Malware Analysis Report

2025-01-18 21:13

Sample ID 240325-dn7z9ahe6v
Target error422(1).zip
SHA256 63bfdf16183fc6ba3aac2ccc86b3368445e448d2a50386a9dfeb88b8b7ff567d
Tags
adware discovery persistence stealer upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

63bfdf16183fc6ba3aac2ccc86b3368445e448d2a50386a9dfeb88b8b7ff567d

Threat Level: Shows suspicious behavior

The file error422(1).zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery persistence stealer upx

Registers COM server for autorun

Modifies file permissions

Loads dropped DLL

UPX packed file

Executes dropped EXE

Blocklisted process makes network request

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Modifies system certificate store

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 03:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 03:10

Reported

2024-03-25 03:57

Platform

win7-20240220-en

Max time kernel

2624s

Max time network

2284s

Command Line

"C:\Users\Admin\AppData\Local\Temp\error422(1).exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\error422(1).exe

"C:\Users\Admin\AppData\Local\Temp\error422(1).exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-25 03:10

Reported

2024-03-25 03:57

Platform

win7-20240221-en

Max time kernel

170s

Max time network

636s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0080-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0083-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0170-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0182-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0081-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0171-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0119-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0143-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0190-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0145-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0197-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0143-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0108-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0154-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0108-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0076-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\fontmanager.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaws.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\configuration\org.eclipse.update\platform.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20141007-2033\META-INF\MANIFEST.MF C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\core\locale\core_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\bin\api-ms-win-core-sysinfo-l1-1-0.dll C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\lib\javaws.jar C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\icons\send-email-16.png C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\bin\klist.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\bin\msvcp140.dll C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259485776\javaws.exe C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.2.174165\html\dcommon\css\blafdoc.css C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86.nl_ja_4.4.0.v20140623020002.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\core\locale\core_visualvm.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\include\jdwpTransport.h C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\schema\triggerConstraints.exsd C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\bin\jarsigner.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\api-ms-win-core-util-l1-1-0.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\bin\jdwp.dll C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\lib\ext\cldrdata.jar C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\lib\ext\sunjce_provider.jar C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.2.174165.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\org-netbeans-core.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jre1.8.0_191\lib\fonts\LucidaSansDemiBold.ttf C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\server\jvm.dll C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\schema\triggerActions.exsd C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\Java\jdk1.8.0_191\jre\lib\fonts\LucidaBrightRegular.ttf C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSID812.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEADA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED21.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED33.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76ad8f.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB55A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2601.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI26FC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76ad92.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76ad92.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76ad95.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76ad97.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76ad8e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB27C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB8BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEB49.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76ad8f.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76ad8e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEBB7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED32.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED44.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI273C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIB791.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB86D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED22.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB675.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB81E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB94A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76ad91.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE9A0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI270D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB626.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB702.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB742.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC25.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB8FB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEA6C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC93.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0046-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0206-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0104-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0190-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_18" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_11" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0125-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_60" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_39" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0194-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0080-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0092-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0082-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0164-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0053-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_77" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_68" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0089-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_127" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_129" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0148-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0157-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0168-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0128-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0121-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0142-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0106-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0180-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0157-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_157" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0163-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_110" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0095-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_84" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_21" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0106-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0184-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\ = "isInstalled Class" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0065-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_65" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0154-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0174-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_174" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0115-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_84" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0082-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0085-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_36" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0066-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0203-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_99" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 1196 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 2100 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe C:\Windows\SysWOW64\msiexec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1812 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 1676 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1820 wrote to memory of 2744 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2744 wrote to memory of 2560 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2560 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2560 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2560 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2536 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2536 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2536 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2536 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2444 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2444 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2444 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2444 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2384 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2384 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2384 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2384 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2716 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2716 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2716 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2716 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2028 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2028 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2028 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2028 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
PID 2744 wrote to memory of 2032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\DllHost.exe
PID 2744 wrote to memory of 2032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\DllHost.exe
PID 2744 wrote to memory of 2032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\DllHost.exe
PID 2744 wrote to memory of 2032 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\DllHost.exe
PID 2744 wrote to memory of 1940 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe"

C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe

"C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\jdk1.8.0_191.msi" WRAPPER=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E9BAAD715217DC863C0E247118746EFC C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004C0" "0000000000000490"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 91FC96333127C429B234B222B2B78181

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 89C0DB0511B6A4D0DF469FF3C06342C7 M Global\MSI0000

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\lib/tools.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\lib/tools.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/plugin.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/plugin.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/javaws.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/javaws.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/deploy.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/deploy.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/rt.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/rt.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/jsse.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/jsse.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/charsets.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/charsets.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/ext/localedata.jar"

C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\\jre\bin\javaw.exe" -Xshare:dump

C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe

"C:\Program Files (x86)\Java\jdk1.8.0_191\\jre.exe" LAUNCHEDFROMJDK=1 NOSTARTMENU=0

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 87D057A0DB76A838A4A77CB10F24DE4E

C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_191\\" NOSTARTMENU=0 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180191F0}

C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6009758,0x7fef6009768,0x7fef6009778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2372 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:2

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/plugin.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/javaws.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/deploy.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/rt.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/jsse.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/charsets.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/ext/localedata.jar"

C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaw.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3748 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1

C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_191" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xOTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.0.1661500001\1810031148" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1144 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18ed3cf5-6740-4a19-a23c-7a6bcc123a1f} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1272 11ad8558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.1.738999718\355474062" -parentBuildID 20221007134813 -prefsHandle 1448 -prefMapHandle 1444 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089e57b5-1c06-4d3b-90c6-785cd8b19a61} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1472 3e43c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.2.1058575885\2075153599" -childID 1 -isForBrowser -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f46c0eb-e206-4f00-8b61-ce95a00e5d82} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2312 19fb2c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.0.1408438116\582653109" -parentBuildID 20221007134813 -prefsHandle 1060 -prefMapHandle 1052 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbada35f-d9cf-44f2-af82-77f634ccbdb7} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1144 40d6a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.1.1841501736\848707737" -parentBuildID 20221007134813 -prefsHandle 1316 -prefMapHandle 1312 -prefsLen 17601 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b1fa3f-9583-4d44-b623-2ae623f0d82b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1328 f150f58 socket

C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_191" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xOTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.3.1902215477\2104277682" -childID 2 -isForBrowser -prefsHandle 2200 -prefMapHandle 612 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b4786c-c6a7-4ec4-8aa8-5c163d3a0e26} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1628 d70d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.4.1208680996\628894315" -childID 3 -isForBrowser -prefsHandle 2200 -prefMapHandle 612 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf124431-a1e0-41d4-a73f-1c5f643eef91} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2948 d67b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.5.1558882022\1638679433" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 2964 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9440e8-eebb-4463-a8cb-9c8cb19234e5} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2948 1a07d758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.6.1242974969\760319412" -childID 5 -isForBrowser -prefsHandle 3612 -prefMapHandle 3636 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0181311-1fc4-41a5-8608-02b2e0423aea} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 3652 1ef74458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.7.1376948097\1167674094" -childID 6 -isForBrowser -prefsHandle 3652 -prefMapHandle 3928 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32bf6571-9b54-4df8-ba64-ba703e04a51c} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 3840 1e939e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.8.1591764973\963880081" -childID 7 -isForBrowser -prefsHandle 3860 -prefMapHandle 4060 -prefsLen 27184 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036ad94a-1238-4b68-8c9f-f515fd9285ef} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4172 1ea04a58 tab

