Analysis Overview
SHA256
63bfdf16183fc6ba3aac2ccc86b3368445e448d2a50386a9dfeb88b8b7ff567d
Threat Level: Shows suspicious behavior
The file error422(1).zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers COM server for autorun
Modifies file permissions
Loads dropped DLL
UPX packed file
Executes dropped EXE
Blocklisted process makes network request
Enumerates connected drives
Installs/modifies Browser Helper Object
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Modifies system certificate store
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-25 03:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 03:10
Reported
2024-03-25 03:57
Platform
win7-20240220-en
Max time kernel
2624s
Max time network
2284s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\error422(1).exe
"C:\Users\Admin\AppData\Local\Temp\error422(1).exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-25 03:10
Reported
2024-03-25 03:57
Platform
win7-20240221-en
Max time kernel
170s
Max time network
636s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0080-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0176-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0083-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0170-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0182-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0038-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0081-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0171-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0119-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0143-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0190-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0145-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0197-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0024-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0095-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0068-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0143-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0108-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0154-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0108-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0076-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0098-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsAccessBridge-64.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsAccessBridge-64.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsAccessBridge-32.dll | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsAccessBridge-64.dll | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\fontmanager.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaws.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\configuration\org.eclipse.update\platform.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20141007-2033\META-INF\MANIFEST.MF | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\core\locale\core_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\bin\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\lib\javaws.jar | C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\icons\send-email-16.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\bin\klist.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\bin\msvcp140.dll | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259485776\javaws.exe | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.2.174165\html\dcommon\css\blafdoc.css | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86.nl_ja_4.4.0.v20140623020002.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\core\locale\core_visualvm.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\include\jdwpTransport.h | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\schema\triggerConstraints.exsd | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\bin\jarsigner.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\api-ms-win-core-util-l1-1-0.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\bin\jdwp.dll | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\lib\ext\cldrdata.jar | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\lib\ext\sunjce_provider.jar | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.2.174165.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\modules\org-netbeans-core.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jre1.8.0_191\lib\fonts\LucidaSansDemiBold.ttf | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\server\jvm.dll | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.2.174165\schema\triggerActions.exsd | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\Java\jdk1.8.0_191\jre\lib\fonts\LucidaBrightRegular.ttf | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSID812.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEADA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED21.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED33.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76ad8f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB55A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2601.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI26FC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ad92.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ad92.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ad95.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ad97.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ad8e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB27C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB8BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEB49.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76ad8f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76ad8e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEBB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED32.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED44.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI273C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB791.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB86D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED22.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB675.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB81E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB94A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76ad91.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9A0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI270D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB626.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB702.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB742.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEC25.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB8FB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEA6C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEC93.