Malware Analysis Report

2025-01-18 22:15

Sample ID 240429-t8xysafd69
Target https://www.roblox.com/download
Tags
adware discovery evasion persistence ransomware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblox.com/download was found to be: Known bad.

Malicious Activity Summary

adware discovery evasion persistence ransomware stealer upx

Modifies visibility of file extensions in Explorer

Process spawned unexpected child process

Modifies Installed Components in the registry

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Drops startup file

Registers COM server for autorun

UPX packed file

Executes dropped EXE

Modifies file permissions

Installs/modifies Browser Helper Object

Checks installed software on the system

Adds Run key to start application

Blocklisted process makes network request

Enumerates connected drives

Drops desktop.ini file(s)

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

Modifies Internet Explorer start page

Checks processor information in registry

Modifies Internet Explorer Protected Mode

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-29 16:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 16:44

Reported

2024-04-29 17:04

Platform

win7-20240220-en

Max time kernel

1192s

Max time network

854s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.roblox.com/download"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\Explorer.EXE N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Program Files\Internet Explorer\iexplore.exe

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "hehhe" C:\Windows\Explorer.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Windows\Explorer.EXE N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\INSTALLED COMPONENTS\{8A69D345-D564-463C-AFF1-A69D9E530F96} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe N/A
N/A N/A C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe N/A
N/A N/A C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe N/A
N/A N/A C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0196-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0267-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0191-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0105-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0277-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0236-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0348-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0248-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0392-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0376-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0203-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0175-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0362-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0378-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0342-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0177-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0399-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0065-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0075-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0354-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0141-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0128-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0159-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0162-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0352-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0078-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0198-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0097-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0084-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0303-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0307-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\unregmp2.exe N/A
File opened for modification C:\Users\hehhe\Contacts\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Searches\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Contacts\desktop.ini C:\Program Files (x86)\Windows Mail\WinMail.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\unregmp2.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Links\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\hehhe\Favorites\Links\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\hehhe\Desktop\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Users\hehhe\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Links\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Favorites\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Saved Games\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Users\hehhe\Favorites\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1001\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1001\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Desktop\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Contacts\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File created C:\Users\hehhe\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Program Files\Windows Mail\WinMail.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Searches\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Downloads\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Favorites\Links for United States\desktop.ini C:\Windows\System32\mctadmin.exe N/A
File opened for modification C:\Users\hehhe\Saved Games\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Downloads\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\hehhe\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Windows\SysWOW64\Elevation.tmp C:\Windows\syswow64\MsiExec.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\hehhe\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\hehhe\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Mozilla Firefox\nsjE301.tmp\AccessibleHandler.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\te\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\tl\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mozilla Firefox\nsjE301.tmp\minidump-analyzer.exe C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\af\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\nsjECC2.tmp C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nsjE301.tmp C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\el\ C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini.moz-delete C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIDBF9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDD36.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE26A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2E9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE74.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f772.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFC47.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSIDB7B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE85.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\displayicon.ico C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSIFB98.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFB49.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFC26.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\SysWOW64\dxdiag.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSIDBFA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77f769.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\RMFFile_8.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f873.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0000000010\9.0.0\ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f774.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDCA8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDE90.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2B9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\FDFFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\displayicon.ico C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\f77f76c.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFB29.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6B85.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D3D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f77f769.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f76e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77f76f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0000000010\9.0.0\ul_msvcp80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE43.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFB09.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6CBE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2EA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF00E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\APIFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SecStoreFile.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3518.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Windows\Installer\MSIDE51.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE111.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFD82.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE96.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\DisplayIcon.ico C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\Installer\MSIFBE7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\PDXFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\PDFFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0000000010\CacheSize.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77f772.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\rundll32.exe N/A
File created C:\Windows\Installer\f77f777.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE2FB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF00F.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Explorer.EXE N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Windows\system32\csrss.exe N/A

Modifies Internet Explorer Protected Mode

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" C:\Windows\System32\ie4uinit.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\38\IEFixedFontName = "MV Boli" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\15 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\33\IEPropFontName = "Segoe UI Symbol" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\System32\mctadmin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Settings\Anchor Color = "0,0,255" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\SOFTWARE\Microsoft\Internet Explorer\Main C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Services\ C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmd C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\MAO Settings\DiscardLoadTimes = 108a2e38569ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\LinksBar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\UseClearType = "no" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Settings\Text Color = "0,0,0" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wm C:\Windows\System32\unregmp2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\5 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\8 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\20 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\12 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\25\IEFixedFontName = "MingLiu" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\38 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Security C:\Windows\System32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\25 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Desktop\General C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName = "Times New Roman" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\18\IEFixedFontName = "Kartika" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "egywbsm" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Document Windows\y = 00000000 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\3 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName = "Courier New" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\9\IEPropFontName = "Times New Roman" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\28 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wpl C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\8\IEPropFontName = "Times New Roman" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\13\IEPropFontName = "Shruti" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\34\IEFixedFontName = "Iskoola Pota" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\Save_Session_History_On_Exit = "no" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\30 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\30\IEFixedFontName = "Microsoft Yi Baiti" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color = "No" C:\Windows\System32\ie4uinit.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c6b3ee6f34aec146bc1c7f1735ff06e2000000000200000000001066000000010000200000009686986bb1fed145c448a721c0599c2e159137ac60cac63c5344d92cbcee8846000000000e8000000002000020000000357024666e0679b33577ee43d2718bb02e2d7b34c40e217aa476668c2727e5c6900000009cc0fab25d443393bda984c283f42fabad58ab404a38e2b998cf8d2875eab6c3f273a542a17f49a6387cc55ce5644c8e6f15b4b60006b6d8c46b4ca971792bc6295c8a6472ec97ff97ac74eda6b0d0ab8b11ec1d12c2fd3e8a85306eee28a5d227774e2667017c5543db9a68c1c1071ed6ab4562c4faa4c9af7a21465b4ff33467e072b762d6432795c0354b389773754000000096848e3a66f2124ba3d7674ebb9b9f3f2370836fa5a01c773f8007a00f7d4dc8dedf2a17933d0e21cc19905d4637b7536cb8772467a62bde0172d8d187f75f13 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\6 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\21\IEPropFontName = "Microsoft Himalaya" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\International\Scripts\27\IEPropFontName = "Nyala" C:\Windows\System32\ie4uinit.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" C:\Windows\System32\ie4uinit.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_27" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0136-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0198-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0266-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_266" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0162-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0332-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_332" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0066-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0168-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0171-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0130-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0106-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0223-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0169-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_169" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0052-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0361-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0202-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_202" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0246-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0322-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0224-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0260-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0219-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_323" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0122-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0268-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0260-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F\52C64B7E\@gameux.dll,-10060 = "Solitaire" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0230-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0400-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0056-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0188-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\JavaPlugin.10802\CLSID C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_08" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0355-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0361-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_361" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_39" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0289-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_289" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_91" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0062-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_155" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_199" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0341-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0182-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.au\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0133-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0253-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.secstore\AcroExch.SecStore\ShellNew C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0240-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0269-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0214-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0082-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0186-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0330-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0349-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0269-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_269" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_36" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0191-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m2t C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0173-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0162-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_162" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0055-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_55" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0111-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0197-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpeg2\shell\AddToPlaylistVLC C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0133-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mpga\shell\Open\command C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0316-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0019-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_19" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0394-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_84" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0118-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0254-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_34" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0156-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1001_CLASSES\Local Settings\Software\Microsoft\Windows\CurrentVersion\SyncMgr C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_54" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0126-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_69" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0120-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0359-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_359" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\dxdiag.exe N/A
N/A N/A C:\Windows\SysWOW64\dxdiag.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Windows\SysWOW64\dxdiag.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files\Windows Mail\WinMail.exe N/A
N/A N/A C:\Program Files\Windows Mail\WinMail.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 2376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.roblox.com/download"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.roblox.com/download