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 567FD0F0D4AA0338A51554F385A97649 M Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B8A794F800C115E1041D2E8D747FA9C9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DCF6C059035C83DD56545137602751CF M Global\MSI0000

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.9.438865623\893161445" -childID 8 -isForBrowser -prefsHandle 612 -prefMapHandle 1152 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9395ab55-9b8e-454e-8cb4-be97edf69af6} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4380 18058358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.10.2059997225\374914452" -childID 9 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0cd4a3-c50c-401d-89ca-f7c4e2ffb6c4} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4056 1f520b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.11.1790192337\151859360" -childID 10 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55e7e395-e9b3-489e-a937-f23fd0a02661} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1928 1f6b9d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.12.1821695735\1947169017" -childID 11 -isForBrowser -prefsHandle 8088 -prefMapHandle 4556 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a378f411-a324-49fe-b858-3b3d11712c67} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2088 23350b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.13.520586418\856591027" -childID 12 -isForBrowser -prefsHandle 8328 -prefMapHandle 3980 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfbd6081-8a70-49b2-92d7-3104e49aa7dd} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 8448 23418f58 tab

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x50c

C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe

"C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c javaw -jar natives/error437.dll

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

javaw -jar natives/error437.dll

C:\Windows\SysWOW64\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe

"C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c javaw -jar natives/error437.dll

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

javaw -jar natives/error437.dll

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c rd natives /s /q

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c 437.bat

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.13.152.141:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-5hnekn76.gvt1.com udp
NL 209.85.226.10:443 r5---sn-5hnekn76.gvt1.com tcp
NL 209.85.226.10:443 r5---sn-5hnekn76.gvt1.com tcp
US 8.8.8.8:53 r5.sn-5hnekn76.gvt1.com udp
US 8.8.8.8:53 r5.sn-5hnekn76.gvt1.com udp
GB 172.217.16.228:443 www.google.com tcp
NL 209.85.226.10:443 r5.sn-5hnekn76.gvt1.com udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
FR 63.140.62.222:443 sjremetrics.java.com tcp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:80 bing.com tcp
US 13.107.21.200:80 bing.com tcp
US 8.8.8.8:53 bing.com udp
GB 92.123.128.161:80 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 92.123.128.161:80 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.161:80 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 www.start.gg udp
US 8.8.8.8:53 www.takelessons.com udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook.com udp
GB 92.123.128.161:80 r.bing.com tcp
GB 92.123.128.161:80 r.bing.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 a4.bing.com udp
GB 95.101.143.105:443 assets.msn.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 a-0003.a-msedge.net udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a-0003.a-msedge.net udp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 microsoft365.com udp
US 204.79.197.200:80 www2.bing.com tcp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 www.onenote.com udp
US 8.8.8.8:53 sway.office.com udp
GB 92.123.128.161:443 r.bing.com tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 onedrive.live.com udp
GB 92.123.128.161:80 r.bing.com tcp
US 8.8.8.8:53 dual-spov-0006.spov-msedge.net udp
GB 92.123.128.161:80 r.bing.com tcp
US 8.8.8.8:53 dual-spov-0006.spov-msedge.net udp
US 8.8.8.8:53 calendar.live.com udp
GB 92.123.128.161:443 r.bing.com tcp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 calendar.live.com udp
GB 92.123.128.161:443 r.bing.com udp
US 8.8.8.8:53 a-0016.a-msedge.net udp
US 8.8.8.8:53 outlook.live.com udp
US 8.8.8.8:53 a-0016.a-msedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 e28578.d.akamaiedge.net udp
US 8.8.8.8:53 e28578.d.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 LHR-efz.ms-acdc.office.com udp
US 8.8.8.8:53 LHR-efz.ms-acdc.office.com udp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 help.bing.microsoft.com udp
US 8.8.8.8:53 waws-prod-bay-231-5e23.westus.cloudapp.azure.com udp
US 8.8.8.8:53 waws-prod-bay-231-5e23.westus.cloudapp.azure.com udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
GB 92.123.128.161:80 www.bing.com tcp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.181:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:443 th.bing.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 23.48.165.143:80 e86303.dsca.akamaiedge.net tcp
GB 23.48.165.143:80 e86303.dsca.akamaiedge.net tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 92.123.128.161:80 th.bing.com tcp
GB 23.48.165.143:80 e86303.dsca.akamaiedge.net tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 23.48.165.143:80 e86303.dsca.akamaiedge.net tcp
GB 23.48.165.143:80 e86303.dsca.akamaiedge.net tcp
GB 92.123.128.161:80 th.bing.com tcp
US 8.8.8.8:53 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com udp
US 8.8.8.8:53 dm1prdapp01-canary.centralus.cloudapp.azure.com udp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 8.8.8.8:53 dm1prdapp01-canary.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 8f19862b4cfec21f59d206c863d95078.clo.footprintdns.com udp
US 13.107.6.163:80 8f19862b4cfec21f59d206c863d95078.clo.footprintdns.com tcp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 b916494442715c8178f0914b00d8fad7.clo.footprintdns.com udp
US 8.8.8.8:53 c-9999.c-msedge.net udp
US 13.107.4.254:80 c-9999.c-msedge.net tcp
US 8.8.8.8:53 c-9999.c-msedge.net udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
US 204.79.197.222:80 a-0019.standard.a-msedge.net tcp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.9:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com udp
US 13.67.144.177:80 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com tcp
US 8.8.8.8:53 dm1prdapp01-canary.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 dm1prdapp01-canary.centralus.cloudapp.azure.com udp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 13.67.144.177:80 dm1prdapp01-canary.centralus.cloudapp.azure.com tcp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp

Files

\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe

MD5 9396635eca8b76a443954879d39590d5
SHA1 d4170d6713c7dd9e077fc0248544fb8d3dee2b57
SHA256 f102f1ee85c77c296d7cf8f4f47101eb49ba92fdfe75d3891f8ed24fa1b2aa72
SHA512 1f51779bd9322a9072545e46b3d225fcdbf4912938e66dc73a0c212cf078d334b60a6cae20461e33017221d676849f6c0471129e88e59c0d06fc544e0843e920

C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe

MD5 d3dec16f4fab62a2cd325663aa11fd16
SHA1 50544240486b91dddab2fbe6be6f5d642d15efe5
SHA256 1ced76469b6c20985a6b1a4f48941fc3104650793865d1a24fa803fec38020f8
SHA512 b04a53295d319059bac9ca83cbc295a28afc184a41a876b6336d5cbbe1c82580e9dc3a0820104d26526a24be4d69dd2e2c6a2d70a68ea12d8ff96d0331430c43