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0046-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0206-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0104-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0190-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0018-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_18" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_11" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0125-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0129-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_60" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0039-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_39" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0194-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0093-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0080-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0092-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0082-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0164-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0053-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_77" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_68" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0089-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_127" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_129" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0148-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0157-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0168-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0128-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0121-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0142-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0106-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0180-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0157-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_157" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0163-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0141-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0110-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_110" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0095-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_84" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0021-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_21" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0106-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0079-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0184-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\ = "isInstalled Class" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0065-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_65" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0154-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0174-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_174" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0115-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0173-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_84" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0078-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0082-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0085-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_36" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0066-ABCDEFFEDCBB} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0203-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBC} | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_99" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0109-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre1.8.0_191\\bin\\jp2iexp.dll" | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBA} | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jdk-8u191-windows-i586.exe"
C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe"
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\jdk1.8.0_191.msi" WRAPPER=1
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E9BAAD715217DC863C0E247118746EFC C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004C0" "0000000000000490"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 91FC96333127C429B234B222B2B78181
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 89C0DB0511B6A4D0DF469FF3C06342C7 M Global\MSI0000
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\lib/tools.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\lib/tools.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/plugin.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/plugin.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/javaws.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/javaws.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/deploy.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/deploy.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/rt.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/rt.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/jsse.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/jsse.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/charsets.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/charsets.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jdk1.8.0_191\jre/lib/ext/localedata.jar"
C:\Program Files (x86)\Java\jdk1.8.0_191\jre\bin\javaw.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\\jre\bin\javaw.exe" -Xshare:dump
C:\Program Files (x86)\Java\jdk1.8.0_191\jre.exe
"C:\Program Files (x86)\Java\jdk1.8.0_191\\jre.exe" LAUNCHEDFROMJDK=1 NOSTARTMENU=0
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 87D057A0DB76A838A4A77CB10F24DE4E
C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_191\\" NOSTARTMENU=0 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180191F0}
C:\ProgramData\Oracle\Java\installcache\259467976.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6009758,0x7fef6009768,0x7fef6009778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2372 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:2
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/plugin.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/plugin.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/javaws.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/javaws.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/deploy.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/deploy.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/rt.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/rt.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/jsse.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/jsse.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/charsets.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/charsets.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe" -r "C:\Program Files (x86)\Java\jre1.8.0_191\lib/ext/localedata.pack" "C:\Program Files (x86)\Java\jre1.8.0_191\lib/ext/localedata.jar"
C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaw.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3748 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:1