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.0.169570481\364910296" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1184 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6be3a9ec-0794-47c3-ae5f-1caf6aee8a01} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1300 110d3158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.1.887983389\643671784" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3cd40ef-1e82-4d7d-9575-b9ef7191a11e} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1516 d71f58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.2.539475173\316929376" -childID 1 -isForBrowser -prefsHandle 1908 -prefMapHandle 1924 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b308a2-c1ed-47a0-9621-57b5bbdb3795} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2112 18a99758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.3.1737921826\373184516" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 2776 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b5e56e-4d8f-4d28-bb23-c2c0e979e3d7} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2792 d62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.4.1957113499\446235816" -childID 3 -isForBrowser -prefsHandle 3800 -prefMapHandle 3716 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b166cd4f-df26-4b5e-92c1-23808f3b58c2} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3816 2242c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.5.51474424\2046819457" -childID 4 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47f42141-6850-405f-bb01-908558423b89} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3964 2242d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.6.218059338\329732764" -childID 5 -isForBrowser -prefsHandle 4164 -prefMapHandle 4168 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {154dca25-310a-4bca-8855-05adabd61fd6} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4156 2242e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.7.1961015431\2135688391" -childID 6 -isForBrowser -prefsHandle 2184 -prefMapHandle 2120 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06029ea-6ec8-4ff4-a044-21ec7535465b} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2180 20f84a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef43c9758,0x7fef43c9768,0x7fef43c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2332 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2652 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1080 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3868 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3860 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4240 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4100 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

"C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe" "__IRCT:3" "__IRTSS:24068259" "__IRSID:S-1-5-21-2721934792-624042501-2768869379-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708464" "__IRSID:S-1-5-21-2721934792-624042501-2768869379-1000"

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 86B2D43CBBE1FC5EA59FA8DCF3126352

C:\Program Files\Java\jre-1.8\installer.exe

"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding D085ADC4245D3822DFDD4D27D000CF2E M Global\MSI0000

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5D311CAD32DB81DBF48C4381177971E3

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A296A4DD1753F0D75A99313F58F5FA49 M Global\MSI0000

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.921.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.921

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x55c

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.11.2\natives -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\netty\1.8.8\netty-1.8.8.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\oshi-project\oshi-core\1.1\oshi-core-1.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang\51.2\icu4j-core-mojang-51.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.6\jopt-simple-4.6.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis\20101023\codecjorbis-20101023.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav\20101023\codecwav-20101023.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound\20101123\libraryjavasound-20101123.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal\20100824\librarylwjglopenal-20100824.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem\20120107\soundsystem-20120107.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.0.23.Final\netty-all-4.0.23.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\17.0\guava-17.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.4\commons-io-2.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.9\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.4\gson-2.2.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\authlib\1.6.24\authlib-1.6.24.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\realms\1.10.16\realms-1.10.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.8.1\commons-compress-1.8.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\7.0.12_mojang\fastutil-7.0.12_mojang.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.0-beta9\log4j-api-2.0-beta9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.0-beta9\log4j-core-2.0-beta9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.4-nightly-20150209\lwjgl-2.9.4-nightly-20150209.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.4-nightly-20150209\lwjgl_util-2.9.4-nightly-20150209.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.11.2\1.11.2.jar -Xmx1535M -XX:+UseConcMarkSweepGC -Dminecraft.applet.TargetDirectory=C:\Users\Admin\AppData\Roaming\.minecraft -DlibraryDirectory=C:\Users\Admin\AppData\Roaming\.minecraft\libraries -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.7.xml net.minecraft.client.main.Main --username nam,e --version 1.11.2 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 1.11 --uuid 31c66dfd0408421ebcaa3b84b194bed7 --accessToken null --userType mojang --versionType release --width 925 --height 530

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -UserConfig

C:\Windows\System32\ie4uinit.exe

C:\Windows\System32\ie4uinit.exe -ClearIconCache

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fcf7688,0x13fcf7698,0x13fcf76a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fcf7688,0x13fcf7698,0x13fcf76a8

C:\Windows\System32\u7e72d.exe

"C:\Windows\System32\u7e72d.exe"

C:\Program Files\Windows Sidebar\sidebar.exe

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Windows\System32\mctadmin.exe

"C:\Windows\System32\mctadmin.exe"

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\u7e72d.exe

"C:\Windows\System32\u7e72d.exe"

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000049C" "0000000000000390"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 63FCD6F2B3C0C1F9F4B1915CAA15CEA4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B5DF489B054E45548601D9C227FB33D9 M Global\MSI0000

C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe

"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=5

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Z "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --uninstall --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fac7688,0x13fac7698,0x13fac76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef4759758,0x7fef4759768,0x7fef4759778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/chrome?p=chrome_uninstall_survey&crversion=106.0.5249.119&os=6.1.7601

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\u7e72d.exe

"C:\Windows\System32\u7e72d.exe"

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2180 -s 640

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\u7e72d.exe

"C:\Windows\System32\u7e72d.exe"

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe

"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -arp:uninstall

C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe

"C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe" -stdio \\.\pipe\AIR_420_0 -uninstall

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe

C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe

"C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"

C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" uninstall 308046B0AF4A39CB

C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" /S

C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

"C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" /S _?=C:\Program Files (x86)\Mozilla Maintenance Service\

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files\VideoLAN\VLC\uninstall.exe

"C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

Network

Country Destination Domain Proto
N/A 127.0.0.1:49188 tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
DE 128.116.123.4:443 www.roblox.com tcp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
DE 128.116.123.4:443 us-central-default-px.roblox.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
FR 128.116.122.4:443 roblox.com tcp
US 8.8.8.8:53 roblox.com udp
US 205.234.175.102:443 static.rbxcdn.com tcp
US 8.8.8.8:53 roblox-static.cachefly.net udp
DK 18.173.5.108:443 css.rbxcdn.com tcp
DK 18.173.5.108:443 css.rbxcdn.com tcp
DK 18.173.5.108:443 css.rbxcdn.com tcp
DK 18.173.5.108:443 css.rbxcdn.com tcp
DK 18.173.5.108:443 css.rbxcdn.com tcp
DK 18.173.5.108:443 css.rbxcdn.com tcp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
DK 13.33.141.114:443 js.rbxcdn.com tcp
DK 13.33.141.114:443 js.rbxcdn.com tcp
DK 13.33.141.114:443 js.rbxcdn.com tcp
DK 13.33.141.114:443 js.rbxcdn.com tcp
DK 13.33.141.114:443 js.rbxcdn.com tcp
DK 13.33.141.114:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-static.cachefly.net udp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
FR 128.116.122.4:443 roblox.com udp
DK 18.173.5.64:443 dapx4swc8lj69.cloudfront.net tcp
N/A 127.0.0.1:49194 tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
DE 128.116.123.4:443 apis.roblox.com tcp
DE 128.116.123.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 a1818.b.akamai.net udp
DE 128.116.123.4:443 apis.roblox.com tcp
US 8.8.8.8:53 a1818.b.akamai.net udp
DE 128.116.123.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
DE 128.116.123.4:443 apis.roblox.com udp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
DE 128.116.123.4:443 apis.roblox.com udp
DE 128.116.123.3:443 us-central-origin-px.roblox.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.37.13:443 tlauncher.org tcp
US 104.20.37.13:443 tlauncher.org tcp
GB 142.250.180.3:80 www.gstatic.com tcp
US 104.20.37.13:443 tlauncher.org tcp
US 104.20.37.13:443 tlauncher.org tcp
US 104.20.37.13:443 tlauncher.org tcp
US 8.8.8.8:53 i.tlauncher.org udp
US 8.8.8.8:53 hcaptcha.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.18.124.91:443 hcaptcha.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 2.18.190.80:80 apps.identrust.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 104.20.37.13:443 i.tlauncher.org tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
GB 142.250.180.3:80 www.gstatic.com tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.103.251.196:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.103.251.196:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.46:443 google.com tcp
FR 172.217.18.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.163:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.221:443 sjremetrics.java.com tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 page.tlauncher.org udp
US 104.20.37.13:443 page.tlauncher.org tcp
US 104.20.36.13:80 page.tlauncher.org tcp
US 104.20.36.13:443 page.tlauncher.org tcp
US 104.20.37.13:443 page.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 img.tlauncher.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 8.8.8.8:53 img.fastrepo.org udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 172.67.70.32:80 img.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.246.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.36.13:443 tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 8.8.8.8:53 dl2.fastrepo.org udp
US 172.67.70.32:443 dl2.fastrepo.org tcp
US 104.20.37.13:80 tlauncher.org tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 res.tlauncher.org udp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 8.8.8.8:53 cl2-res.tlauncher.org udp
US 104.20.36.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 13.107.246.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 13.107.246.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
US 13.107.246.64:443 libraries.minecraft.net tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 104.20.36.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 libraries.minecraft.net udp
US 13.107.246.64:443 libraries.minecraft.net tcp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 8.8.8.8:53 cl1-res.tlauncher.org udp
US 104.20.36.13:443 cl1-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.246.64:443 piston-data.mojang.com tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
N/A 127.0.0.1:55362 tcp
US 8.8.8.8:53 support.google.com udp
GB 142.250.187.206:443 support.google.com tcp
GB 142.250.187.206:443 support.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 tools.google.com udp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.74:443 scone-pa.clients6.google.com tcp
GB 172.217.169.74:443 scone-pa.clients6.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.206:443 tools.google.com tcp
GB 142.250.187.206:443 tools.google.com tcp
US 8.8.8.8:53 gstatic.com udp
GB 216.58.201.99:443 gstatic.com tcp
GB 216.58.201.99:443 gstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.18.190.71:80 crl.microsoft.com tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin