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 43c074a7d4de533162f83c22cadc6bcc
SHA1 efc2c005d49094bd35fb172a09b10811904ee549
SHA256 4366872988380d4ae1fad0d48e8d0aff501bf2019121cf22cbabbc42b03fcda9
SHA512 4c1ec633d9719fb843f4651c0b0f8060e9c0fe9227862cfc891146663aba94757968f550f4325d78967d7cbf27f75f8fa2fb2d51f2db476bfa6fcfbcae51bcd8

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\jdk1.8.0_191.msi

MD5 84f5b7ada4e0c06a2aae07a8419c9f64
SHA1 ed8e9b61e4967b0608406f1255e3e2dbfee3cf0b
SHA256 530f769f400f371383aa1ffaab30b46791a3bb5ea8e9304e3efe9ef419a7faa0
SHA512 84a341cd6ad2e6b560f40792042e60d4d68cdc5cfefee7a85f28a55077aa872dcaa16e27b4a95bb7fe2516a4fe3b0e714c746b69cb826b5bddef8a659fcde38c

C:\Users\Admin\AppData\Local\Temp\Cab4B64.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4BB5.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar5137.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\Local\Temp\MSI655E.tmp

MD5 4ca39f5a1af6d35e41170e8c30a8391e
SHA1 0ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA256 32b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512 a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 a0d0a0912e5910fc4c63d6b53f4aed95
SHA1 9a3c9008402dc8c88df01ef8e2db1f0d55927475
SHA256 b946ace8a0ed2bbe27cc0922bd0d5cffe33abb88f9b48053895f2d9cb43d88c4
SHA512 c09b8f44e8428c7123f4f3b6007812bce62a859362281d9abaf46670a463d301536918f8180228bb858ba8fbb13fd767df721025cc533e1e22474eff2a0f0122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 040b8376bc4d065948fd6b2669557428
SHA1 d906b05ee2b9563404fd4cb624c679d82703c296
SHA256 477291d4fd8be955a3aafe90de6bc3b81d9b091073524c3a79bc3bbd63191fbb
SHA512 12554cf69dee600275b47b9fcfe08eef280dad0e5092ec9b717456fd0112a5c2a173f55acad5927c16cf753468b00f03c95101fd10b4108510293d9d1732e691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 dbf24a66e4b484c2ce868fbb80e7894f
SHA1 9d852c6db815c08c67c991916bbc984d96643d57
SHA256 9fb2d7737cc88703fe677db3c9cc4f4226239cb9b1ea6d34b502b69b14dfc924
SHA512 01db3a839690e7cce988417a6ba3d081054b3721205fc73ebbeb9413db96f1f5d9ef236c89bb4cb1f49e9b21b505f914618467d00ded9e9f45427b7a7142ef12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

MD5 cbed24fd2b55aea95367efca5ee889de
SHA1 946f48b5c344fd57113845cd483fed5fb9fa3e54
SHA256 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4
SHA512 c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

MD5 53cf8e6a7a831fe463f13cc650d424ef
SHA1 133c9fdef54fe01f822727cea5317f8eb32b1d4b
SHA256 61b0aa536a0dfa623dc43dfa0b778cd56eb8b4e6cf12219b8b35ca9350e746dc
SHA512 56fc04579ba82e8a619207cbe7eeeabcf23fb7cf13bf1b6cff75146faac1d3b1f4b299902c9780bbc87bf0772a8968ca629b4e4830447d32ae3616d66744d249

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1958C8FC5F0E0F8549703D0A9B9309B5

MD5 967984e51d81eb825b60f2670dd0c826
SHA1 50e820adac9b6bac75eebec04ba19664c8636b35
SHA256 d017915a921df6ea173dfda52e4ad4913f565ee664d0dc4dedc3c9ece34ef6f0
SHA512 6eaa4dfea950ba36031edf5e35865f679cff1e5fee01e26ac1a806ec7c5b3d8ec088fb2e078dad6f630c1a519e36c5201e2a75923d4f967f405f5fd3383d50ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1958C8FC5F0E0F8549703D0A9B9309B5

MD5 a35f892681658db02e5a68cf351cd54b
SHA1 f0aef497c7086a365bfffabefa963c71a701f803
SHA256 e01aa608fb5c27e23985571a1d043a8a658d7cd438cd215b768bdb7bc08b7403
SHA512 376442307bce497416e3c953c81ac78657d3c0318653a2e39e3e71bdc624c56a204c5c3965fa22384e8333f26de3e7223e5438b42c65895871d3daca276b05de

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\sj180191.cab

MD5 7f84da806b086ef0122de5f5d827a50a
SHA1 ae0e22fe86f5380d863f9ee2e3d2c16f5630dd02
SHA256 8545dd51176f8c6773861fbc340b5a8b85bc6c67ac4154c47957d9c9f85a2274
SHA512 ba8056ea02c4c2044a62b4105871763219404a74efb8e88e83e8735014ab5feeb25269222aca09848e3f21978abd7a79d6eb640c06acec0a9bb48ba63bdc0679

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\ss180191.cab

MD5 867cf8018501335e21bd9538872099bd
SHA1 03fc10583fdbbb31d2f9904d3728047c764662af
SHA256 85546484a43d0f57c0690d782765189c84d3c077d04e73c1ea42041c98cb359a
SHA512 be96165f1e2e1e6f9a73738fd17c0c5c9f35df3c12f5fdc4055dc36beec322d2853821a3a9c8c5f811a959c2b7837bcdf8b99abd494aee2d79881cb7fdc2efd4

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\st180191.cab

MD5 5a0226c666e6375da4a07d597c2f4d10
SHA1 0673f3d02467a6ad0f361cc069fcfaa87b6583b0
SHA256 cc44d807863e382ab1a97dab15ed1f987019bc3a3093e153ce09115f7b4de4c6
SHA512 66cf574e57ef11c94f75cb8dd93727b41a8669f02228fa1cef67e749fa82cf67a2a0fc2331c941dff4ff29661c9c83f219b03af789da34823fd119db32ec990d

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\sz180191.cab

MD5 6ddd9f7229af91f72510332059768b7f
SHA1 2ca8b4863afc1d44352b35601dbfa652838baed2
SHA256 3a8f0955ee74c76f0879bcc3eb2c56c573c59a37be1e725846858ecf6ae455ac
SHA512 4351a88404f80cbb197dda565a27ea8e8e1d9a206207ff6469f1768080c5f8a00067488733f6470c028e6f15b9158ec47bc3052e1cab77ae7a8dc5358acaccd9

C:\Program Files (x86)\Java\jdk1.8.0_191\tools.zip

MD5 4cb1a2c382ad492093c467728f1771de
SHA1 8d5fc127d603c7ae5d018d16f5bd36846393f02c
SHA256 8850d6e26ea45daeee16d73a8852b6a3a747fa2db02ae9febde6677dbc9f4676
SHA512 b3d2d88018c3d26bc925b7c8796eca018ff059deb7017871020d125fdf8295e5b1e8860b9968865d2ab26029d3c2c016e1cc43ae26d98ebd1dbaec652324188c