C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_191" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xOTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1180,i,17701732547179839056,18182604642712271830,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.0.1661500001\1810031148" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1144 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18ed3cf5-6740-4a19-a23c-7a6bcc123a1f} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1272 11ad8558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.1.738999718\355474062" -parentBuildID 20221007134813 -prefsHandle 1448 -prefMapHandle 1444 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089e57b5-1c06-4d3b-90c6-785cd8b19a61} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1472 3e43c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.2.1058575885\2075153599" -childID 1 -isForBrowser -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f46c0eb-e206-4f00-8b61-ce95a00e5d82} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2312 19fb2c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.0.1408438116\582653109" -parentBuildID 20221007134813 -prefsHandle 1060 -prefMapHandle 1052 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbada35f-d9cf-44f2-af82-77f634ccbdb7} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1144 40d6a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.1.1841501736\848707737" -parentBuildID 20221007134813 -prefsHandle 1316 -prefMapHandle 1312 -prefsLen 17601 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b1fa3f-9583-4d44-b623-2ae623f0d82b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1328 f150f58 socket
C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe
"C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_191" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8xOTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzE5MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMTkxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.3.1902215477\2104277682" -childID 2 -isForBrowser -prefsHandle 2200 -prefMapHandle 612 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b4786c-c6a7-4ec4-8aa8-5c163d3a0e26} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1628 d70d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.4.1208680996\628894315" -childID 3 -isForBrowser -prefsHandle 2200 -prefMapHandle 612 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf124431-a1e0-41d4-a73f-1c5f643eef91} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2948 d67b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.5.1558882022\1638679433" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 2964 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9440e8-eebb-4463-a8cb-9c8cb19234e5} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2948 1a07d758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.6.1242974969\760319412" -childID 5 -isForBrowser -prefsHandle 3612 -prefMapHandle 3636 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0181311-1fc4-41a5-8608-02b2e0423aea} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 3652 1ef74458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.7.1376948097\1167674094" -childID 6 -isForBrowser -prefsHandle 3652 -prefMapHandle 3928 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32bf6571-9b54-4df8-ba64-ba703e04a51c} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 3840 1e939e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.8.1591764973\963880081" -childID 7 -isForBrowser -prefsHandle 3860 -prefMapHandle 4060 -prefsLen 27184 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036ad94a-1238-4b68-8c9f-f515fd9285ef} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4172 1ea04a58 tab
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 567FD0F0D4AA0338A51554F385A97649 M Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B8A794F800C115E1041D2E8D747FA9C9
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DCF6C059035C83DD56545137602751CF M Global\MSI0000
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.9.438865623\893161445" -childID 8 -isForBrowser -prefsHandle 612 -prefMapHandle 1152 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9395ab55-9b8e-454e-8cb4-be97edf69af6} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4380 18058358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.10.2059997225\374914452" -childID 9 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0cd4a3-c50c-401d-89ca-f7c4e2ffb6c4} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 4056 1f520b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.11.1790192337\151859360" -childID 10 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55e7e395-e9b3-489e-a937-f23fd0a02661} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1928 1f6b9d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.12.1821695735\1947169017" -childID 11 -isForBrowser -prefsHandle 8088 -prefMapHandle 4556 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a378f411-a324-49fe-b858-3b3d11712c67} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2088 23350b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.13.520586418\856591027" -childID 12 -isForBrowser -prefsHandle 8328 -prefMapHandle 3980 -prefsLen 27580 -prefMapSize 233444 -jsInitHandle 748 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfbd6081-8a70-49b2-92d7-3104e49aa7dd} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 8448 23418f58 tab
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c
C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe
"C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c javaw -jar natives/error437.dll
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar natives/error437.dll
C:\Windows\SysWOW64\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe
"C:\Users\Admin\Downloads\Error-437--main\Error-437--main\minecraft[1].exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c javaw -jar natives/error437.dll
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar natives/error437.dll
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rd natives /s /q
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c 437.bat
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.84.88.195:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| GB | 104.84.88.195:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 52.13.152.141:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-5hnekn76.gvt1.com | udp |
| NL | 209.85.226.10:443 | r5---sn-5hnekn76.gvt1.com | tcp |
| NL | 209.85.226.10:443 | r5---sn-5hnekn76.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-5hnekn76.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-5hnekn76.gvt1.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| NL | 209.85.226.10:443 | r5.sn-5hnekn76.gvt1.com | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.84.88.195:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| FR | 63.140.62.222:443 | sjremetrics.java.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| GB | 92.123.128.161:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.161:80 | e86303.dscx.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.161:80 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | www.start.gg | udp |
| US | 8.8.8.8:53 | www.takelessons.com | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| GB | 92.123.128.161:80 | r.bing.com | tcp |
| GB | 92.123.128.161:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| GB | 95.101.143.105:443 | assets.msn.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| GB | 23.48.165.143:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 204.79.197.200:80 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | www.onenote.com | udp |