MD5 166bb1412e0e7fa4733fd530486edc87
SHA1 fdf4c6ff65f7454ce3c15d2347348035e22128ff
SHA256 052de56a2290971e5eecbb7f95e80eb5ead75d7045f69e3e90744303e6dadf24
SHA512 ea3531702ce43071212136b98f5b7e6c547edd17cba77d2d571ca9f016b3d4cd1342e319bc8e7ee4485c618b6d3eafcbcb7671d70275fe445c91606bc17c324d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\aa9ca0e5-dc26-4e7f-9b2e-b5e2bf113cc0

MD5 bb9f606c7c82446c443b7db7918cbe6c
SHA1 3e734b53b8a3e763b75c189e54dff9429e3509b2
SHA256 96460e288c58afdc4f30735af69953ee39b2b5f910ab4e82b7bbd6be4628e46f
SHA512 3da643fd022609af3046f59d8f542c5617308803fb6d3050bdf5a61b4b6e707a13b714bdbed691f872cf14a03f9e293f128757c1ee8e6cbb4b0040b6cbc390a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\c7ae5308-fb4d-451b-bde4-484b815edf5d

MD5 c611e757d9f345a9a8f165d196ff19ea
SHA1 803f30383696a5d0b3eacc5e3c364049c2edca88
SHA256 bd987df48b42041546a37e7116f20c9c99880fb26b2f59a513b82075c4471562
SHA512 9b06a1b1b6cd6f0ee19470428f661fbc1ffc8d5242629bb205da06d07e96189767c46fecf2d33696501fdc5b5f821c87365993ef9b0a893aa24ab3a79fe83989

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 5e408510e49e400798db0c3d8d9d24b9
SHA1 bdf1af36f1d03934209eac72ca486cf4c9810b45
SHA256 81d5663f7cdc1caed0e23fb10c3798a9791c0bdac67b6ca96d321cdfe71c9532
SHA512 20a1f7b4d4eb3117f0fae575a6d91bd37207c81fc831ee1baa54c752a3a1b547284ab198126eee37f0687dde2aae81085a555e0101074f391665317a61903357

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

MD5 4341e86b883f0223042ef2b482fcc7cc
SHA1 5708ee6fc557b53cb510f0de4bacd73c548b965a
SHA256 b51a04e7a000e2c19241da29bdba4c0a9918a6d104946647421fadbde7707d47
SHA512 1677e8523583f5032770184957abf6c5c4d43d9b16ead4bcd16d112f8a95bc2f8263546751973a87ee3baa1fc925897da9474ff6ca736d2e1efcf5cfad13c03d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 903062a8a33939adf3403ef17c81ff7f
SHA1 08ab3bba90892f39db9a1a0322e3daa45fec0e18
SHA256 04660c8e975ced9c1a3bb143e047b8442da3e7c7cb1b620e14a7e442bde02008
SHA512 72ce08cf80967293665ce4afb0d03da5defbe2a89191c38ec618e576cf626a3ea2ba109dec12bf25efbd2f60b6231cde171c826c8ffc3e65f82e86cb81537bfc

\??\PIPE\samr

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 749b1b4539a1f27736443fdddca181f7
SHA1 7f514da87c74040c092bd500b4d848ae1da5bd06
SHA256 8ea22dd69e5b4891ebe2fd8b65ebed144e678ef9bb57a50e61da7b7c06a0506b
SHA512 1dbf38dacc69bf9480c25ab7edcf492bfd027c655d31d96f64f7fb103221b813d460b060ea68e074d3c39600dbaba5eb97db2e9a7f0e4a92440b1dbfb2cf6db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4781c1c8680a45af912832aaecfba9c
SHA1 c1af3f118f9e46f3daa332d7dfb63deae3aedc02
SHA256 6c9cace8a826b368e33d0527b69f904467fe406832ea9d4ef172aeae474c16d3
SHA512 97d46058df5e66e3452e7a5fdca0429cd75a4102c28e538e0f416dce3c0b4cd68a8870f36a3445bc1c4e60330de0498f2a29007585627f75f82e66b5c9447c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarD254.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c4413c1030ceb5f1d694fe85ee47f24
SHA1 e05bdf3925b8479379c97671df6fff9f8acb7115
SHA256 f37c35c82824bbbbbf93de79f7fc3f6534c2ea8db7a6eb4d6af13d261bfc9a73
SHA512 95f6878e3094e83c6d77ed3831620f0d7f12f09ab74301a699ee2027f6a087fccd0d7bb15cfb31c207c5055b4252ed478a714c1b46f521d2e1465aa7b47db3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0116c88cb99879392234f34232602528
SHA1 09dc106db94de5f6e7da45b29b27ce6a449e8ca6
SHA256 1f6c5ad951c147f25daaf5d1e60afc62b68f85e51f09973529e415be68ee0fcd
SHA512 5dc836d2137d99f8b4ac9d0480e9f60eefcc1a92cbbcb4eb9e05868a4ec278e9b32270d50f9dc93d476eb5509dae1f8d1312af85b50bac1ec643ed1708816650