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3addc01aafceaf679105f5dd437bce77
SHA1 1b8f292e3df991cb749c9acad119cfa1f1400603
SHA256 30c715f2371e7585585a2fd75c42a2d1b6627c7faec2a1adfa9d53b93a7a17ff
SHA512 01ffcf69be91b0fee1a05bf4a9ef7f31fd44971ed6de223c9fb3781d6a6e20918da3cc46cdf06bb2c35195ba48839ce938b5bcfd8fc96b503e9c8d45dc672bbc

C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html

MD5 1fabf1d6edd14f933014d5557c7b7522
SHA1 67958aa114880c281036cc14a4e53fa123c4d9ad
SHA256 5f7d79ccbca7bdd2d9e036984a8a60c6bb9051411a740dc538f36f882f983b6e
SHA512 4c4f2caafc7ea9e97303f31c6f6a192a64fea4f24cc9d071b8339a519c1ea7f951e14571c9e9a23eee140fb676c7b213dc25828b274639046d9e01f6cd85dd3b

C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html

MD5 b35adb5213ca9657e911e9befb180842
SHA1 8d80da0c92c1269b610b03cc8061556004898c85
SHA256 9a96d0daf98aa6fb4aa530d399c742c66121b0bdae4a1f7ffa22d2135e1df7fd
SHA512 82112691ba9b49c3e335e7eb7a426f5d24072c72424612b0d07863560fd37042b6408317db9bd973280eb17e100ec25d3ce18cc6eeedc57c27d338fa517ea6fa

C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf

MD5 adf99b54fd6f317b611320564167c305
SHA1 d3d80dd39b686e04bf31db6ac9335084e841ef73
SHA256 1b68454d53e781f8793547fde8fcb2f3b03b5c8134f37b9d8c4045cb8a5473f3
SHA512 65fb44cdaf01632d60ecf3b49ab1eb661982ee8b6a430dcf6d1e75789787c9e7356754cd071421ca44a1b32ab918be97a630b1b0ca722383eea56d40fa131642

C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 36f381cc8f60a659777f1133a006de4f
SHA1 b70e38fecb27a4de0776951a919bf072e601690e
SHA256 a3f56fee6bf824076f7599298272225f054dabac6a45b517eedfedc1f37d3c16
SHA512 dc1afd3b53c97c090c3baae27ef50531b27ce72509fbe2d3d4e53b99bcf7d555d13a7545a072c518e446bc433c2cf14300bb149e784a1db841ef9c3f3dd0efae

C:\Windows\Installer\MSIE9A0.tmp

MD5 39ee694b518bd101182bc9a7f0ebfaf2
SHA1 31ac5691443a27f0a00f8062591d799b1958e68d
SHA256 fe7edeb65f6487931b72d1861c875c62e502a455383820731c21046d63bae43d
SHA512 1f664b4e8282b3ac99c85119f6d3c7063d41a6f3dda23d7a25a103c955b255de562b151c2220309ea5050bb7439dfbb3df1c896770a3ab2d38fe14d684816be5

\Windows\Installer\MSIE9A0.tmp

MD5 6adb00c0292e5aab6f17efeeea468755
SHA1 d5eb3fcb7903f699af7a259eaa448cc94f50adba
SHA256 c7d0e5c879fd0b43f32d3716549bc116109fd8c291ec77363f37ca3df2d1550e
SHA512 485f01cf9d2669210bffeaf9bbca69eb430e1ac3be9762bc72a4297221db7d986e61b1d7c6c2d0c793364f106d6f9cad4adbadbe77d3929bf516907d98ef3eb7

C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe

MD5 246c529b7689f21e7af745cfd30e8ae0
SHA1 7f3ec69458623951844dc3eb3a216e305e3cbe99
SHA256 50132c406ebdac4dcca39a804d866c9bfc46ac5fcd784aaab0b53a6c245389f1
SHA512 a85ab8bb017a4fd581a8579b4fb61e33d4c20257187e4613a8b2bcd389febc22b7b902b2f9accd3e5c77d117eed065a1a5e85148171f2b7cb1d6e02d7476ec85

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk

MD5 d0a48bed029d91024cb63ba26db4f1dd
SHA1 0bed8560b2a7e8a289e5a614fc372e96b8b3ff86
SHA256 80967b0f062f3f9bef405568a8fea23b7133d5ec90bca4e7f3e63867cf0973aa
SHA512 e8f711b20a4f7f65fdcbd4029fad38cb2c331aaa6603d00b83a57d01c2d28ce02571899f03296773a261691439f8d82075f3162c1893566d595c242b6271d9db

memory/2860-2132-0x0000000002570000-0x0000000004570000-memory.dmp

memory/2860-2138-0x0000000000180000-0x0000000000181000-memory.dmp

C:\Config.Msi\f76ad90.rbs

MD5 5faa935ec11c38528e90528ee48f9144
SHA1 337e80bccde078153ef253fa682b1ab2d0a9a7f9
SHA256 d376b034e593bfe953a1459efe830a2458c921138b2bcdcbbdfefecce41f9538
SHA512 1b4367725b3a21cf61517b9f1b8f56b7434e2c76668bb018d16b51bd7b1ad4aeaa1139a202911f73767fe11699a66aeb32a58a70af4a734a2b7ad5c2deb1e54d

C:\Windows\Installer\MSI273C.tmp

MD5 29740bb8a2ea3a2c72bd2b55a4db93e3
SHA1 f78f0e16a676e4eb1a7f894c0add2b7ba6c03d32
SHA256 12db59a9d2335c7781e717941822981bd0ebbd34ea7f274740f88fe11e0e9b82
SHA512 0a43ecc7f5b59c6e83e490800c91a61931ab9ab048e05ce1db356ae5688fb89f2d9059698db28f5d47f887b47c050aeed016882619fad97f02022711263b60f0

C:\Windows\Installer\f76ad92.msi

MD5 e7a59a25b60df2474d3713ddcc59e57b
SHA1 51fb69070956368bea2b060ee4e75d8d6d2b35f6
SHA256 404ced151fef918e13ef87b457b524995d00932a3a3a40e8657ac34330a76460
SHA512 5f3f4974081b52fdcbb54822ba49438f9fe13b6887019a43ff4afb178ae16bfd69dc9aa6d8a46ad9cb00b9794b40f3e4f4f72c7cc82f33afacc8efbe3616db83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\msvcr100.dll

MD5 0e37fbfa79d349d672456923ec5fbbe3
SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA512 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

C:\Program Files (x86)\Java\jre1.8.0_191\lib\images\cursors\invalid32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe

