fa1cb4083d855db5b7269518f6ff6eebf835544fa3b737f4fc0eb46ccb368778c4ae8b11ebcf9274ce1e5a0ba331a0e2f

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 8acb83d102dabd9a5017a94239a2b0c6
SHA1 9b43a40a7b498e02f96107e1524fe2f4112d36ae
SHA256 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413
SHA512 b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 8acb83d102dabd9a5017a94239a2b0c6
SHA1 9b43a40a7b498e02f96107e1524fe2f4112d36ae
SHA256 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413
SHA512 b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9c9b50b204fcb84265810ef1f3c5d70a
SHA1 0913ab720bd692abcdb18a2609df6a7f85d96db3
SHA256 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40
SHA512 ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9c9b50b204fcb84265810ef1f3c5d70a
SHA1 0913ab720bd692abcdb18a2609df6a7f85d96db3
SHA256 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40
SHA512 ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

\Program Files\Java\jre1.8.0_351\bin\ucrtbase.dll

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l1-2-0.dll

MD5 35bc1f1c6fbccec7eb8819178ef67664
SHA1 bbcad0148ff008e984a75937aaddf1ef6fda5e0c
SHA256 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7
SHA512 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l1-2-0.dll

MD5 35bc1f1c6fbccec7eb8819178ef67664
SHA1 bbcad0148ff008e984a75937aaddf1ef6fda5e0c
SHA256 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7
SHA512 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

C:\Program Files\Java\jre1.8.0_351\bin\ucrtbase.DLL

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 883120f9c25633b6c688577d024efd12
SHA1 e4fa6254623a2b4cdea61712cdfa9c91aa905f18
SHA256 4390c389bbbf9ec7215d12d22723efd77beb4cd83311c75ffe215725ecfd55dc
SHA512 f17d3b667cc8002f4b6e6b96b630913fa1cb4083d855db5b7269518f6ff6eebf835544fa3b737f4fc0eb46ccb368778c4ae8b11ebcf9274ce1e5a0ba331a0e2f

\Program Files\Java\jre1.8.0_351\bin\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l2-1-0.dll

MD5 3bf4406de02aa148f460e5d709f4f67d
SHA1 89b28107c39bb216da00507ffd8adb7838d883f6
SHA256 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e
SHA512 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 d175430eff058838cee2e334951f6c9c
SHA1 7f17fbdcef12042d215828c1d6675e483a4c62b1
SHA256 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a
SHA512 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 212d58cefb2347bd694b214a27828c83
SHA1 f0e98e2d594054e8a836bd9c6f68c3fe5048f870
SHA256 8166321f14d5804ce76f172f290a6f39ce81373257887d9897a6cf3925d47989
SHA512 637c215ed3e781f824ae93a0e04a7b6c0a6b1694d489e9058203630dcfc0b8152f2eb452177ea9fd2872a8a1f29c539f85a2f2824cf50b1d7496fa3febe27dfe

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 f816666e3fc087cd24828943cb15f260
SHA1 eae814c9c41e3d333f43890ed7dafa3575e4c50e
SHA256 45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a
SHA512 6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 f816666e3fc087cd24828943cb15f260
SHA1 eae814c9c41e3d333f43890ed7dafa3575e4c50e
SHA256 45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a
SHA512 6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 212d58cefb2347bd694b214a27828c83
SHA1 f0e98e2d594054e8a836bd9c6f68c3fe5048f870
SHA256 8166321f14d5804ce76f172f290a6f39ce81373257887d9897a6cf3925d47989
SHA512 637c215ed3e781f824ae93a0e04a7b6c0a6b1694d489e9058203630dcfc0b8152f2eb452177ea9fd2872a8a1f29c539f85a2f2824cf50b1d7496fa3febe27dfe

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 29680d7b1105171116a137450c8bb452
SHA1 492bb8c231aae9d5f5af565abb208a706fb2b130
SHA256 6f6f6e857b347f70ecc669b4df73c32e42199b834fe009641d7b41a0b1c210af
SHA512 87dcf131e21041b06ed84c3a510fe360048de46f1975155b4b12e4bbf120f2dd0cb74ccd2e8691a39eee0da7f82ad39bc65c81f530fc0572a726f0a6661524f5

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 29680d7b1105171116a137450c8bb452
SHA1 492bb8c231aae9d5f5af565abb208a706fb2b130
SHA256 6f6f6e857b347f70ecc669b4df73c32e42199b834fe009641d7b41a0b1c210af
SHA512 87dcf131e21041b06ed84c3a510fe360048de46f1975155b4b12e4bbf120f2dd0cb74ccd2e8691a39eee0da7f82ad39bc65c81f530fc0572a726f0a6661524f5

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 d175430eff058838cee2e334951f6c9c
SHA1 7f17fbdcef12042d215828c1d6675e483a4c62b1
SHA256 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a
SHA512 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l2-1-0.dll