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdc8b646809cd0cf8c33b6f47d59489a
SHA1 b33d22eef37900389c1b0d600f8f10f3b90b5871
SHA256 b79c1d7803150cc40ea57f44f0b8de766209b44ca87eebfb15492103620e7565
SHA512 b217a9286c2013873fb3a9c906a96c6b22a49515670eac675c17cb18dfa71ad359e42e86a03ea852ac156ee6e8ba57e3be566b95fca96bf22495f51153d97400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a64d89e783454de38a2bea1dfc7d032
SHA1 5aece038b03d2cef62a87811038f229b9902b4c7
SHA256 fe9036f7a89ef893ac7f3717133c3232cb02881d930962c3d1d76c6c7274916d
SHA512 6ddc23effcf9c1dd1b16fe94a4350576556abecc9d1f614dea754e63ac49b2ead79b285ef6da1d911aed2719a447e16dfa7305e6d4bb2a42b66e7ea4fd3186b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8b5a7966d4902a45e7b132caf55ca5a
SHA1 f7378a43a48cb2ac0a71013c3dc7517a8e60e579
SHA256 8aca234f3bb8052feba82a237479490f741f8d370767c34c49c922bf023a36f5
SHA512 8068bc3036e4060b6d1ce9be1799886f24628d0df241b9724eb251075e4784ea781a8592296499d831378e9eb37c53cd6b3b5fbb5702e17959db30216191a21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00815e259aeca8adabe94bc53893e1e7
SHA1 13b8e3b8d09faa6a62069a848ee9b999535cd64b
SHA256 f614817c8ff571513c00e080555a43190311f294aa61b169b52eae9c9d1655bf
SHA512 e5d31b1cc011b2b1f6f9e2cb65c9e8025ba8105f04031abbad2c5aaff1000d6ade216b6b3652d653d58ccd24dc4f1b3c6a4e5a605fcc29b1c4fe6cb9c25cee38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c9477d8f78a42ac61271fdd6920bfaf
SHA1 069b81eb53e8663a923ff4249d8bb9f18e53c9fc
SHA256 9d7484f825d8255360426bc4fe922dc449b52b81e4e76cf174df7bc804229392
SHA512 aabdf4746482c511f2b69caef4b8929943f14431b087f82076b4e88677fed0088398eecad304934df689fd7bcf08b9dcfc101b35d226ce1f59619487fd3050b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f1e5945bd075776dac63bb708f4609e
SHA1 010acb1afd523ba339e98411ffa836c863e0e6aa
SHA256 0b3afd9f9352b5aa978ca4cb72bec1eea8aec4a34bcc6e6440801c0e64654b07
SHA512 ddd7da50a9e8992c408077cd26e65cd14798027075d178898bc5c2ce7604d03f1c116a86f8fb99b954d2ee91c1f9a315ecf5d713ec7bc0065af8d2fef25d46db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 228876e0d584bb1ff673f0528497d69c
SHA1 8c9e4f914fa8667cc618652c7d353540764ca426
SHA256 4d04a2859be6ebb1ea8d87ffeef6678b2f2979f3d02fdb415e47ebe111063668
SHA512 02515c9b76fa0b460e5f8276a35e912336ab499864f0eec10cba66444b8850c937d2cb9faac8d72426004bab7ac44e0c10ac137c6b0fbc1f5bb039c89602011b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40a8f08b10b50cb7f3c9e8931b587973
SHA1 9c3504591930c49ab42da93cfe36edf701e89445
SHA256 332a889bc876abf53cd3493d722623f7a8d825efd0e62316636b518fe6e83277
SHA512 0c25c8683f7e472c9e3c896d9f149638d74dc5aca1b8c031457b5f51dc5aaa307fa7fe007604f94df9fb4e026666ba03f190d7a94b2bf53dc30e70680f768b70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\103166c8-e70f-47c8-b4ad-a1e3c57087c1.tmp

MD5 e93eb15fe158118e93066d385ea02e26
SHA1 4fc151eb078e2358507f221c6f53c17610b3461d
SHA256 78bc6fffb729c13fa7e328227323f68f9682f6cd36e0a859fb01e8772e5f6075
SHA512 0ef2b428204e3d650f87bed561dbb934c6d1c2a75ab0205f814dd9229ba529cbff2975c1d9dd86b2dc0adea0d40b9c7da7f196094f7b7cdb023ab8fad1b3504c

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

MD5 1a2ce8f6f111d438d4467a84d8c74351
SHA1 6f2b6d316eb820ae6875b84df9615e412ae0773a
SHA256 9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856
SHA512 8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore.jsonlz4

MD5 aa8d0b6f77b29dcd8acde367caca597a
SHA1 4d25c4f96d1fbd7a70fc40b7f713d665c4ca7669
SHA256 c81d5671cfdbb567d5e2255f3c4a83c3c2b0553a2f32288a73dc33373223a840
SHA512 389df5b8ff2f23b7e2d4056832cc8c0e45d510607a5cbf25a567d73a295880ee4c601246923238d560611082273be7956d557c5da70516c4e04bae346d3d20a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

MD5 fba586d146351ced092d034fc3678aea
SHA1 cbfcd531caabe7d6f0845f73c114a675f07f94ef
SHA256 3011606beb60e392d47d71f8d7a2ef36705c85456b4d6abf965f048b4db6f5cc
SHA512 1b628ed6770836a3e865f5e2e3b2749dcfb9c1f47ebf76f302041eaa55cac6e601643d15fe79ff47aadc37719806c41e9aac2ddaaa8be7e5852c8f842988b9cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 94f8a4bd472af5c1c53b0945eeb2cbcd
SHA1 602763088db56b6e5391917ba79c116954fbc196
SHA256 aafb704272211db2eb0f36f2c53b536212e76137c6625a70c0c9ab7cce6ec7c0
SHA512 d18827de3fb55e659a14dfb0f711e0cf57d434fc616a81bf2dcb5e98a96e9846e9f05f0ba9a5d937aee179222688a28261c55754be95c7a01793c0b5d6b61ff7

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 d795ef2a7b1d60d78cf3d4d083346a7c
SHA1 68a623b6b821476e543ea8dadb02ee3a78c55762
SHA256 c367e0f3b55b16ff6f167f19a3885b9dc7e9e34c0ccdf1df06af5ce7656bd61a
SHA512 bbc4161586240074989c56c9abed3bb36cc68516f03a741438a07633c21343a2a3c2ce43d741f83096e28a541ffb58e56c348cf8ebaa3dc91ae8953bb72c1666

memory/3604-1107-0x00000000034B0000-0x0000000003899000-memory.dmp

memory/3604-1118-0x00000000034B0000-0x0000000003899000-memory.dmp

memory/3604-1117-0x00000000034B0000-0x0000000003899000-memory.dmp

memory/3604-1116-0x00000000034B0000-0x0000000003899000-memory.dmp

memory/3684-1120-0x0000000000A60000-0x0000000000E49000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

memory/3684-1701-0x0000000010000000-0x0000000010051000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff45eca242f39249eea71fb642a9f986
SHA1 da9628195cbcc79e7cfee96cce8f74288c58cc15
SHA256 0bc4be20fba9f307ba920b2684ab80b3d7c41646c725169fa8c21b6be4f618e2
SHA512 2ae8797f0bcf4f4bc4d05c26d1d8ef9f3c187b2f40a59a194af791790248c2df6c1bbaca3a379ad0f78f30867ff99d90b7d5b30b7742962bc0b414f453fc0d71

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

memory/3684-1822-0x0000000002D90000-0x0000000002DA0000-memory.dmp

memory/3684-1821-0x0000000000A60000-0x0000000000E49000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d480e62a9494d7c48428032cc3b6e592
SHA1 e747028bbd57e6162381ac32d058a3a604a67ac3
SHA256 4985f52024e0640baeded7a8ccfbc982521a6e221475e1734c4509899acd1598
SHA512 6be9524bb486e7ac31f8f7ad9bae3aea81ee0093c8374f9689db6c71d0d1a0daf868c97010f81e6e0c59474930a051eaf2128ffd4e746e3ab2aa32e3a02e5a09