MD5 f4eea0a4c94bec535c7f784acb10755f
SHA1 bf6b27abde6411aeadefcd44814077a448b60c18
SHA256 dbec210d8cb3da15bd62089ce7fc744adaba777c72c6fc130658f0823d001f3b
SHA512 2347be3a2fee9f1562c6bbeec9db167686a83d456cb549c12dcea8a6fa548672777fe172c37528d6a42395ca91b339cab99d76dcaf3694ac3a0c3b827218896a

memory/2612-2815-0x0000000002530000-0x0000000004530000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 1184a6d46fad00d76159be41da64c13a
SHA1 26b1d0136bae54bc0d3717a66331b3cbed0e7f18
SHA256 d4b5fa908d1fbfb98bf487ed579afd10de956545a030fc61b9457f0307af8c3d
SHA512 f33fb6aebd701c687f38a2fbb433797d094bef9d766255ad26953a3e77bb55e14703298c574c955712adef1b193051fb9cd7d5eff27a0d58ddd503e7bb8c1de8

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 db58f9c4c049cb162f4426330998377d
SHA1 b589963d6dd1a62ef592c9ad6db08564b489f395
SHA256 751af3b68c7a03f259310f863a0c408c6491b4dd1a05aec658577598559e2359
SHA512 80943161d9fe32bbac1de855f2e178d276c342d63b6f575c701fd51297b568dd7ae7e192f8a629fda22294745d1cdfdbf78a06601175fca51f5de1086a21ad15

C:\Program Files (x86)\Java\jre1.8.0_191\bin\javacpl.exe

MD5 93ac2627e46c745ecb3ef6254ff0a766
SHA1 dfab6a056af2cd51210cab55008df5b2f88bf4fd
SHA256 185a37b058233eb244cdae848cae70d0bc121c9a84904f956f340a9d15e4571d
SHA512 55529b59e3707261c8fae767f0ecb20d5a698f58ff5d50c2ba9adef9aace51a0dc0e210fc2e4f16b314064715d08b9bb491b759813ce1b70a713373cf85c62c1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url

MD5 50e09f6b0054424c356aa7ea160546c7
SHA1 3d9b764263d87fd1a834177b48fc416e5aa645b3
SHA256 0b28a3462b93f876d521ecea324a1094cca2f877b3f69187e839c9398f284505
SHA512 049b2993b0ba9d43a413b44635574ea66380c2f62d0d23e8fad50a2188748fa9f9e068c88108f501288f4c365eb3764b7c200d3cfc941324a0be45444f89ed38

C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe

MD5 ee9b8795f3406088f917a1adf954ba18
SHA1 3f2aa657cf6e5a627251faf663b584a1e98506af
SHA256 441fbffc24d77195478a6a44cfd71949403824079af9122d015e04869b00d11d
SHA512 6fb836f04467bbd30bd1b0325f39082293b822571df4e4a4403f3dbecf2df3faa2c2f68c721278863aa4fa553659d8f55bf4075d7cb007fdad0f9d40f399e837

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259485776\javaw.exe

MD5 84c2540cedb08c146d1ad06122e6cc12
SHA1 76e71ce35f5de6b23c5eeb4ec76c806c78b76e78
SHA256 74c51f97510362f319a21ec98ad4d09099a81c6a2829aacb5e3ad21e573e3276
SHA512 e43bc79ee0046112458141d0b534600b00ef06ea66a97c26b651e0d39f14288b15510b8db70433ae2ebaf9c7f5e094b1f9967d96f5154dc632c09d48c093944d

C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npdeployJava1.dll

MD5 a7ac8b0a6af8e231691916e04b7c6c76
SHA1 3f9920d0af8e7a49a64071c5454f2b52ba596f86
SHA256 4d8a8cb37ef56063275cc89505f6a63a93b54b2b68d51a34f7508a1f6ba748e0
SHA512 8d319c220b25ad37cc95ee504fd18dd2d2123da93bef60eb0cd204e77264f9c40c2d66763acc9f37f1a3d5d6d6c90eac303756ccb6d2939f8548828a0af981f0

memory/3360-3030-0x0000000000590000-0x000000000059A000-memory.dmp

memory/3360-3039-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 5e28e72b443ded036a4cf369d0dda3bf
SHA1 0500de4480a54243b12d096745c6ba04c9479e66
SHA256 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e
SHA512 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

memory/3360-3047-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3059-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ba54e89df410af64fd04c40be363f0d
SHA1 2af9e5daf6205ab71b4d9dce8ad255649105844d
SHA256 85550c790c509ce73c700271d677dfe8fea6d337256d8c23e4c7f22106fea531
SHA512 9bc8727359f03d573eec00c35c66e08e8b5061d7c5b76d7d6f70de0a3463fa5e03afbfbd5f59e77024bdb2c4cd297b276a0950a05dbaace0568431d241caf263

memory/3360-3079-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3078-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3082-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3085-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3086-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3089-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61256e073a020d9a0f1a2655d2ca9ed6
SHA1 8f2f1d8f4f2697d346cac849d513c1bff6eaf824
SHA256 ea5f08a0d6134ca6b0de4a641f31aabec879280adb41dee3a83b0439ce3175b2
SHA512 ecdf1976e2486f98da9230145cdb0b7de38d84f6f021ab21a2453b6d35f0beb86bd989c1b3c87ecffe94ed28dd6f41fec3327993b70ef4dddc1f3f18c6fef408

memory/3360-3103-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3113-0x0000000000590000-0x000000000059A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1b53d0b72f48bdc0bc14c7432089e29
SHA1 53b29d5633410cde7beaf7811af73824293384bd
SHA256 6669505104e28af641b4e7bbabd947c3ed7b29847ca4ca32b2e0f48cf01bbc23
SHA512 3075e630f845108e705441cf87a22d499fa3fd5071c65b05ae8e2edd21df1d727265974375a222ad2c44e83756895679c73bae41ca4e0a5fd5019c7e4f5f1fbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 80f67434054320f4326e087d1ccf0c6d
SHA1 a8d0d1748a3892222490fedb0cb0a20163ca473f
SHA256 3b756c56fd6ad4cce76c18f9c68d5545f0bc131e870cbf4b3e3fa97d4b67e960
SHA512 1fd87fd0a3a843bdfeee507b6a893d3315b95ba604543df3368d32f138187dcf5c4573cda6aef25cac0db20a4c346542b2500f4b1402dc5d4fbe2fff3580febc

memory/3360-3134-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3135-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3136-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec2b25cef320ae8405d4d771975c04c8
SHA1 3392d5798a82c952703c53294762a6479a888f0b
SHA256 99abdaeab3bed93d688bd475f6676223724d50049dd56c5690fcd39297e1754a
SHA512 3ef171fe210d5d9eb9cf803e61cb329a19b37756f97d495ba12809ea353c26bc19ce507f04323409ea4c048472536c5f1a9feecc38ae9c067daeb48fc02da5e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a06eee64a0170d8a6950fad4bebda47
SHA1 3ac32df0822bf664efe3999841b8e24426d520b9
SHA256 b6f564f312afa9e4070329046b05b2938206c508a922e0cb38edc4faddf30ee5
SHA512 36afcd01c7bd429bac62443d5cd95db60e79253499d8d79f6fa8b2c990de04e4585c360f43dc9824ec77134af107bc0ec2fc184c8a1ae8a2af4d8c23096631f5