| US | 8.8.8.8:53 | sway.office.com | udp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| GB | 92.123.128.161:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| GB | 92.123.128.161:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| GB | 92.123.128.161:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | help.bing.microsoft.com | udp |
| US | 8.8.8.8:53 | waws-prod-bay-231-5e23.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | waws-prod-bay-231-5e23.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| GB | 92.123.128.161:80 | www.bing.com | tcp |
| GB | 92.123.128.161:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| GB | 92.123.128.161:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| GB | 92.123.128.161:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.181:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 23.48.165.143:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 23.48.165.143:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| GB | 23.48.165.143:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 23.48.165.143:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 23.48.165.143:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 92.123.128.161:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | dm1prdapp01-canary.centralus.cloudapp.azure.com | udp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | dm1prdapp01-canary.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 8f19862b4cfec21f59d206c863d95078.clo.footprintdns.com | udp |
| US | 13.107.6.163:80 | 8f19862b4cfec21f59d206c863d95078.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | b-0008.b-msedge.net | udp |
| US | 8.8.8.8:53 | b-0008.b-msedge.net | udp |
| US | 8.8.8.8:53 | b916494442715c8178f0914b00d8fad7.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | c-9999.c-msedge.net | udp |
| US | 13.107.4.254:80 | c-9999.c-msedge.net | tcp |
| US | 8.8.8.8:53 | c-9999.c-msedge.net | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 204.79.197.222:80 | a-0019.standard.a-msedge.net | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com | udp |
| US | 13.67.144.177:80 | 3aa916b6fa529f468eda592914be6dac.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | dm1prdapp01-canary.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dm1prdapp01-canary.centralus.cloudapp.azure.com | udp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 13.67.144.177:80 | dm1prdapp01-canary.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
| MD5 | 9396635eca8b76a443954879d39590d5 |
| SHA1 | d4170d6713c7dd9e077fc0248544fb8d3dee2b57 |
| SHA256 | f102f1ee85c77c296d7cf8f4f47101eb49ba92fdfe75d3891f8ed24fa1b2aa72 |
| SHA512 | 1f51779bd9322a9072545e46b3d225fcdbf4912938e66dc73a0c212cf078d334b60a6cae20461e33017221d676849f6c0471129e88e59c0d06fc544e0843e920 |
C:\Users\Admin\AppData\Local\Temp\jds259406636.tmp\jdk-8u191-windows-i586.exe
| MD5 | d3dec16f4fab62a2cd325663aa11fd16 |
| SHA1 | 50544240486b91dddab2fbe6be6f5d642d15efe5 |
| SHA256 | 1ced76469b6c20985a6b1a4f48941fc3104650793865d1a24fa803fec38020f8 |
| SHA512 | b04a53295d319059bac9ca83cbc295a28afc184a41a876b6336d5cbbe1c82580e9dc3a0820104d26526a24be4d69dd2e2c6a2d70a68ea12d8ff96d0331430c43 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 43c074a7d4de533162f83c22cadc6bcc |
| SHA1 | efc2c005d49094bd35fb172a09b10811904ee549 |
| SHA256 | 4366872988380d4ae1fad0d48e8d0aff501bf2019121cf22cbabbc42b03fcda9 |
| SHA512 | 4c1ec633d9719fb843f4651c0b0f8060e9c0fe9227862cfc891146663aba94757968f550f4325d78967d7cbf27f75f8fa2fb2d51f2db476bfa6fcfbcae51bcd8 |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\jdk1.8.0_191.msi
| MD5 | 84f5b7ada4e0c06a2aae07a8419c9f64 |
| SHA1 | ed8e9b61e4967b0608406f1255e3e2dbfee3cf0b |
| SHA256 | 530f769f400f371383aa1ffaab30b46791a3bb5ea8e9304e3efe9ef419a7faa0 |
| SHA512 | 84a341cd6ad2e6b560f40792042e60d4d68cdc5cfefee7a85f28a55077aa872dcaa16e27b4a95bb7fe2516a4fe3b0e714c746b69cb826b5bddef8a659fcde38c |
C:\Users\Admin\AppData\Local\Temp\Cab4B64.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4BB5.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar5137.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Users\Admin\AppData\Local\Temp\MSI655E.tmp
| MD5 | 4ca39f5a1af6d35e41170e8c30a8391e |
| SHA1 | 0ba37cf6d207c5401fc24687ae35fd6c93f10b79 |
| SHA256 | 32b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457 |
| SHA512 | a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | a0d0a0912e5910fc4c63d6b53f4aed95 |
| SHA1 | 9a3c9008402dc8c88df01ef8e2db1f0d55927475 |
| SHA256 | b946ace8a0ed2bbe27cc0922bd0d5cffe33abb88f9b48053895f2d9cb43d88c4 |
| SHA512 | c09b8f44e8428c7123f4f3b6007812bce62a859362281d9abaf46670a463d301536918f8180228bb858ba8fbb13fd767df721025cc533e1e22474eff2a0f0122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 040b8376bc4d065948fd6b2669557428 |
| SHA1 | d906b05ee2b9563404fd4cb624c679d82703c296 |
| SHA256 | 477291d4fd8be955a3aafe90de6bc3b81d9b091073524c3a79bc3bbd63191fbb |
| SHA512 | 12554cf69dee600275b47b9fcfe08eef280dad0e5092ec9b717456fd0112a5c2a173f55acad5927c16cf753468b00f03c95101fd10b4108510293d9d1732e691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | dbf24a66e4b484c2ce868fbb80e7894f |
| SHA1 | 9d852c6db815c08c67c991916bbc984d96643d57 |
| SHA256 | 9fb2d7737cc88703fe677db3c9cc4f4226239cb9b1ea6d34b502b69b14dfc924 |
| SHA512 | 01db3a839690e7cce988417a6ba3d081054b3721205fc73ebbeb9413db96f1f5d9ef236c89bb4cb1f49e9b21b505f914618467d00ded9e9f45427b7a7142ef12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB
| MD5 | cbed24fd2b55aea95367efca5ee889de |
| SHA1 | 946f48b5c344fd57113845cd483fed5fb9fa3e54 |
| SHA256 | 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4 |
| SHA512 | c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
| MD5 | 53cf8e6a7a831fe463f13cc650d424ef |
| SHA1 | 133c9fdef54fe01f822727cea5317f8eb32b1d4b |
| SHA256 | 61b0aa536a0dfa623dc43dfa0b778cd56eb8b4e6cf12219b8b35ca9350e746dc |
| SHA512 | 56fc04579ba82e8a619207cbe7eeeabcf23fb7cf13bf1b6cff75146faac1d3b1f4b299902c9780bbc87bf0772a8968ca629b4e4830447d32ae3616d66744d249 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1958C8FC5F0E0F8549703D0A9B9309B5
| MD5 | 967984e51d81eb825b60f2670dd0c826 |
| SHA1 | 50e820adac9b6bac75eebec04ba19664c8636b35 |
| SHA256 | d017915a921df6ea173dfda52e4ad4913f565ee664d0dc4dedc3c9ece34ef6f0 |
| SHA512 | 6eaa4dfea950ba36031edf5e35865f679cff1e5fee01e26ac1a806ec7c5b3d8ec088fb2e078dad6f630c1a519e36c5201e2a75923d4f967f405f5fd3383d50ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1958C8FC5F0E0F8549703D0A9B9309B5
| MD5 | a35f892681658db02e5a68cf351cd54b |
| SHA1 | f0aef497c7086a365bfffabefa963c71a701f803 |
| SHA256 | e01aa608fb5c27e23985571a1d043a8a658d7cd438cd215b768bdb7bc08b7403 |
| SHA512 | 376442307bce497416e3c953c81ac78657d3c0318653a2e39e3e71bdc624c56a204c5c3965fa22384e8333f26de3e7223e5438b42c65895871d3daca276b05de |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\sj180191.cab
| MD5 | 7f84da806b086ef0122de5f5d827a50a |
| SHA1 | ae0e22fe86f5380d863f9ee2e3d2c16f5630dd02 |
| SHA256 | 8545dd51176f8c6773861fbc340b5a8b85bc6c67ac4154c47957d9c9f85a2274 |
| SHA512 | ba8056ea02c4c2044a62b4105871763219404a74efb8e88e83e8735014ab5feeb25269222aca09848e3f21978abd7a79d6eb640c06acec0a9bb48ba63bdc0679 |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\ss180191.cab
| MD5 | 867cf8018501335e21bd9538872099bd |