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 a266e0ae1001da0023f9664afbcaee99
SHA1 f943c180e5221a5943039c21b21f394dd99cbe14
SHA256 819b9a02a788445ad6c4d8f38e05abe911e289e71e4d2c2e37923c9f66f576cf
SHA512 525b8473b17732ba94942df63b0e43b26ee0157b137a1a39f52034b04ce686097e92ec8d9ea422acf02edc4385863c0179a6af73af01dfcfc1cb6d7c9dad1e7c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

memory/3684-1857-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1532-1864-0x00000000031B0000-0x0000000003599000-memory.dmp

memory/916-1866-0x0000000000E60000-0x0000000001249000-memory.dmp

memory/1532-1865-0x00000000031B0000-0x0000000003599000-memory.dmp

memory/1532-1863-0x00000000031B0000-0x0000000003599000-memory.dmp

memory/1532-1862-0x00000000031B0000-0x0000000003599000-memory.dmp

memory/3684-1850-0x0000000000A60000-0x0000000000E49000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 5b684d9c9e6bed861773400691c78cd0
SHA1 86558bccf91329b90a4ab09c4f03377798e8fbc4
SHA256 5e089744a0e74ba6d70e5ec7a4ac3aaf81fc70ae22d64e0fc359c715e78d7d8b
SHA512 f9c3f8382dcc2d3e402dbc4a3810f44244e4a6ebf739fc530fa235fc9e8bf55a0fa55bf40f8a7cd8309a2542701236f9f8de0f2dcf671bc75df4063c7cd67596

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 1ffd93751bc3400074dc0affa49ddfaf
SHA1 81be618514bdb88161333386f326cfcac2075517
SHA256 e65cc17886b8632c1ff12ff8a97128d3ca379a6b9ad2c0300788f43958c458be
SHA512 b2aefcf3a2f3e4da57c3507f7b419d229985cee88c782232dd90a96a6e9dbe46c18a7a58c7c4d1a3fe4b8b4b187f884fa09ac9e9a70d179e941704d7cbfddb30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c20729d4-60ba-4579-8cac-a951ffaefa7b.tmp

MD5 046e805193ed932244562ab62aa82d7a
SHA1 f6d84e3ddd34bf2e2b1f28fdde95f586ce1406ee
SHA256 e6dab915bf621e82bf2f1098215b9288caa9460817e1ce0223e103ffa3e0a872
SHA512 b66a14e911ef3f98d8c5b7efe2746a513040e15a7010ec3978067f1c637019c39f05d48244d382aefd51acef6c73c484b800378d0d5809076717668dd73b6fab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdc2f946a6ebd31a0191d8d53adb81fe
SHA1 4f036205aa68f73783c538d7c06331fcc20e8d76
SHA256 8968a63ef25ae0aa393589c16f57cff42af91277d8a352b6234b9fc17d3231c1
SHA512 4999c4f8011d25a0d872614405a26852d4cbf7e743008a908e4b33dd9d4d0c3152108b7f71a9b0d4046bab23c987bfcdeca05e73a2961f64e3fdd470305ff9b0

memory/916-1937-0x0000000000E60000-0x0000000001249000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 b7b32e3aeb677124b236d776ef443489
SHA1 3249a596e03148836131988b8ca9392f677a7470
SHA256 f60847a54bde74835d80bb41bc3c57ad211ca30d69c2eb48ef7bffc7c6b44d0c
SHA512 f9044d9da82099a0747b3de0382db0999a9f80cbfe894ed9c4961498c41c5db9055c32d699424b6c5835230a2d74df491151beb90f0ff959b580164b2defab2a

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 fa9848f3cff6d80b5704c6d2ccb10c2b
SHA1 714c93f3fc2b915efae0cac6028d317711d59264
SHA256 63ff7897d3a90de887c1baebb2ef7b87e596f1749e07322090786c902bdd8d16
SHA512 9078f5e3583a2b2cd43f63f023908f652a4c6eb647b1bd8988d33e8f2f1d34d44192ce50b795ffd9764d94a343bdc2ecdb94483ceef79739a92ff8d6a0f9a41b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 2fe88aedf465ed13678cdbc685e44fa0
SHA1 624f5a00e7cb017e9bfdfab79f6594a7e02171db
SHA256 4351cce19e5189a474a3e5dfba8c1c33e51bd875c1d574e5069b49a752f9f665
SHA512 6fbff486e7064d083ba8d12d0bffa102fdd61a3f818bc85516ed12b287b582adfe7d358d6ace18b45978bbafd9d9a1df2e08dde8291cabb35677314e99ab299c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 d13354b318232927645a908c7a64d8e0
SHA1 51836d6d4298aca8313e212f2145853b8d258f44
SHA256 37a9df173bd99e07780458abb80614e165396dd4cd96ee3a3f8597e3151e3d63
SHA512 3ad104c18fa33f35479ae25258f3cc887b5f41868d0f8831cd52534ad54e0b6b3c8fe16e2ecf812c608c58072e017bbd40ac509184553559e2955497648036f9

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 982b81691cac850c2b98b252e4064660
SHA1 0c284934268046484921afa55587d863a3a241a3
SHA256 3aca81c52680324664bf3128976503ce73931444b956cb3127810661dccd1687
SHA512 5be188c92fd6dc8ff014f4f4ff3195edc69edb6142833a42ad49d45807ccb6bc5e7309a91d5a7f822f96f2951872f85d7a48328d123d2df59158af64a15e9f69

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 9d399665b43d4310c637b43ae523da04
SHA1 5984f23773322e93fb762168cc1924fdab9cca0b
SHA256 c64efebdbee0cba76aa97b61953cfeab0097443bafdddc840feeb81ab0b4f2f7
SHA512 b881e136b499b8a32a68273d476daa5b258823cceaccf73740341f2af366458e66e1e91d5da8cf8bb07dd8f67665774caef58f15031c3bcc0a2ddad41d0c6145

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 b0a5a3db3901023adfc16cff5a381ead
SHA1 dfa2662d731eba223ede334a6f875b33e0da964e
SHA256 88812d618bc05aea2f43fe26cc7fb24953883418e51d6ca14d6a57fead9b97fd
SHA512 8eb6e90e6884b6ae0fdf943f4326d3ecf34eb9cc5e73d87137ffdea7caaf11cbf48bb7571096d7ed1e0de6c5627cddc9e018eeab2bfbe6639b573ac4b5209960

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 6ee2e1d5732cb6ed963865b7e66d43ad
SHA1 891b45fa91eb06a47d1a00de245199325e077b1c
SHA256 152fff6f48dd4797732c08e467a55e2c6013b49c59491f441738800343a5402e
SHA512 afa73557235480f341d6856cd14769a2455ea0d108a5fe2de9b4887622963aec4a2c5e2872fd643fe720afeb817b94d7e9317659b272fe9fc3fdffdd0190844b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 d1172f72e8fec2b8ddbfe964b7197dd6
SHA1 91b86d380b4cf7f3fc6dba2be364551f0194ceab
SHA256 a8f33799d6ea706548917b5686b7bd1c6f077fcb344cbd51e9af8d7b4ffbb7d3
SHA512 afa1b94831188a4d15314a9c2a7c528e7c748a51030bbf6dfb735de5288f5a5fbcd6db3c275a0346c69dd6e999b50df81c7bf63a0cc5cc5c563c49844d363acb

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 d935d2bb1101a2ccd13ed948346d9498
SHA1 f44ea4d2b35aeaf85d24077f24fd9b9fa17aa6b9
SHA256 2c1f9aa84aec6ea2bd90b16e13baf7523f070f8fc09ec83aed928173b658bf14
SHA512 3b7184f882815d86b49469e1ce517dca4f06a1c854099eda27c2f483e7974e645620995e0c4f0d78dc98884c0c3f012c913e51091ca752c9fb40b3d9eacc1127