memory/3360-3163-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3164-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5259d372ef07515bcea30fb8303b50ab
SHA1 eaef94811f74fc8070a96f3d77956cfe4612c35c
SHA256 25f01244c1273452ea9fb45445b934eb21a42b38e773800d2bffc7baca589b0d
SHA512 7a8309f4e804c019ff3c1deddd8a51a79e003b8e340890b26acabe44e3cb5a4c434d4cbf5f3bc3a50765cf78e26560498e07fef02cbbb71f81e8f2b2a17ff40a

memory/3360-3172-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3175-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3178-0x0000000000580000-0x0000000000581000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3b6649d0256d53c3d9a0e0be1db02de9
SHA1 3908cbd3020029bd9e6acf16cc10d85c4145962c
SHA256 141845828b9e7be747d3b2fb6918e473268c320b686ba43af454090086a4230f
SHA512 5e093551bcb1a50ed863b64270851163609c7fc77a0313f3939fbdef51d723e7157542b262732799649454096ea7ea29fe9b0294c91094dce15cc8566a8df793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d7192774-787d-4d57-8dd4-600dfd240dbc.tmp

MD5 229219fb6b311df9995a24bbbb9d093c
SHA1 a38cbb59df632b2e360626f7c3a1a1970ac4cd56
SHA256 776f73a48cbe173b84c47b058415b836446c1d18446a7e5187f37d96b1c2e156
SHA512 2346795db8108c06540c0092f3e83e29bee68cecdef47022df11f2bb043abf9e91688805216bde71338dd914c7581cea750d9c63738a8fef95631693b52499d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 217d285ba2f5b40d369443e8f982b955
SHA1 7b5eb097a726c1a3a6df38bb88eae65033b63684
SHA256 43f6ff2bf0250cb1dfef9d4a6707503c08d0a576cb16b3a6fb4aea7c5e448387
SHA512 52ede4aa3ec1600e52d6e69594eed65db0b59f533938ec9ab1f324179333d509658d5d1f96db104fee9ea21212b113d6d1129c872f66f26a75444ec9f547fcee

memory/3360-3252-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3254-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3264-0x0000000000580000-0x0000000000581000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9d1d7eebfdff137914e0aa456690405a
SHA1 76831229d27721a66e0d6a92da61a4c81970e821
SHA256 7a607dc5c2ca83aee27892fb835a2680447bbc4881a94678e3017fc6b7ee5ec8
SHA512 c20ff50e59f87179660f0418f3315328b18ef9d5d2117a404f60f54c2b5eaeb2e310ee1a6e0ed12f9ed70b5aaccff9334927a676522b73385027348608b7c44c

memory/3360-3273-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3299-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3285-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3302-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3306-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3311-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3312-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3310-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3307-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3317-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3322-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3323-0x0000000002DC0000-0x0000000004DC0000-memory.dmp

memory/3360-3326-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3335-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3338-0x0000000000580000-0x0000000000581000-memory.dmp

memory/3360-3340-0x0000000000590000-0x000000000059A000-memory.dmp

memory/796-3352-0x0000000003210000-0x0000000005210000-memory.dmp

memory/796-3386-0x0000000000250000-0x000000000025A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\659a3089-6b7a-4fc6-abd9-fc270158df39

MD5 8d0014095fa9b734de1dd586871a9082
SHA1 6af9bc3115a8b274cc1d7f7c4dbaed56ff6a10e4
SHA256 3378443d97388f203ee3b3bc0297fe9ef17cb85c3e65128c0abee619f4a5181a
SHA512 340bedddea8e2983ee86c7c00ccb997741b0d27d61b6c77ed77b9ff2cd61218b965c17d67912d6b9d4f608cc441bf738cb8f9b64baace7f647b45f27de046943

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

MD5 c001879f88c7e7f2f97feb3da4ba59ef
SHA1 57113f49758a0b1e43263d13cb2ba35980021c7f
SHA256 61d5c1de59507f97d09157a4236a80b2f5d1c178dc3c2eac2b307526340eb087
SHA512 2b6ece0592c5fc482d389882d9b9f6b98d85d9c62acb2f59ddb6259d87531f91e5c81562e54e11ad144213ad82ab133da400bbb5d1eae553a0b4f88b3f65d1a0

memory/796-3418-0x0000000003210000-0x0000000005210000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js

MD5 c01d37d8abfa8bc7a89fea538aaea128
SHA1 3c157fca151811d1e383daa37b39e3225531ec98
SHA256 f482c186479c020c4988c33ae8b26a8313cecce37b1b57f91e7dc7fa8b18270c
SHA512 9b22cdd3e87bdc3577f2976c94d6e3e13afd203d764edc7922ad6af98720dd2dff7aca6917421afbf14fa045e4a43cb3affc915b15a65d363907b16a700dbe13

memory/796-3461-0x0000000003210000-0x0000000005210000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 95efeb569a2ed139c4366f1335eb3b80
SHA1 0c4fb01c6e6f77dfb4abed96f7f90ec70cb100fb
SHA256 119e255a4b4245b3bcceba94921d084a389da0135096bccc978e0ed32f1368de
SHA512 4ed257abd97a6680b8ca280ec768185df749cf6022c6ca062a3c4c47c311351b1628a23e338064140696f11611503346b4068221f6867bdf7f9bb9c0b84779f7

memory/796-3525-0x0000000000250000-0x000000000025A000-memory.dmp

memory/796-3513-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

MD5 2af224c7fb28f7f1d914634c3987bb46
SHA1 42c9763c208ff0cb3938ccb12df5b93a5d2b7a6a
SHA256 bf24fbe8db1747280ed370d12d3ec35e59220bdb2a9fad796801641a7e64377f
SHA512 9274ecdd7da64eae18835ba4df0a22eb66b51b6ff6208bd8327cbb0ae90f75a912d7868c37f04b02bb2d811aba9046852bd2ceaa5fed578834f94d52b4949ec0

memory/796-3558-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3570-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3569-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3579-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3580-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3610-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3596-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

memory/796-3641-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

memory/796-3661-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3660-0x0000000000170000-0x0000000000171000-memory.dmp