| SHA1 | 03fc10583fdbbb31d2f9904d3728047c764662af |
| SHA256 | 85546484a43d0f57c0690d782765189c84d3c077d04e73c1ea42041c98cb359a |
| SHA512 | be96165f1e2e1e6f9a73738fd17c0c5c9f35df3c12f5fdc4055dc36beec322d2853821a3a9c8c5f811a959c2b7837bcdf8b99abd494aee2d79881cb7fdc2efd4 |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\st180191.cab
| MD5 | 5a0226c666e6375da4a07d597c2f4d10 |
| SHA1 | 0673f3d02467a6ad0f361cc069fcfaa87b6583b0 |
| SHA256 | cc44d807863e382ab1a97dab15ed1f987019bc3a3093e153ce09115f7b4de4c6 |
| SHA512 | 66cf574e57ef11c94f75cb8dd93727b41a8669f02228fa1cef67e749fa82cf67a2a0fc2331c941dff4ff29661c9c83f219b03af789da34823fd119db32ec990d |
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\sz180191.cab
| MD5 | 6ddd9f7229af91f72510332059768b7f |
| SHA1 | 2ca8b4863afc1d44352b35601dbfa652838baed2 |
| SHA256 | 3a8f0955ee74c76f0879bcc3eb2c56c573c59a37be1e725846858ecf6ae455ac |
| SHA512 | 4351a88404f80cbb197dda565a27ea8e8e1d9a206207ff6469f1768080c5f8a00067488733f6470c028e6f15b9158ec47bc3052e1cab77ae7a8dc5358acaccd9 |
C:\Program Files (x86)\Java\jdk1.8.0_191\tools.zip
| MD5 | 4cb1a2c382ad492093c467728f1771de |
| SHA1 | 8d5fc127d603c7ae5d018d16f5bd36846393f02c |
| SHA256 | 8850d6e26ea45daeee16d73a8852b6a3a747fa2db02ae9febde6677dbc9f4676 |
| SHA512 | b3d2d88018c3d26bc925b7c8796eca018ff059deb7017871020d125fdf8295e5b1e8860b9968865d2ab26029d3c2c016e1cc43ae26d98ebd1dbaec652324188c |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 3addc01aafceaf679105f5dd437bce77 |
| SHA1 | 1b8f292e3df991cb749c9acad119cfa1f1400603 |
| SHA256 | 30c715f2371e7585585a2fd75c42a2d1b6627c7faec2a1adfa9d53b93a7a17ff |
| SHA512 | 01ffcf69be91b0fee1a05bf4a9ef7f31fd44971ed6de223c9fb3781d6a6e20918da3cc46cdf06bb2c35195ba48839ce938b5bcfd8fc96b503e9c8d45dc672bbc |
C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html
| MD5 | 1fabf1d6edd14f933014d5557c7b7522 |
| SHA1 | 67958aa114880c281036cc14a4e53fa123c4d9ad |
| SHA256 | 5f7d79ccbca7bdd2d9e036984a8a60c6bb9051411a740dc538f36f882f983b6e |
| SHA512 | 4c4f2caafc7ea9e97303f31c6f6a192a64fea4f24cc9d071b8339a519c1ea7f951e14571c9e9a23eee140fb676c7b213dc25828b274639046d9e01f6cd85dd3b |
C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html
| MD5 | b35adb5213ca9657e911e9befb180842 |
| SHA1 | 8d80da0c92c1269b610b03cc8061556004898c85 |
| SHA256 | 9a96d0daf98aa6fb4aa530d399c742c66121b0bdae4a1f7ffa22d2135e1df7fd |
| SHA512 | 82112691ba9b49c3e335e7eb7a426f5d24072c72424612b0d07863560fd37042b6408317db9bd973280eb17e100ec25d3ce18cc6eeedc57c27d338fa517ea6fa |
C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | adf99b54fd6f317b611320564167c305 |
| SHA1 | d3d80dd39b686e04bf31db6ac9335084e841ef73 |
| SHA256 | 1b68454d53e781f8793547fde8fcb2f3b03b5c8134f37b9d8c4045cb8a5473f3 |
| SHA512 | 65fb44cdaf01632d60ecf3b49ab1eb661982ee8b6a430dcf6d1e75789787c9e7356754cd071421ca44a1b32ab918be97a630b1b0ca722383eea56d40fa131642 |
C:\Program Files (x86)\Java\jdk1.8.0_191\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA
| MD5 | 36f381cc8f60a659777f1133a006de4f |
| SHA1 | b70e38fecb27a4de0776951a919bf072e601690e |
| SHA256 | a3f56fee6bf824076f7599298272225f054dabac6a45b517eedfedc1f37d3c16 |
| SHA512 | dc1afd3b53c97c090c3baae27ef50531b27ce72509fbe2d3d4e53b99bcf7d555d13a7545a072c518e446bc433c2cf14300bb149e784a1db841ef9c3f3dd0efae |
C:\Windows\Installer\MSIE9A0.tmp
| MD5 | 39ee694b518bd101182bc9a7f0ebfaf2 |
| SHA1 | 31ac5691443a27f0a00f8062591d799b1958e68d |
| SHA256 | fe7edeb65f6487931b72d1861c875c62e502a455383820731c21046d63bae43d |
| SHA512 | 1f664b4e8282b3ac99c85119f6d3c7063d41a6f3dda23d7a25a103c955b255de562b151c2220309ea5050bb7439dfbb3df1c896770a3ab2d38fe14d684816be5 |
\Windows\Installer\MSIE9A0.tmp
| MD5 | 6adb00c0292e5aab6f17efeeea468755 |
| SHA1 | d5eb3fcb7903f699af7a259eaa448cc94f50adba |
| SHA256 | c7d0e5c879fd0b43f32d3716549bc116109fd8c291ec77363f37ca3df2d1550e |
| SHA512 | 485f01cf9d2669210bffeaf9bbca69eb430e1ac3be9762bc72a4297221db7d986e61b1d7c6c2d0c793364f106d6f9cad4adbadbe77d3929bf516907d98ef3eb7 |
C:\Program Files (x86)\Java\jdk1.8.0_191\bin\unpack200.exe
| MD5 | 246c529b7689f21e7af745cfd30e8ae0 |
| SHA1 | 7f3ec69458623951844dc3eb3a216e305e3cbe99 |
| SHA256 | 50132c406ebdac4dcca39a804d866c9bfc46ac5fcd784aaab0b53a6c245389f1 |
| SHA512 | a85ab8bb017a4fd581a8579b4fb61e33d4c20257187e4613a8b2bcd389febc22b7b902b2f9accd3e5c77d117eed065a1a5e85148171f2b7cb1d6e02d7476ec85 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk
| MD5 | d0a48bed029d91024cb63ba26db4f1dd |
| SHA1 | 0bed8560b2a7e8a289e5a614fc372e96b8b3ff86 |
| SHA256 | 80967b0f062f3f9bef405568a8fea23b7133d5ec90bca4e7f3e63867cf0973aa |
| SHA512 | e8f711b20a4f7f65fdcbd4029fad38cb2c331aaa6603d00b83a57d01c2d28ce02571899f03296773a261691439f8d82075f3162c1893566d595c242b6271d9db |
memory/2860-2132-0x0000000002570000-0x0000000004570000-memory.dmp
memory/2860-2138-0x0000000000180000-0x0000000000181000-memory.dmp
C:\Config.Msi\f76ad90.rbs
| MD5 | 5faa935ec11c38528e90528ee48f9144 |
| SHA1 | 337e80bccde078153ef253fa682b1ab2d0a9a7f9 |
| SHA256 | d376b034e593bfe953a1459efe830a2458c921138b2bcdcbbdfefecce41f9538 |
| SHA512 | 1b4367725b3a21cf61517b9f1b8f56b7434e2c76668bb018d16b51bd7b1ad4aeaa1139a202911f73767fe11699a66aeb32a58a70af4a734a2b7ad5c2deb1e54d |
C:\Windows\Installer\MSI273C.tmp
| MD5 | 29740bb8a2ea3a2c72bd2b55a4db93e3 |
| SHA1 | f78f0e16a676e4eb1a7f894c0add2b7ba6c03d32 |
| SHA256 | 12db59a9d2335c7781e717941822981bd0ebbd34ea7f274740f88fe11e0e9b82 |
| SHA512 | 0a43ecc7f5b59c6e83e490800c91a61931ab9ab048e05ce1db356ae5688fb89f2d9059698db28f5d47f887b47c050aeed016882619fad97f02022711263b60f0 |
C:\Windows\Installer\f76ad92.msi
| MD5 | e7a59a25b60df2474d3713ddcc59e57b |
| SHA1 | 51fb69070956368bea2b060ee4e75d8d6d2b35f6 |
| SHA256 | 404ced151fef918e13ef87b457b524995d00932a3a3a40e8657ac34330a76460 |
| SHA512 | 5f3f4974081b52fdcbb54822ba49438f9fe13b6887019a43ff4afb178ae16bfd69dc9aa6d8a46ad9cb00b9794b40f3e4f4f72c7cc82f33afacc8efbe3616db83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\msvcr100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Program Files (x86)\Java\jre1.8.0_191\lib\images\cursors\invalid32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Program Files (x86)\Java\jre1.8.0_191\bin\unpack200.exe
| MD5 | f4eea0a4c94bec535c7f784acb10755f |
| SHA1 | bf6b27abde6411aeadefcd44814077a448b60c18 |
| SHA256 | dbec210d8cb3da15bd62089ce7fc744adaba777c72c6fc130658f0823d001f3b |
| SHA512 | 2347be3a2fee9f1562c6bbeec9db167686a83d456cb549c12dcea8a6fa548672777fe172c37528d6a42395ca91b339cab99d76dcaf3694ac3a0c3b827218896a |
memory/2612-2815-0x0000000002530000-0x0000000004530000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
| MD5 | 1184a6d46fad00d76159be41da64c13a |
| SHA1 | 26b1d0136bae54bc0d3717a66331b3cbed0e7f18 |
| SHA256 | d4b5fa908d1fbfb98bf487ed579afd10de956545a030fc61b9457f0307af8c3d |
| SHA512 | f33fb6aebd701c687f38a2fbb433797d094bef9d766255ad26953a3e77bb55e14703298c574c955712adef1b193051fb9cd7d5eff27a0d58ddd503e7bb8c1de8 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
| MD5 | db58f9c4c049cb162f4426330998377d |
| SHA1 | b589963d6dd1a62ef592c9ad6db08564b489f395 |
| SHA256 | 751af3b68c7a03f259310f863a0c408c6491b4dd1a05aec658577598559e2359 |
| SHA512 | 80943161d9fe32bbac1de855f2e178d276c342d63b6f575c701fd51297b568dd7ae7e192f8a629fda22294745d1cdfdbf78a06601175fca51f5de1086a21ad15 |