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 859d53eb6f971993774da3bccee533a4
SHA1 c51f8e6a9cbd749b77edfeb324ef18ffdfc8e4fc
SHA256 768c5aa62161f6ddcab82911e727bf7d902c8d3d24d7c62726542b32ae70f3e7
SHA512 5e2f6cd3ffd37a02b5d198046e422bd7c19acca91675a6c38f58d0a985dcc640aedbdab969df9afbc8be6367df071d8e77663c42d5529d9c798602e6c97d246c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 7d26a524b09feacb9db695415e1a66b2
SHA1 724f925c2663b623a9755bf722b3f297c8ff605a
SHA256 867072872533f9000508dafdd49f5b83e03de7b611b454290e062034a423dc74
SHA512 6adae2bb7c7e390f5e50df048fb3417c31b025c4d32abcb97ef8206ae3f0769997650cdba178bbad8c34f07a4e613666388e4b9bc465549b47a8f01f0dec4a57

memory/3684-2479-0x0000000000A60000-0x0000000000E49000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b14894fa499a9596d9cfaf774012a673
SHA1 e3b2b808aefe0a12c0ee2208279a549144c05307
SHA256 e4d5161a2835646f97c23334c6b9f708c871bf8c8bad343e15bcd7ad6dd7d0d0
SHA512 bfe07c4f8b748ef9643c0392dc6adbcf04b52c39e60356801eb59b8932d45a34a2ac9bd13a765c62d602c9582305b900983dca9cfab629826c0031c7738bab33

memory/3684-2508-0x0000000000A60000-0x0000000000E49000-memory.dmp

memory/3684-2509-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3684-2511-0x0000000002D90000-0x0000000002DA0000-memory.dmp

\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 af1d24091758f1e02d51dc5f5297c932
SHA1 dc3f98dded6c1f1e363db6752c512e01ac9433f3
SHA256 e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd
SHA512 8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756

\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe

MD5 96d622d62567def49ad8999324a66709
SHA1 5a4749631631d97e9db816f5cca2392e69d0b7d9
SHA256 953b06705f72bfffac774c41ceb359fe1d3f8a0c5d6a44f93597ce9c39399994
SHA512 c2d350895f47c5164138d2e3befbeb0acda8097a7904a28d9ad9db70ea0aabb3ec54a476dcb2746a41308fb79616d810305c53f7e23a4856a3f9eb656896de0d

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 3954e8086f5737e77cf3a95464dd43b3
SHA1 c00c0fa748a9edf2d6cc92a12db85532060fb27c
SHA256 f2e89743084d0812dfc6cf967f7f2f0982b3f51a407a2a4ac5e39da875721d1c
SHA512 e7a33b4c2787ec77a499753a4e493857457b46b8391d6750a7691825f491519d9a3ccd16cf4d3ea9f4080312ce4571d1285f9c699a79e76dde5e82a122c1bcba

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 d6d36112bd4cc5f7df2eed5687fa8349
SHA1 9a733daf6b423536f5a4f79261dd1454c39c319d
SHA256 13f36346d77e8069b813d7599e8230712eb0eb5f7d1effe2c2ae6eb871da8178
SHA512 19a6c7da5f05c5849181ffa08eb349e28b4a9a72daa202b1d6fa7a8bed250f6c205144d317381dbde8c12256b3abbb9817cd0ffb1c614b8f0267607a950f4e97

C:\Windows\Installer\MSIFB29.tmp

MD5 64a261a6056e5d2396e3eb6651134bee
SHA1 32a34baf051b514f12b3e3733f70e608083500f9
SHA256 15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0
SHA512 d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

memory/3684-2982-0x0000000000A60000-0x0000000000E49000-memory.dmp

C:\Windows\Installer\f77f769.msi

MD5 4b80c230492aedab6757f904167b4e17
SHA1 ca169fc089c12341ac8a023e98e5f7d58a1d5d90
SHA256 0d961da2bc9f0fe029c31beb616d5069b718abd7f494f28a86fc6ace8e4718ea
SHA512 fcfbaa9c987bda1143f2596aca5bb3c04eebbb8ff7cacb9f855ef66d4c1b433a0a07c9694dcaff56f481df0234e8cc833e0c4b66aa52c2541db5fc562a741aca

memory/1848-3211-0x0000000000230000-0x0000000000231000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 625bd85c8b8661c2d42626fc892ee663
SHA1 86c29abb8b229f2d982df62119a23976a15996d9
SHA256 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA512 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 6684bd30905590fb5053b97bfce355bc
SHA1 41f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256 aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA512 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

memory/3776-3389-0x0000000000140000-0x0000000000141000-memory.dmp

memory/3776-3402-0x0000000000140000-0x0000000000141000-memory.dmp

memory/3776-3405-0x0000000000140000-0x0000000000141000-memory.dmp

memory/3776-3406-0x0000000000140000-0x0000000000141000-memory.dmp

memory/3776-3433-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1644-3445-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/1644-3456-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/3684-3459-0x0000000000A60000-0x0000000000E49000-memory.dmp

memory/1644-3461-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/1644-3462-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/1644-3479-0x00000000002C0000-0x00000000002C1000-memory.dmp

memory/1644-3488-0x00000000002C0000-0x00000000002C1000-memory.dmp

C:\Config.Msi\f77f76d.rbs

MD5 1a2dac15b703c8a1604827fc9c62369e
SHA1 c737d29a32773fe28a5f14b61b69c0802a394d5d
SHA256 4a94ede82aa734e300eaa0e2ef15ee3c38c2a97e798c033f50c0840b78f91cbd
SHA512 140b39444b93b73f7105b07abe7d450a3407344ef66cc6f959697d7b41983f2387a996646bc75bb97492480c0c0d26e7509ae0a704a2fa8725b2819108eb56c1

memory/3480-3554-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

memory/1196-3670-0x0000000000330000-0x0000000000331000-memory.dmp

memory/1196-3673-0x0000000000330000-0x0000000000331000-memory.dmp

memory/3996-3684-0x0000000000230000-0x0000000000231000-memory.dmp

memory/3996-3686-0x0000000000230000-0x0000000000231000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\runtime[1]

MD5 5d4657b90d2e41960ebe061c1fd494b8
SHA1 71eca85088ccbd042cb861c98bccb4c7dec9d09d
SHA256 93a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0
SHA512 237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\host[1]

MD5 a752a4469ac0d91dd2cb1b766ba157de
SHA1 724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA256 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512 abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\l10n[1]

MD5 1fd5111b757493a27e697d57b351bb56
SHA1 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA256 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA512 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\layout[1]

MD5 cc86b13a186fa96dfc6480a8024d2275
SHA1 d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256 fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA512 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\rtutils[1]

MD5 c0a4cebb2c15be8262bf11de37606e07
SHA1 cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA256 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512 cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\common[1]

MD5 f5bb484d82e7842a602337e34d11a8f6
SHA1 09ea1dee4b7c969771e97991c8f5826de637716f
SHA256 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512 a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\masthead_left[1]

MD5 b663555027df2f807752987f002e52e7
SHA1 aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA256 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512 b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\masthead_fill[1]

MD5 91a7b390315635f033459904671c196d
SHA1 b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512 b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

C:\Windows\Installer\f77f76f.msi

MD5 d7390d55b7462787b910a8db0744c1e0
SHA1 b0c70c3ec91d92d51d52d4f205b5a261027ba80c
SHA256 4a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a
SHA512 64f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434

C:\Config.Msi\f77f773.rbs

MD5 f230964f000e746b064b3b472fcd04e0
SHA1 d5e1a0dedc1a7ef483ac980de26f2898e208af91
SHA256 cb702d00620d560e2e850a290bfdf0502dbd89388a204a6f381d988d06d54524
SHA512 acdbbd3cb8b89bcfb0e7c18d165a14c25a601f6f17a8a0d5b181fbc200ee9c9514e5fe7ed26e6f30fab6652fed8c96d8ce2995e99dee7cc176508233de7e65d2