memory/796-3653-0x0000000000170000-0x0000000000171000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 43c5ddb6adb326800c44c5e123764c71
SHA1 0b2be386d355cefe6188b422127f941ce4b5db78
SHA256 e6c9a75dd64412267fcd2a4d2ca164d244899990e0197c09938bea371f0e0470
SHA512 35cc4b410d96e0ae0b5618a39b360e3e182d5f733eaac3533d6730a1c01f8bf26772c1511cf96fd002fa019ea2f49664cce4c78a2a94faa6d207ba56224060dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eef38f8679919105445ba32b61767785
SHA1 f04bb7c1472b23104c35b539e214d390f89248e2
SHA256 5889d8b03b3ac071cd90175d42f9c58b14ff4b691831dcc7eb56bfacbe0626a4
SHA512 9726e405f99e500e7e983a7e852ad303555a0e0537830bf8b5924b469fc934173d6dc33dc0d077a6def42f51c1596226b0cc716e7bf25f9389b67b77df938bdb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a22adaa3313a04671f77b2abd5812858
SHA1 b862b635059ff7252464f67cdddca76aa5612c06
SHA256 1070cd0a269d03ca11033d7b5c16a0ef6ff0e48caa4d308a118dc4ee7820d2ae
SHA512 6fbbc190c37fd01fe8cd6678bb44e4dbd6e85973f1104ec52c2a47ad17eae47419830f6e5b14e89bf841fc30516f1a1d3297a270cf4153545efde8e31eecf742

memory/796-3789-0x0000000003210000-0x0000000005210000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 110d0020ee98e1c8dc44a7669cb100a1
SHA1 9204c98b8e2a1048347c68ff8fef1d9f48a5f4ef
SHA256 67afd4beee23a236c3341278421af0e5e7f09c7fb13b1cca7bb7340f7cb40ef6
SHA512 84a8cc317b9fb96bfcca760238372d94fc05aefc6bd97031cb65890796e64c20f59f2d3c8984a767a0403f80ce82cc2dfbbf630c2e997990545fb94e519fd106

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 d20ff5076725e100a171311e4f8cd24d
SHA1 f99020f5d02f92614dbe6f82bf6df395a3051a74
SHA256 a15018a9f42c2be23fe4620f1666742d96e48f2335b9a216e10e999e2acd8566
SHA512 0d48292239558f93999176f50a6c7dd1ce7f07740561b976143838056154ddef14730e7848a336577416a92fd6757c6346c215aa31e95d6b51329f2ea0f7a8b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b3b2bd87f0a4bc298df2aa47b4666f88
SHA1 75bd7d707ad99431eedc3e4096aabdbd13e9740d
SHA256 e0e5a2f5bc04a3f878aff4e2969a9eebc7cafee04488ca117fa8cbec729afa88
SHA512 bb175cb8c80d53e2aa0e88c7c75d4238a530638ef5393bb5be6a9951c59ec6a803461d0aff588d57bd19ee4a5976a68f364ed19d59fdaa98fafe23ebd5790c8c

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 76b2a4fda5c098f17e51a209e70d25b9
SHA1 97251b9da788d76d2630cfc42a58042ca6d27df9
SHA256 604fd4742107f15e2716d0e621fb63d57ca42f49c8e8dce64ee40acb0b955ceb
SHA512 2aeb94cfcf36f10c6a2b5c8d34cf034fc1aee1d5dd5bd516cf391b3a254d7c19f812b6a20624cdff4148f6da96caf101b8e3f0f35bd95e3e5323ad2cc7d008f4

C:\Config.Msi\f76ad96.rbs

MD5 ac471a72eaede512bd37bb43cabe669b
SHA1 3453300175256b94c19f70dc5d5ae8cf8df8228f
SHA256 589dea18810d414fa7df65567db89439b1cd5c67c46b774b4816de77ac3dbebf
SHA512 291f89f20ef389dd6b9e379bf4340929eb2b9f851bc024cdd38ef2789803bb02292a822c87853993def25b437483fbbf412ec102ac0f946a6b15e0a58937c5ab

C:\Windows\Installer\f76ad98.msi

MD5 f6f106f330c8734bb2618ee7e9b20db1
SHA1 046283f19963dc94e7f9af7345c015cd959e20cd
SHA256 cfcf43adbdb4d463fa9a50a4cbf32d997ea84162cab4c3832da5cff4a1d3df41
SHA512 9be8f0e48ec80d85556b25eb80d0cdbcac17b866ce267bf1bd5dc2dd32309a5e23980c9025e20ad2b45ced5a24a48c1767c1313aea2c25a7be41e588b637562e

C:\Config.Msi\f76ad9c.rbs

MD5 bbb18f72572a52b62bc7b1d65343c8a5
SHA1 928e800d4f3a4dfe8724f08aa4603efa424cbf2e
SHA256 db45beaefb8e07adb8508a876c521d86525eb6c10a466f083226f0ed638964ba
SHA512 af0322a3263c8292a02bdb88a05cfc5d3e44f93a768b978257b48a6f1d240132b85a837aa8f44b105090853b7117e0f1af74281f8b0f8e6fe3ecf5ed8a8b177b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 059de0fc9c2e2d7042e6e819df059eb4
SHA1 f022d6586c2feec9006a96ba52ab9cedcbb119f4
SHA256 87679b604d7ed3ed26da1d8670a60c8db47aa156744cc6f85c177c9cd5b64a7c
SHA512 49898e9e8a5ca2de2a2bbfdaec9a6df74d517d3a6d18612162921da93bc6238c30f416f2f92c5f8f4d3bcd1a953a1abf8e68c8e1ff7c286c8ba44a321837de08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png

MD5 3e6019eca2a11d371fad9dbfcf078fd2
SHA1 dc643a9f56620bc5946836d518c8e3d1f20e5de3
SHA256 70e0bfe2d6566f3e708d6517cd62a5e1541c62cdf78ff8f268876ecee1e6766c
SHA512 2d7d1f0a4b27428421e4b01079ae49b861db204866cee39c6a0b86a74933b065b07e5226aa31c24843939317ce2d2a150cf1a71fd6127fbcc48b83636d49b5a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2

MD5 48447f9a965f92c979681b88d2d16cc6
SHA1 8a944c84112c577df15b839cd0ba1353627259a4
SHA256 75d4bf31610e3f090cb60f80a518ba5fb2c200bc91f911a942ba8e2f297c9abc
SHA512 9b7b96257361761923450d22907d31ec65e4f54a4760a5bc20460b07b1ab10e36a21e588fb4feab18c775ff29bdd497b9a95de7a3d8d0b2bd15cc33b3d916865

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA

MD5 6a56e118c53a9d6ae5ee816c6c88452b
SHA1 d77cad6c024feb37f83ca5622b4c64c07b820440
SHA256 ded681efb9f098726dbed1a7ab7ad0148e21d7614b2bf93a683cb78d4df5ac93
SHA512 b4f8161bb3d97adbdcb3cc51d48411af89ae7a63bef4666389903814503b8ae1cd30037166d215eabe44c8c0a764f1557c490b062d13261df54624dbefef80d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\80AF8614EB0CDD7B24B3BE186294D327C8A18584

MD5 216a3a906c4d5734aa259ba1d7b26905
SHA1 6c9bdc34cd85645b6e1546c5bb110d5cdb71df2e
SHA256 563319ab4eb7b5e19f193dc321f93288062811c33ad498856a15d780dc28bd41
SHA512 e31e302cafb61a6e331fb32acf477d675598e4f94fe9832c480057e02d07394c2db1f701942d66cdb75b01f69baff4ebb7c8c55a81b545eaa906cfc3484605d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