MD5 3bf4406de02aa148f460e5d709f4f67d
SHA1 89b28107c39bb216da00507ffd8adb7838d883f6
SHA256 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e
SHA512 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 285dcd72d73559678cfd3ed39f81ddad
SHA1 df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a
SHA256 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44
SHA512 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 285dcd72d73559678cfd3ed39f81ddad
SHA1 df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a
SHA256 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44
SHA512 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 41fbbb054af69f0141e8fc7480d7f122
SHA1 3613a572b462845d6478a92a94769885da0843af
SHA256 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c
SHA512 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 41fbbb054af69f0141e8fc7480d7f122
SHA1 3613a572b462845d6478a92a94769885da0843af
SHA256 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c
SHA512 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 5cce7a5ed4c2ebaf9243b324f6618c0e
SHA1 fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3
SHA256 aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3
SHA512 fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 6f1a1dfb2761228ccc7d07b8b190054c
SHA1 117d66360c84a0088626e22d8b3b4b685cb70d56
SHA256 c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed
SHA512 480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 6f1a1dfb2761228ccc7d07b8b190054c
SHA1 117d66360c84a0088626e22d8b3b4b685cb70d56
SHA256 c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed
SHA512 480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 5cce7a5ed4c2ebaf9243b324f6618c0e
SHA1 fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3
SHA256 aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3
SHA512 fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 143a735134cd8c889ec7d7b85298705b
SHA1 906ac1f3a933dd57798ae826bbefa3096c20d424
SHA256 b48310b0837027f756d62c37ea91af988baa403cbcbd01cb26b6fdae21ea96a2
SHA512 c9abe209508afae2d1776391f73b658c9a25628876724344023e0fc8a790ecb7dbce75fddae267158d08a8237f83336b1d2bd5b5ce0a8eed7dd41cbe0c031d48

\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 143a735134cd8c889ec7d7b85298705b
SHA1 906ac1f3a933dd57798ae826bbefa3096c20d424
SHA256 b48310b0837027f756d62c37ea91af988baa403cbcbd01cb26b6fdae21ea96a2
SHA512 c9abe209508afae2d1776391f73b658c9a25628876724344023e0fc8a790ecb7dbce75fddae267158d08a8237f83336b1d2bd5b5ce0a8eed7dd41cbe0c031d48

memory/2936-132-0x0000000000000000-mapping.dmp

memory/2968-133-0x0000000000000000-mapping.dmp

memory/2992-134-0x0000000000000000-mapping.dmp

memory/3044-135-0x0000000000000000-mapping.dmp

memory/3068-136-0x0000000000000000-mapping.dmp

memory/996-137-0x0000000000000000-mapping.dmp

memory/1764-138-0x0000000000000000-mapping.dmp

memory/1048-143-0x0000000000000000-mapping.dmp

memory/2296-144-0x0000000000000000-mapping.dmp

memory/2296-155-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-160-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-162-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-164-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-165-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-167-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-166-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-169-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-170-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-171-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-172-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-173-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2296-174-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2920-178-0x0000000000000000-mapping.dmp

memory/2028-179-0x0000000000000000-mapping.dmp

memory/2028-190-0x00000000024C0000-0x00000000034C0000-memory.dmp

memory/1796-198-0x0000000000000000-mapping.dmp

memory/1044-210-0x0000000002200000-0x0000000003200000-memory.dmp

memory/2836-222-0x0000000002180000-0x0000000003180000-memory.dmp

memory/2836-223-0x0000000002180000-0x0000000003180000-memory.dmp

memory/1044-224-0x0000000002200000-0x0000000003200000-memory.dmp

memory/2640-226-0x0000000000A30000-0x0000000001075000-memory.dmp

memory/2640-228-0x0000000068880000-0x0000000068DAE000-memory.dmp

memory/2640-229-0x0000000061940000-0x0000000061E60000-memory.dmp

memory/2640-230-0x0000000063100000-0x000000006314F000-memory.dmp

memory/1352-232-0x0000000000AB0000-0x00000000010F5000-memory.dmp

memory/1352-234-0x0000000068880000-0x0000000068DAE000-memory.dmp

memory/1352-236-0x0000000063100000-0x000000006314F000-memory.dmp

memory/1352-235-0x0000000061940000-0x0000000061E60000-memory.dmp

memory/2356-237-0x0000000000000000-mapping.dmp

memory/2880-239-0x0000000000000000-mapping.dmp

memory/2984-242-0x0000000000000000-mapping.dmp

memory/1628-253-0x0000000000000000-mapping.dmp

memory/2984-256-0x0000000002380000-0x0000000003380000-memory.dmp

memory/2984-259-0x0000000001E00000-0x0000000001E0A000-memory.dmp

memory/2984-260-0x0000000001E00000-0x0000000001E0A000-memory.dmp

memory/2984-263-0x0000000002380000-0x0000000003380000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-09 02:06

Reported

2023-01-09 02:27

Platform

win10v2004-20220812-en

Max time kernel

956s

Max time network

961s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240546203.tmp\jre-8u351-windows-x64.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240546203.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240546203.tmp\jre-8u351-windows-x64.exe"

Network

Country Destination Domain Proto
N/A 93.184.220.29:80 tcp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 23.65.205.24:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 96.108.152.52.in-addr.arpa udp
N/A 20.42.65.89:443 tcp
N/A 104.110.191.133:80 tcp
N/A 104.110.191.133:80 tcp

Files

memory/4608-132-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jds240546203.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds240546203.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 356cece64a0dee47ad92650626bb89ff
SHA1 f117ab494d4313e98955bcb1b24339dfb3874f05
SHA256 c6f2329d22db6318514b59e7c2525a6e66253e0e02a98d1cca357052353ff796
SHA512 edf3bf6e8c9c22f6bae6c9ea392617f3af402ac0f56ddb1ab5b66ddc11a3bed638c86ec9a56b0a155257194782a18e750588f4044a3c29a03e8134334569ca2a