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 69862e8a82c503fbc5cea0c9e8a33876
SHA1 a69deda06d6224750bf1ab941bf934bf5250fe4b
SHA256 8fc3a97777dec1ab22f74f069354cab4880731b873452694921cac9814059858
SHA512 db86fbd4e1692de8a2dc6816d34e28b12badaed81ad07a7ce4fc225a212fee63eccd1f51c5ebdf7485ee8c0db716f9ac649cd2a4aae92218372582e7ab3d3951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 82519c93bc8fd825ceb15ba17f29cd7c
SHA1 dabac71de14e43a308e9a876f3d4e19635b7af0e
SHA256 f16a094fd065f2c58c1d36349f6f005da431159085a167070b4f8dd1380c0648
SHA512 8780b3dee44aff1b48364990f085f02e0cb5f21973b60f011ed03c8d99e03be55e6b0dfe34dc85f036cb88633cd2d1a981ad00224427128a165adc53c3811a46

memory/3684-3796-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3684-3795-0x0000000000A60000-0x0000000000E49000-memory.dmp

memory/2272-3987-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3684-4380-0x0000000000A60000-0x0000000000E49000-memory.dmp

memory/3984-4389-0x0000000000430000-0x0000000000431000-memory.dmp

memory/3984-4390-0x0000000000430000-0x0000000000431000-memory.dmp

memory/3984-4400-0x0000000000430000-0x0000000000431000-memory.dmp

memory/3984-4404-0x0000000000470000-0x000000000047A000-memory.dmp

memory/3984-4403-0x0000000000470000-0x000000000047A000-memory.dmp

memory/3984-4422-0x0000000000430000-0x0000000000431000-memory.dmp

memory/3984-4423-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 91db38ec63d5ba27c2d84d1ce4f5950f
SHA1 0f981c54c5dc136c271387b919d0da1c043484d0
SHA256 4a21a1eada9a254e366a32670c65ae5e1fa9b12ac72b1be4e55be54347a1f38e
SHA512 299ea4bbf286e7f4d1eac2b9ed5e06d0deb25a79d3d8effd8524154b576c16b14074e6d6d4c8225cd633e2cccc74547a3ebeff1ced03e99b6879cba08e330356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 21be032bd6306a447ace36abedf37b09
SHA1 d4be74254dee02cadff67cc3739d5f37bc64a567
SHA256 f54447637c6a895b4a915cfed84ae75e9e1e6eee20f9ba0a2d48c1f64bbe8e0c
SHA512 bc10f64a21c076e1758b75c1781e390f91ccc77802b4efb0c62c768e8e8971d70236977d617b2361442507b7bfadf5fd23d0c9e1b5e024390fceb8373e1a4360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fee9df0b-e477-4193-962c-716b6cd7167f.tmp

MD5 53a2114fd1d97f91add59719cb0eb35c
SHA1 3dfc51de172fb05305bb3a40f9850b110650c60c
SHA256 8fe96607387c74a8a4e65db6684f54bf809f598dbc69153ad9527e61f7ca40e1
SHA512 e60dd02b01751e425b10b45ffedfbca0a20f621c34822c4eff22c1dd53f38a7ba20b3317e4487bcb5e885571af1ce3e17afaf1f2fd1dc1da4eb5bc33e25f36f9

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\dependencies.json

MD5 dd4d9eb42e26f86cdb8f58ac1401e217
SHA1 24fd4a27ca650aae032ad1ecc15f1b7560803822
SHA256 22127b008d98bf65a5fe9f846641eae124975eeb91b0af0285be977037c41993
SHA512 5df828b723041e41db19a58a20c8446a791a1dc07d3669b080c4d128b229dd8fa5b43f83f445ade20545339bc402372d7924861acdfecea1e609dbe7545fda1e

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\resources.json

MD5 d892039e33a914bdd174cbfdfd0e7331
SHA1 42754a8f3d087d09999d8b89ce6ea4eab522f1f9
SHA256 5acb848f36f188765ef517f67d90fda54892af1d5db3612ba8ed5d3802e2fbb6
SHA512 f21dd600db9140adc394b749485102a89723a7696101cf19ca6e365f2be9d3a7b0ad54a335985065165c07122415afb9a85170cc1144b8acf237f07538865511

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

memory/3984-5187-0x0000000000470000-0x000000000047A000-memory.dmp

memory/3984-5186-0x0000000000470000-0x000000000047A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

memory/3792-5842-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

memory/3792-5841-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

memory/3792-5913-0x000000001E870000-0x000000001E87A000-memory.dmp

memory/3792-5912-0x000000001E870000-0x000000001E87A000-memory.dmp

memory/3792-5914-0x000000001E870000-0x000000001E87A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF2752517089367185803.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF15834959505754966724.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF9642270182497155366.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

C:\Users\Admin\AppData\Local\Temp\+JXF17047522669810192163.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

memory/3984-6298-0x0000000000470000-0x0000000000472000-memory.dmp

memory/3792-6332-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

memory/3792-6331-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

memory/800-6333-0x0000000000920000-0x000000000092A000-memory.dmp

memory/800-6336-0x0000000000C30000-0x0000000000C8C000-memory.dmp

memory/3792-6335-0x000000001E870000-0x000000001E87A000-memory.dmp

memory/3792-6334-0x000000001E870000-0x000000001E87A000-memory.dmp

memory/800-6337-0x0000000000C30000-0x0000000000C8C000-memory.dmp

memory/800-6339-0x0000000000C30000-0x0000000000C8C000-memory.dmp

memory/3792-6338-0x000000001E870000-0x000000001E87A000-memory.dmp

memory/800-6341-0x0000000000A70000-0x0000000000A9A000-memory.dmp

memory/800-6340-0x0000000000A70000-0x0000000000A9A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

MD5 6213e35aa9679cd40a98ff5f322c63f3
SHA1 70789a2c795e3dae67e7037b7cb2264bfe3bfce8
SHA256 709100e43652685c423c075173050e5784c91a535b3cf5a3de3faed80da4fec2
SHA512 792c431f1d2d7e7a13dc717ef4a6752457508611c86ed5a13134413652a8b77b96fc35ae2f338357b937c9b773802389b054d590fa1e720ea8f980bab2fe7f0b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\plugin2\msvcr100.dll.tlauncherdownload

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_zh_HK.properties

MD5 880baacb176553deab39edbe4b74380d
SHA1 37a57aad121c14c25e149206179728fa62203bf0
SHA256 ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620
SHA512 3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\invalid32x32.gif.tlauncherdownload

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\psfont.properties.ja.tlauncherdownload

MD5 7c5514b805b4a954bc55d67b44330c69
SHA1 56ed1c661eeede17b4fae8c9de7b5edbad387abc
SHA256 0c790de696536165913685785ea8cbe1ac64acf09e2c8d92d802083a6da09393
SHA512 ccd4cb61c95defdcba6a6a3f898c29a64cd5831a8ab50e0afac32adb6a9e0c4a4ba37eb6dee147830da33ae0b2067473132c0b91a21d546a6528f42267a2c40e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\psfontj2d.properties.tlauncherdownload

MD5 f8734590a1aec97f6b22f08d1ad1b4bb
SHA1 aa327a22a49967f4d74afeee6726f505f209692f
SHA256 7d51936fa3fd5812ae51f9f5657e0e70487dca810b985607b6c5d6603f5e6c98
SHA512 72e62dc63daa2591b48b2b774e2479b8861d159061b92fd3a0a06256295da4d8b20dafa77983fdbf6179f666f9ff6b3275f7a5bcf9555e638595230b9a42b177

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\sound.properties.tlauncherdownload

MD5 4f95242740bfb7b133b879597947a41e
SHA1 9afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA512 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\server\Xusage.txt

MD5 b3174769a9e9e654812315468ae9c5fa
SHA1 238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8
SHA256 37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08
SHA512 0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\[email protected]