C:\Program Files (x86)\Java\jre1.8.0_191\bin\javacpl.exe
| MD5 | 93ac2627e46c745ecb3ef6254ff0a766 |
| SHA1 | dfab6a056af2cd51210cab55008df5b2f88bf4fd |
| SHA256 | 185a37b058233eb244cdae848cae70d0bc121c9a84904f956f340a9d15e4571d |
| SHA512 | 55529b59e3707261c8fae767f0ecb20d5a698f58ff5d50c2ba9adef9aace51a0dc0e210fc2e4f16b314064715d08b9bb491b759813ce1b70a713373cf85c62c1 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url
| MD5 | 50e09f6b0054424c356aa7ea160546c7 |
| SHA1 | 3d9b764263d87fd1a834177b48fc416e5aa645b3 |
| SHA256 | 0b28a3462b93f876d521ecea324a1094cca2f877b3f69187e839c9398f284505 |
| SHA512 | 049b2993b0ba9d43a413b44635574ea66380c2f62d0d23e8fad50a2188748fa9f9e068c88108f501288f4c365eb3764b7c200d3cfc941324a0be45444f89ed38 |
C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe
| MD5 | ee9b8795f3406088f917a1adf954ba18 |
| SHA1 | 3f2aa657cf6e5a627251faf663b584a1e98506af |
| SHA256 | 441fbffc24d77195478a6a44cfd71949403824079af9122d015e04869b00d11d |
| SHA512 | 6fb836f04467bbd30bd1b0325f39082293b822571df4e4a4403f3dbecf2df3faa2c2f68c721278863aa4fa553659d8f55bf4075d7cb007fdad0f9d40f399e837 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259485776\javaw.exe
| MD5 | 84c2540cedb08c146d1ad06122e6cc12 |
| SHA1 | 76e71ce35f5de6b23c5eeb4ec76c806c78b76e78 |
| SHA256 | 74c51f97510362f319a21ec98ad4d09099a81c6a2829aacb5e3ad21e573e3276 |
| SHA512 | e43bc79ee0046112458141d0b534600b00ef06ea66a97c26b651e0d39f14288b15510b8db70433ae2ebaf9c7f5e094b1f9967d96f5154dc632c09d48c093944d |
C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npdeployJava1.dll
| MD5 | a7ac8b0a6af8e231691916e04b7c6c76 |
| SHA1 | 3f9920d0af8e7a49a64071c5454f2b52ba596f86 |
| SHA256 | 4d8a8cb37ef56063275cc89505f6a63a93b54b2b68d51a34f7508a1f6ba748e0 |
| SHA512 | 8d319c220b25ad37cc95ee504fd18dd2d2123da93bef60eb0cd204e77264f9c40c2d66763acc9f37f1a3d5d6d6c90eac303756ccb6d2939f8548828a0af981f0 |
memory/3360-3030-0x0000000000590000-0x000000000059A000-memory.dmp
memory/3360-3039-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 5e28e72b443ded036a4cf369d0dda3bf |
| SHA1 | 0500de4480a54243b12d096745c6ba04c9479e66 |
| SHA256 | 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e |
| SHA512 | 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b |
memory/3360-3047-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3059-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ba54e89df410af64fd04c40be363f0d |
| SHA1 | 2af9e5daf6205ab71b4d9dce8ad255649105844d |
| SHA256 | 85550c790c509ce73c700271d677dfe8fea6d337256d8c23e4c7f22106fea531 |
| SHA512 | 9bc8727359f03d573eec00c35c66e08e8b5061d7c5b76d7d6f70de0a3463fa5e03afbfbd5f59e77024bdb2c4cd297b276a0950a05dbaace0568431d241caf263 |
memory/3360-3079-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3078-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3082-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3085-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3086-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3089-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61256e073a020d9a0f1a2655d2ca9ed6 |
| SHA1 | 8f2f1d8f4f2697d346cac849d513c1bff6eaf824 |
| SHA256 | ea5f08a0d6134ca6b0de4a641f31aabec879280adb41dee3a83b0439ce3175b2 |
| SHA512 | ecdf1976e2486f98da9230145cdb0b7de38d84f6f021ab21a2453b6d35f0beb86bd989c1b3c87ecffe94ed28dd6f41fec3327993b70ef4dddc1f3f18c6fef408 |
memory/3360-3103-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3113-0x0000000000590000-0x000000000059A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1b53d0b72f48bdc0bc14c7432089e29 |
| SHA1 | 53b29d5633410cde7beaf7811af73824293384bd |
| SHA256 | 6669505104e28af641b4e7bbabd947c3ed7b29847ca4ca32b2e0f48cf01bbc23 |
| SHA512 | 3075e630f845108e705441cf87a22d499fa3fd5071c65b05ae8e2edd21df1d727265974375a222ad2c44e83756895679c73bae41ca4e0a5fd5019c7e4f5f1fbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 80f67434054320f4326e087d1ccf0c6d |
| SHA1 | a8d0d1748a3892222490fedb0cb0a20163ca473f |
| SHA256 | 3b756c56fd6ad4cce76c18f9c68d5545f0bc131e870cbf4b3e3fa97d4b67e960 |
| SHA512 | 1fd87fd0a3a843bdfeee507b6a893d3315b95ba604543df3368d32f138187dcf5c4573cda6aef25cac0db20a4c346542b2500f4b1402dc5d4fbe2fff3580febc |
memory/3360-3134-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3135-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3136-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec2b25cef320ae8405d4d771975c04c8 |
| SHA1 | 3392d5798a82c952703c53294762a6479a888f0b |
| SHA256 | 99abdaeab3bed93d688bd475f6676223724d50049dd56c5690fcd39297e1754a |
| SHA512 | 3ef171fe210d5d9eb9cf803e61cb329a19b37756f97d495ba12809ea353c26bc19ce507f04323409ea4c048472536c5f1a9feecc38ae9c067daeb48fc02da5e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a06eee64a0170d8a6950fad4bebda47 |
| SHA1 | 3ac32df0822bf664efe3999841b8e24426d520b9 |
| SHA256 | b6f564f312afa9e4070329046b05b2938206c508a922e0cb38edc4faddf30ee5 |
| SHA512 | 36afcd01c7bd429bac62443d5cd95db60e79253499d8d79f6fa8b2c990de04e4585c360f43dc9824ec77134af107bc0ec2fc184c8a1ae8a2af4d8c23096631f5 |
memory/3360-3163-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3164-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5259d372ef07515bcea30fb8303b50ab |
| SHA1 | eaef94811f74fc8070a96f3d77956cfe4612c35c |
| SHA256 | 25f01244c1273452ea9fb45445b934eb21a42b38e773800d2bffc7baca589b0d |
| SHA512 | 7a8309f4e804c019ff3c1deddd8a51a79e003b8e340890b26acabe44e3cb5a4c434d4cbf5f3bc3a50765cf78e26560498e07fef02cbbb71f81e8f2b2a17ff40a |
memory/3360-3172-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3175-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3178-0x0000000000580000-0x0000000000581000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3b6649d0256d53c3d9a0e0be1db02de9 |
| SHA1 | 3908cbd3020029bd9e6acf16cc10d85c4145962c |
| SHA256 | 141845828b9e7be747d3b2fb6918e473268c320b686ba43af454090086a4230f |
| SHA512 | 5e093551bcb1a50ed863b64270851163609c7fc77a0313f3939fbdef51d723e7157542b262732799649454096ea7ea29fe9b0294c91094dce15cc8566a8df793 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d7192774-787d-4d57-8dd4-600dfd240dbc.tmp
| MD5 | 229219fb6b311df9995a24bbbb9d093c |
| SHA1 | a38cbb59df632b2e360626f7c3a1a1970ac4cd56 |
| SHA256 | 776f73a48cbe173b84c47b058415b836446c1d18446a7e5187f37d96b1c2e156 |
| SHA512 | 2346795db8108c06540c0092f3e83e29bee68cecdef47022df11f2bb043abf9e91688805216bde71338dd914c7581cea750d9c63738a8fef95631693b52499d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 217d285ba2f5b40d369443e8f982b955 |
| SHA1 | 7b5eb097a726c1a3a6df38bb88eae65033b63684 |
| SHA256 | 43f6ff2bf0250cb1dfef9d4a6707503c08d0a576cb16b3a6fb4aea7c5e448387 |
| SHA512 | 52ede4aa3ec1600e52d6e69594eed65db0b59f533938ec9ab1f324179333d509658d5d1f96db104fee9ea21212b113d6d1129c872f66f26a75444ec9f547fcee |
memory/3360-3252-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3254-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3264-0x0000000000580000-0x0000000000581000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9d1d7eebfdff137914e0aa456690405a |
| SHA1 | 76831229d27721a66e0d6a92da61a4c81970e821 |
| SHA256 | 7a607dc5c2ca83aee27892fb835a2680447bbc4881a94678e3017fc6b7ee5ec8 |
| SHA512 | c20ff50e59f87179660f0418f3315328b18ef9d5d2117a404f60f54c2b5eaeb2e310ee1a6e0ed12f9ed70b5aaccff9334927a676522b73385027348608b7c44c |