MD5 ce42d191088097ba94830f08b58bbda4
SHA1 32754102b6563171bc64d695f975d384d48b21f2
SHA256 83910d99a02a011e9c5ae34b8aabe9370c10d4b8707af4c5f5d5e813af28d75a
SHA512 2742c7c1466240ac0138b613070f40b45307896ee27149d40c68807a17a4434cd42ce4b9ddf2699e0a567bdff1e6810f206c4e68c0b44be07ffed34aef9f0d2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

MD5 01187bcb179e310df5980f5acadc1272
SHA1 d5f9566e5acd0f3155759d8205351dc23792f72b
SHA256 02252e2fdab9f9d566130267e1a57fd20e8df8590e4dd61a5ed22bf0b62470fe
SHA512 455c73064e910dc87d5577affbf09756a0080a862fd283023dafd963ee804ba49ced381020026e0c03a227c4da41ece8229028d9e6d83d85c71085438783e1a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\19810

MD5 f056f31799570d120ecf326df6dac1d4
SHA1 746475a503f8f4259756b80bed535c307233d0d6
SHA256 d181a102f4f3715b8b08651530815b748ba1678bf79d16de1ebc0de999c9088a
SHA512 9d88a948378edd2e4645f8a886a5b6ca70c9a3fb95f0905ee889a4739beaac3093d54aab492527554342442f4a39e9e6782ef4261d005310c0f66aa51351037d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c0fe1c3e1bf14e18fd41cae68d0edaa3
SHA1 663374111d8f4c41b03c65aaf640ffed2328f7df
SHA256 71b236e6e3af18cc3039298fdaee53f1f873c6ee92c62762fcb3449f1868580f
SHA512 b57461247dbf2731867a343a4b254de3902674bdf4c218014726cfaeee5519e188a5c28b0f5f4790f7b179ea60873ca68b4f275d739dae940c713ec36c61911c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1473626b99ebed936aa21352d0cb666f
SHA1 b74e4677b3827e779ffb70d9dd655f28e2780add
SHA256 08546d81bcc7b8a093471a45af14793d218ac30a0d993d6cd66ea27e08d8a7b4
SHA512 02f97535af0e428b360871804bec633064b755ce7cea5e852df8316d6f8dcca41110dc3ec86ead68336d3fa96ab09b0dde96f3b5476a0d639ebf78a2dfb17d87

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 694f49bc64e00a199374898c42dc465d
SHA1 b9a88f631442e5f591a518cd8b10fdbda8e90134
SHA256 9b807aa75021c2b93e62e46a8dfd6a3da7a45ee76bfb8573bdda035ce3db203c
SHA512 b2da2c1e484e1983c3423e1e984dad4968ce9da24be86cc52ef56868663b7e55f40fa200a090838ad5d9ddf63e6e301fa3cab399df91c388e62ff82e0758fdd4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFf7dbe6f.TMP

MD5 3fccbce2e89a828d6af3c9d0ce787b28
SHA1 fa29bf75d0967fe29aa81d54963a4b2952c9cec2
SHA256 a4ad46aab3237045c71ed72b528bef71b13afe2c573384828563ef418973f745
SHA512 fdb7b4009c8fe12a1076f3ea3c9b3489db5d1fff5f2d203067544fc116a0945a44ebeb46b5f9895166cd2f6a267d0bc6814a7bcc1b6eca12c9812958bea28ef9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R32UMWPUN1DU7UMNV9D4.temp

MD5 9bbd1eeb180ddb333a7d462abc542717
SHA1 1449b25968e73a2b0ae75515325df60a2993a843
SHA256 aaac52834ddbed1fe1a0f47e35fecfbbf48d911b298c4c448cad897dbf06d708
SHA512 fef921d1bf83d96b510c922d30e4d087fc4d1a89193d89a1d6449b416dbe630f8082cb5540a885c5858e93fe268c414226edf2da20bb84b7344ae57f87e146cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\11A01A67B2170B1611682D6A2FEAF15BBD68741B

MD5 38597e2e58796d8b7d75267434092a50
SHA1 9145aff3eb2c3ba7bceaf59362c482120196fc68
SHA256 3e4be15260ac248f1a46f884f8a6acf7ba336b87519cc90ddcdbeb555ec71610
SHA512 185b4bed1e77e92ffdbdc95180b7338aa4c6d2eab9b3de51c8f1bee2c8be8967c76b577ab8eea5f797813e37dcd431730e4d05a40e06a7274e67bc1acfcb75b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 860a399326bb505a54fc339d3ff2a940
SHA1 176f21c9b967c731bae081d2c611d9c0f3cea8ee
SHA256 1575382360401b1ce52db0dc25f4ca899d23b2831caa448d07fcaf0c0e3ad0b9
SHA512 76a338568e30489628067625d6a45172a2e5a13747a2fc5e6da7e2c6e98000b77afce625d8bfee90d26023a2c8613444d35b73684d21a78c411b7c0c9ef502fb

C:\Users\Admin\Downloads\Error-437--main.KEyv4TvT.zip.part

MD5 146aeba739aadd9c1d0092ad4f443e67
SHA1 0dfb477296eea83290ab1e971f3564f935d2f5a1
SHA256 2a9bef7f05505ca9cdeddad1204ab856ba97de5e94f38c455854023461784a84
SHA512 94b491a1d9c444219b95e3fb9ec68ba508351b974272b198367f459fb1a9db698eda8e1f0be0d930b609d84caf2d50d669c1fe07f49e68669b06ba6dbf052f9d

memory/2564-5101-0x0000000000400000-0x0000000001533000-memory.dmp

memory/2564-5163-0x0000000000400000-0x0000000001533000-memory.dmp

memory/1160-5169-0x0000000062440000-0x000000006244F000-memory.dmp

memory/1160-5183-0x0000000000350000-0x000000000035A000-memory.dmp

memory/1160-5184-0x0000000000350000-0x000000000035A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4

MD5 e596cea225a1c86f429ae9e85228ba46
SHA1 1b81dbb1d80602bf5eb87fd0b39538e3a9c52655
SHA256 32aca9cf2599d255ba28877055047bfc11ca8ec8065bc492729f655b98a86430
SHA512 3ee73090fae294cdd0056cc9d3e8d524dd4e97e10c92466ccf6b6d3eab13a3e27619515222e44c58c1a442b6bba842b8f7c7b2b84d0267600de70b7df4fe59d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

MD5 829584cebc0ade1e56df2320a48ec368
SHA1 2a3a93f1cae1a11097610e08fd677ccbe5861efe
SHA256 37713a503eb0f814a381504b0111aa2cd2d8a940a4bad5bbe896578659fa9af1
SHA512 47780481f9b8225918fb461fa01c4d8b317c705f559698e20c95ed1e451fb1e4f48fd294fd8425eabfd841442ebd8f49d74abd0fd4f72331f0f079ae4e8d0fa1

memory/2020-5327-0x0000000000400000-0x0000000001533000-memory.dmp