memory/3360-3273-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3299-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3285-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3302-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3306-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3311-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3312-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3310-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3307-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3317-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3322-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3323-0x0000000002DC0000-0x0000000004DC0000-memory.dmp
memory/3360-3326-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3335-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3338-0x0000000000580000-0x0000000000581000-memory.dmp
memory/3360-3340-0x0000000000590000-0x000000000059A000-memory.dmp
memory/796-3352-0x0000000003210000-0x0000000005210000-memory.dmp
memory/796-3386-0x0000000000250000-0x000000000025A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\659a3089-6b7a-4fc6-abd9-fc270158df39
| MD5 | 8d0014095fa9b734de1dd586871a9082 |
| SHA1 | 6af9bc3115a8b274cc1d7f7c4dbaed56ff6a10e4 |
| SHA256 | 3378443d97388f203ee3b3bc0297fe9ef17cb85c3e65128c0abee619f4a5181a |
| SHA512 | 340bedddea8e2983ee86c7c00ccb997741b0d27d61b6c77ed77b9ff2cd61218b965c17d67912d6b9d4f608cc441bf738cb8f9b64baace7f647b45f27de046943 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c001879f88c7e7f2f97feb3da4ba59ef |
| SHA1 | 57113f49758a0b1e43263d13cb2ba35980021c7f |
| SHA256 | 61d5c1de59507f97d09157a4236a80b2f5d1c178dc3c2eac2b307526340eb087 |
| SHA512 | 2b6ece0592c5fc482d389882d9b9f6b98d85d9c62acb2f59ddb6259d87531f91e5c81562e54e11ad144213ad82ab133da400bbb5d1eae553a0b4f88b3f65d1a0 |
memory/796-3418-0x0000000003210000-0x0000000005210000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js
| MD5 | c01d37d8abfa8bc7a89fea538aaea128 |
| SHA1 | 3c157fca151811d1e383daa37b39e3225531ec98 |
| SHA256 | f482c186479c020c4988c33ae8b26a8313cecce37b1b57f91e7dc7fa8b18270c |
| SHA512 | 9b22cdd3e87bdc3577f2976c94d6e3e13afd203d764edc7922ad6af98720dd2dff7aca6917421afbf14fa045e4a43cb3affc915b15a65d363907b16a700dbe13 |
memory/796-3461-0x0000000003210000-0x0000000005210000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 95efeb569a2ed139c4366f1335eb3b80 |
| SHA1 | 0c4fb01c6e6f77dfb4abed96f7f90ec70cb100fb |
| SHA256 | 119e255a4b4245b3bcceba94921d084a389da0135096bccc978e0ed32f1368de |
| SHA512 | 4ed257abd97a6680b8ca280ec768185df749cf6022c6ca062a3c4c47c311351b1628a23e338064140696f11611503346b4068221f6867bdf7f9bb9c0b84779f7 |
memory/796-3525-0x0000000000250000-0x000000000025A000-memory.dmp
memory/796-3513-0x0000000000170000-0x0000000000171000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
| MD5 | 2af224c7fb28f7f1d914634c3987bb46 |
| SHA1 | 42c9763c208ff0cb3938ccb12df5b93a5d2b7a6a |
| SHA256 | bf24fbe8db1747280ed370d12d3ec35e59220bdb2a9fad796801641a7e64377f |
| SHA512 | 9274ecdd7da64eae18835ba4df0a22eb66b51b6ff6208bd8327cbb0ae90f75a912d7868c37f04b02bb2d811aba9046852bd2ceaa5fed578834f94d52b4949ec0 |
memory/796-3558-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3570-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3569-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3579-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3580-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3610-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3596-0x0000000000170000-0x0000000000171000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
memory/796-3641-0x0000000000170000-0x0000000000171000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
memory/796-3661-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3660-0x0000000000170000-0x0000000000171000-memory.dmp
memory/796-3653-0x0000000000170000-0x0000000000171000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 43c5ddb6adb326800c44c5e123764c71 |
| SHA1 | 0b2be386d355cefe6188b422127f941ce4b5db78 |
| SHA256 | e6c9a75dd64412267fcd2a4d2ca164d244899990e0197c09938bea371f0e0470 |
| SHA512 | 35cc4b410d96e0ae0b5618a39b360e3e182d5f733eaac3533d6730a1c01f8bf26772c1511cf96fd002fa019ea2f49664cce4c78a2a94faa6d207ba56224060dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eef38f8679919105445ba32b61767785 |
| SHA1 | f04bb7c1472b23104c35b539e214d390f89248e2 |
| SHA256 | 5889d8b03b3ac071cd90175d42f9c58b14ff4b691831dcc7eb56bfacbe0626a4 |
| SHA512 | 9726e405f99e500e7e983a7e852ad303555a0e0537830bf8b5924b469fc934173d6dc33dc0d077a6def42f51c1596226b0cc716e7bf25f9389b67b77df938bdb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a22adaa3313a04671f77b2abd5812858 |
| SHA1 | b862b635059ff7252464f67cdddca76aa5612c06 |
| SHA256 | 1070cd0a269d03ca11033d7b5c16a0ef6ff0e48caa4d308a118dc4ee7820d2ae |
| SHA512 | 6fbbc190c37fd01fe8cd6678bb44e4dbd6e85973f1104ec52c2a47ad17eae47419830f6e5b14e89bf841fc30516f1a1d3297a270cf4153545efde8e31eecf742 |
memory/796-3789-0x0000000003210000-0x0000000005210000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 110d0020ee98e1c8dc44a7669cb100a1 |
| SHA1 | 9204c98b8e2a1048347c68ff8fef1d9f48a5f4ef |
| SHA256 | 67afd4beee23a236c3341278421af0e5e7f09c7fb13b1cca7bb7340f7cb40ef6 |
| SHA512 | 84a8cc317b9fb96bfcca760238372d94fc05aefc6bd97031cb65890796e64c20f59f2d3c8984a767a0403f80ce82cc2dfbbf630c2e997990545fb94e519fd106 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | d20ff5076725e100a171311e4f8cd24d |
| SHA1 | f99020f5d02f92614dbe6f82bf6df395a3051a74 |
| SHA256 | a15018a9f42c2be23fe4620f1666742d96e48f2335b9a216e10e999e2acd8566 |
| SHA512 | 0d48292239558f93999176f50a6c7dd1ce7f07740561b976143838056154ddef14730e7848a336577416a92fd6757c6346c215aa31e95d6b51329f2ea0f7a8b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b3b2bd87f0a4bc298df2aa47b4666f88 |
| SHA1 | 75bd7d707ad99431eedc3e4096aabdbd13e9740d |
| SHA256 | e0e5a2f5bc04a3f878aff4e2969a9eebc7cafee04488ca117fa8cbec729afa88 |
| SHA512 | bb175cb8c80d53e2aa0e88c7c75d4238a530638ef5393bb5be6a9951c59ec6a803461d0aff588d57bd19ee4a5976a68f364ed19d59fdaa98fafe23ebd5790c8c |
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 76b2a4fda5c098f17e51a209e70d25b9 |
| SHA1 | 97251b9da788d76d2630cfc42a58042ca6d27df9 |
| SHA256 | 604fd4742107f15e2716d0e621fb63d57ca42f49c8e8dce64ee40acb0b955ceb |
| SHA512 | 2aeb94cfcf36f10c6a2b5c8d34cf034fc1aee1d5dd5bd516cf391b3a254d7c19f812b6a20624cdff4148f6da96caf101b8e3f0f35bd95e3e5323ad2cc7d008f4 |
C:\Config.Msi\f76ad96.rbs
| MD5 | ac471a72eaede512bd37bb43cabe669b |
| SHA1 | 3453300175256b94c19f70dc5d5ae8cf8df8228f |
| SHA256 | 589dea18810d414fa7df65567db89439b1cd5c67c46b774b4816de77ac3dbebf |
| SHA512 | 291f89f20ef389dd6b9e379bf4340929eb2b9f851bc024cdd38ef2789803bb02292a822c87853993def25b437483fbbf412ec102ac0f946a6b15e0a58937c5ab |
C:\Windows\Installer\f76ad98.msi
| MD5 | f6f106f330c8734bb2618ee7e9b20db1 |
| SHA1 | 046283f19963dc94e7f9af7345c015cd959e20cd |
| SHA256 | cfcf43adbdb4d463fa9a50a4cbf32d997ea84162cab4c3832da5cff4a1d3df41 |
| SHA512 | 9be8f0e48ec80d85556b25eb80d0cdbcac17b866ce267bf1bd5dc2dd32309a5e23980c9025e20ad2b45ced5a24a48c1767c1313aea2c25a7be41e588b637562e |
C:\Config.Msi\f76ad9c.rbs
| MD5 | bbb18f72572a52b62bc7b1d65343c8a5 |
| SHA1 | 928e800d4f3a4dfe8724f08aa4603efa424cbf2e |
| SHA256 | db45beaefb8e07adb8508a876c521d86525eb6c10a466f083226f0ed638964ba |
| SHA512 | af0322a3263c8292a02bdb88a05cfc5d3e44f93a768b978257b48a6f1d240132b85a837aa8f44b105090853b7117e0f1af74281f8b0f8e6fe3ecf5ed8a8b177b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 059de0fc9c2e2d7042e6e819df059eb4 |
| SHA1 | f022d6586c2feec9006a96ba52ab9cedcbb119f4 |
| SHA256 | 87679b604d7ed3ed26da1d8670a60c8db47aa156744cc6f85c177c9cd5b64a7c |
| SHA512 | 49898e9e8a5ca2de2a2bbfdaec9a6df74d517d3a6d18612162921da93bc6238c30f416f2f92c5f8f4d3bcd1a953a1abf8e68c8e1ff7c286c8ba44a321837de08 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png
| MD5 | 3e6019eca2a11d371fad9dbfcf078fd2 |
| SHA1 | dc643a9f56620bc5946836d518c8e3d1f20e5de3 |
| SHA256 | 70e0bfe2d6566f3e708d6517cd62a5e1541c62cdf78ff8f268876ecee1e6766c |
| SHA512 | 2d7d1f0a4b27428421e4b01079ae49b861db204866cee39c6a0b86a74933b065b07e5226aa31c24843939317ce2d2a150cf1a71fd6127fbcc48b83636d49b5a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2
| MD5 | 48447f9a965f92c979681b88d2d16cc6 |
| SHA1 | 8a944c84112c577df15b839cd0ba1353627259a4 |
| SHA256 | 75d4bf31610e3f090cb60f80a518ba5fb2c200bc91f911a942ba8e2f297c9abc |
| SHA512 | 9b7b96257361761923450d22907d31ec65e4f54a4760a5bc20460b07b1ab10e36a21e588fb4feab18c775ff29bdd497b9a95de7a3d8d0b2bd15cc33b3d916865 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA
| MD5 | 6a56e118c53a9d6ae5ee816c6c88452b |
| SHA1 | d77cad6c024feb37f83ca5622b4c64c07b820440 |
| SHA256 | ded681efb9f098726dbed1a7ab7ad0148e21d7614b2bf93a683cb78d4df5ac93 |
| SHA512 | b4f8161bb3d97adbdcb3cc51d48411af89ae7a63bef4666389903814503b8ae1cd30037166d215eabe44c8c0a764f1557c490b062d13261df54624dbefef80d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\80AF8614EB0CDD7B24B3BE186294D327C8A18584
| MD5 | 216a3a906c4d5734aa259ba1d7b26905 |
| SHA1 | 6c9bdc34cd85645b6e1546c5bb110d5cdb71df2e |
| SHA256 | 563319ab4eb7b5e19f193dc321f93288062811c33ad498856a15d780dc28bd41 |
| SHA512 | e31e302cafb61a6e331fb32acf477d675598e4f94fe9832c480057e02d07394c2db1f701942d66cdb75b01f69baff4ebb7c8c55a81b545eaa906cfc3484605d1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4
| MD5 | ce42d191088097ba94830f08b58bbda4 |
| SHA1 | 32754102b6563171bc64d695f975d384d48b21f2 |
| SHA256 | 83910d99a02a011e9c5ae34b8aabe9370c10d4b8707af4c5f5d5e813af28d75a |
| SHA512 | 2742c7c1466240ac0138b613070f40b45307896ee27149d40c68807a17a4434cd42ce4b9ddf2699e0a567bdff1e6810f206c4e68c0b44be07ffed34aef9f0d2f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6
| MD5 | 01187bcb179e310df5980f5acadc1272 |
| SHA1 | d5f9566e5acd0f3155759d8205351dc23792f72b |
| SHA256 | 02252e2fdab9f9d566130267e1a57fd20e8df8590e4dd61a5ed22bf0b62470fe |
| SHA512 | 455c73064e910dc87d5577affbf09756a0080a862fd283023dafd963ee804ba49ced381020026e0c03a227c4da41ece8229028d9e6d83d85c71085438783e1a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\doomed\19810
| MD5 | f056f31799570d120ecf326df6dac1d4 |
| SHA1 | 746475a503f8f4259756b80bed535c307233d0d6 |
| SHA256 | d181a102f4f3715b8b08651530815b748ba1678bf79d16de1ebc0de999c9088a |
| SHA512 | 9d88a948378edd2e4645f8a886a5b6ca70c9a3fb95f0905ee889a4739beaac3093d54aab492527554342442f4a39e9e6782ef4261d005310c0f66aa51351037d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c0fe1c3e1bf14e18fd41cae68d0edaa3 |
| SHA1 | 663374111d8f4c41b03c65aaf640ffed2328f7df |
| SHA256 | 71b236e6e3af18cc3039298fdaee53f1f873c6ee92c62762fcb3449f1868580f |
| SHA512 | b57461247dbf2731867a343a4b254de3902674bdf4c218014726cfaeee5519e188a5c28b0f5f4790f7b179ea60873ca68b4f275d739dae940c713ec36c61911c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1473626b99ebed936aa21352d0cb666f |
| SHA1 | b74e4677b3827e779ffb70d9dd655f28e2780add |
| SHA256 | 08546d81bcc7b8a093471a45af14793d218ac30a0d993d6cd66ea27e08d8a7b4 |
| SHA512 | 02f97535af0e428b360871804bec633064b755ce7cea5e852df8316d6f8dcca41110dc3ec86ead68336d3fa96ab09b0dde96f3b5476a0d639ebf78a2dfb17d87 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 694f49bc64e00a199374898c42dc465d |
| SHA1 | b9a88f631442e5f591a518cd8b10fdbda8e90134 |
| SHA256 | 9b807aa75021c2b93e62e46a8dfd6a3da7a45ee76bfb8573bdda035ce3db203c |
| SHA512 | b2da2c1e484e1983c3423e1e984dad4968ce9da24be86cc52ef56868663b7e55f40fa200a090838ad5d9ddf63e6e301fa3cab399df91c388e62ff82e0758fdd4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFf7dbe6f.TMP
| MD5 | 3fccbce2e89a828d6af3c9d0ce787b28 |
| SHA1 | fa29bf75d0967fe29aa81d54963a4b2952c9cec2 |
| SHA256 | a4ad46aab3237045c71ed72b528bef71b13afe2c573384828563ef418973f745 |
| SHA512 | fdb7b4009c8fe12a1076f3ea3c9b3489db5d1fff5f2d203067544fc116a0945a44ebeb46b5f9895166cd2f6a267d0bc6814a7bcc1b6eca12c9812958bea28ef9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R32UMWPUN1DU7UMNV9D4.temp
| MD5 | 9bbd1eeb180ddb333a7d462abc542717 |
| SHA1 | 1449b25968e73a2b0ae75515325df60a2993a843 |
| SHA256 | aaac52834ddbed1fe1a0f47e35fecfbbf48d911b298c4c448cad897dbf06d708 |
| SHA512 | fef921d1bf83d96b510c922d30e4d087fc4d1a89193d89a1d6449b416dbe630f8082cb5540a885c5858e93fe268c414226edf2da20bb84b7344ae57f87e146cf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\11A01A67B2170B1611682D6A2FEAF15BBD68741B
| MD5 | 38597e2e58796d8b7d75267434092a50 |
| SHA1 | 9145aff3eb2c3ba7bceaf59362c482120196fc68 |
| SHA256 | 3e4be15260ac248f1a46f884f8a6acf7ba336b87519cc90ddcdbeb555ec71610 |
| SHA512 | 185b4bed1e77e92ffdbdc95180b7338aa4c6d2eab9b3de51c8f1bee2c8be8967c76b577ab8eea5f797813e37dcd431730e4d05a40e06a7274e67bc1acfcb75b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 860a399326bb505a54fc339d3ff2a940 |
| SHA1 | 176f21c9b967c731bae081d2c611d9c0f3cea8ee |
| SHA256 | 1575382360401b1ce52db0dc25f4ca899d23b2831caa448d07fcaf0c0e3ad0b9 |
| SHA512 | 76a338568e30489628067625d6a45172a2e5a13747a2fc5e6da7e2c6e98000b77afce625d8bfee90d26023a2c8613444d35b73684d21a78c411b7c0c9ef502fb |
C:\Users\Admin\Downloads\Error-437--main.KEyv4TvT.zip.part
| MD5 | 146aeba739aadd9c1d0092ad4f443e67 |
| SHA1 | 0dfb477296eea83290ab1e971f3564f935d2f5a1 |
| SHA256 | 2a9bef7f05505ca9cdeddad1204ab856ba97de5e94f38c455854023461784a84 |
| SHA512 | 94b491a1d9c444219b95e3fb9ec68ba508351b974272b198367f459fb1a9db698eda8e1f0be0d930b609d84caf2d50d669c1fe07f49e68669b06ba6dbf052f9d |
memory/2564-5101-0x0000000000400000-0x0000000001533000-memory.dmp
memory/2564-5163-0x0000000000400000-0x0000000001533000-memory.dmp
memory/1160-5169-0x0000000062440000-0x000000006244F000-memory.dmp
memory/1160-5183-0x0000000000350000-0x000000000035A000-memory.dmp
memory/1160-5184-0x0000000000350000-0x000000000035A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4
| MD5 | e596cea225a1c86f429ae9e85228ba46 |
| SHA1 | 1b81dbb1d80602bf5eb87fd0b39538e3a9c52655 |
| SHA256 | 32aca9cf2599d255ba28877055047bfc11ca8ec8065bc492729f655b98a86430 |
| SHA512 | 3ee73090fae294cdd0056cc9d3e8d524dd4e97e10c92466ccf6b6d3eab13a3e27619515222e44c58c1a442b6bba842b8f7c7b2b84d0267600de70b7df4fe59d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
| MD5 | 829584cebc0ade1e56df2320a48ec368 |
| SHA1 | 2a3a93f1cae1a11097610e08fd677ccbe5861efe |
| SHA256 | 37713a503eb0f814a381504b0111aa2cd2d8a940a4bad5bbe896578659fa9af1 |
| SHA512 | 47780481f9b8225918fb461fa01c4d8b317c705f559698e20c95ed1e451fb1e4f48fd294fd8425eabfd841442ebd8f49d74abd0fd4f72331f0f079ae4e8d0fa1 |
memory/2020-5327-0x0000000000400000-0x0000000001533000-memory.dmp