MD5 cb81fed291361d1dd745202659857b1b
SHA1 0ae4a5bda2a6d628fac51462390b503c99509fdc
SHA256 9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435
SHA512 4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\splash.gif

MD5 249053609eaf5b17ddd42149fc24c469
SHA1 20e7aec75f6d036d504277542e507eb7dc24aae8
SHA256 113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be
SHA512 9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_zh_CN.properties

MD5 e6f84c081895acdfd98da0f496e1dd3d
SHA1 1c2b96673dddd3596890ef4fc22017d484a1f652
SHA256 a1752a0175f490f61e0aad46dc6887c19711f078309062d5260e164ac844f61a
SHA512 d4d28780147e22678cd8e7415cacfad533ae5af31d74426bbe4993f05a0707e4f0f71d948093ffa1a0d6ea48310e901cd0ed1c14e2fbdf69c92462d070a9664f

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_ja.properties

MD5 b7279f1c3ba0b63806f37f6b9d33c314
SHA1 751170a7cdefcb1226604ac3f8196e06a04fd7ac
SHA256 8d499c1cb14d58e968a823e11d5b114408c010b053b3b38cfef7ebf9fb49096f
SHA512 4a3bf898a36d55010c8a8f92e5a784516475bdfffcd337d439d6da251ddb97bcc7e26f104ac5602320019ed5c0b8dc8883b2581760afea9c59c74982574d164b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_it.properties

MD5 a81c4b0f3bf9a499429e14a881010ef6
SHA1 dbe49949308f28540a42ae6cd2ad58afbf615592
SHA256 550954f1f80fe0e73d74eb10ad529b454d5ebc626eb94a6b294d7d2acf06f372
SHA512 6fed61cbcd7fe82c15c9a312aced9d93836ebcffaf3e13543bc9dd8b4c88400c371d2365feee0f1bb844a6372d4128376568a5b6fe666fd6213636fcbd8c7791

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_fr.properties

MD5 c11ab66fede3042ee75dfd19032c8a72
SHA1 69bd2d03c2064f8679de5b4e430ea61b567c69c5
SHA256 8deeec35ed29348f5755801f42675e3bf3fa7ad4b1e414acca283c4da40e4d77
SHA512 072f8923df111f82f482d65651758b8b4ba2486cb0ea08fb8b113f472a42a1c3bcb00dae7d1780cf371e2c2bd955d8b66658d5ee15e548b1eea16b312fdcbdf9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_es.properties

MD5 6d32848bd173b9444b71922616e0645e
SHA1 1b0334b79db481c3a59be6915d5118d760c97baa
SHA256 be987d93e23ab7318db095727dedd8461ba6d98b9409ef8fc7f5c79fa9666b84
SHA512 8e9e92d3229ff80761010e4878b4a33bfb9f0bd053040fe152565cfb2819467e9a92609b3786f9bdbf0d7934cf3c7d20bc3369fe1ad7d0df7fadf561c3fdca3c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_de.properties

MD5 d77c3b5274b8161328ab5c78f66dd0d0
SHA1 d989fe1b8f7904888d5102294ebefd28d932ecdb
SHA256 c9399a33bb9c75345130b99d1d7ce886d9148f1936543587848c47b8540da640
SHA512 696e28b6bc7e834c51ab9821d0d65d1a32f00eb15caa732047b751288ea73d8d703d3152bf81f267147f8c1538e1bf470748df41176392f10e622f4c7708dd92

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages.properties

MD5 811bafa6f97801186910e9b1d9927fe2
SHA1 dc52841c708e3c1eb2a044088a43396d1291bb5e
SHA256 926ccadaec649f621590d1aa5e915481016564e7ab28390c8d68bdaaf4785f1f
SHA512 5ae9c27dce552ea32603b2c87c1510858f86d9d10cade691b2e54747c3602fe75de032cf8917dcd4ee160ee4cc5be2e708b321bb1d5cdebfa9fe46c2f870ca7c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\content-types.properties

MD5 f507712b379fdc5a8d539811faf51d02
SHA1 82bb25303cf6835ac4b076575f27e8486dab9511
SHA256 46f47b3883c7244a819ae1161113fe9d2375f881b75c9b3012d7a6b3497e030a
SHA512 cb3c99883336d04c42cea9c2401e81140ecbb7fc5b8ef3301b13268a45c1ac93fd62176ab8270b91528ac8e938c7c90cc9663d8598e224794354546139965dfe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\sRGB.pf

MD5 1d3fda2edb4a89ab60a23c5f7c7d81dd
SHA1 9eaea0911d89d63e39e95f2e2116eaec7e0bb91e
SHA256 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
SHA512 16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\PYCC.pf

MD5 24b9dee2469f9cc8ec39d5bdb3901500
SHA1 4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144
SHA256 48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0
SHA512 d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\LINEAR_RGB.pf

MD5 a387b65159c9887265babdef9ca8dae5
SHA1 7913274c2f73bafcf888f09ff60990b100214ede
SHA256 712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46
SHA512 359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\GRAY.pf

MD5 1002f18fc4916f83e0fc7e33dcc1fa09
SHA1 27f93961d66b8230d0cdb8b166bc8b4153d5bc2d
SHA256 081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424
SHA512 334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\CIEXYZ.pf

MD5 10f23396e21454e6bdfb0db2d124db85
SHA1 b7779924c70554647b87c2a86159ca7781e929f8
SHA256 207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c
SHA512 f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\amd64\jvm.cfg

MD5 499f2a4e0a25a41c1ff80df2d073e4fd
SHA1 e2469cbe07e92d817637be4e889ebb74c3c46253
SHA256 80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb
SHA512 7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaSansRegular.ttf

MD5 b75309b925371b38997df1b25c1ea508
SHA1 39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add
SHA256 f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde
SHA512 9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_MoveDrop32x32.gif

MD5 cc8dd9ab7ddf6efa2f3b8bcfa31115c0
SHA1 1333f489ac0506d7dc98656a515feeb6e87e27f9
SHA256 12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338
SHA512 9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\snmp.acl.template

MD5 71a7de7dbe2977f6ece75c904d430b62
SHA1 2e9f9ac287274532eb1f0d1afcefd7f3e97cc794
SHA256 f1dc97da5a5d220ed5d5b71110ce8200b16cac50622b33790bb03e329c751ced
SHA512 3a46e2a4e8a78b190260afe4eeb54e7d631db50e6776f625861759c0e0bc9f113e8cd8d734a52327c28608715f6eb999a3684abd83ee2970274ce04e56ca1527

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\jmxremote.password.template

MD5 7b46c291e7073c31d3ce0adae2f7554f
SHA1 c1e0f01408bf20fbbb8b4810520c725f70050db5
SHA256 3d83e336c9a24d09a16063ea1355885e07f7a176a37543463596b5db8d82f8fa
SHA512 d91eebc8f30edce1a7e16085eb1b18cfddf0566efab174bbca53de453ee36dfecb747d401e787a4d15cc9798e090e19a8a0cf3fc8246116ce507d6b464068cdb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\jmxremote.access

MD5 f63bea1f4a31317f6f061d83215594df
SHA1 21200eaad898ba4a2a8834a032efb6616fabb930
SHA256 439158eb513525feda19e0e4153ccf36a08fe6a39c0c6ceeb9fcee86899dd33c
SHA512 de49913b8fa2593dc71ff8dac85214a86de891bedee0e4c5a70fcdd34e605f8c5c8483e2f1bdb06e1001f7a8cf3c86cad9fa575de1a4dc466e0c8ff5891a2773

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\logging.properties

MD5 809c50033f825eff7fc70419aaf30317
SHA1 89da8094484891f9ec1fa40c6c8b61f94c5869d0
SHA256 ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232
SHA512 c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jvm.hprof.txt

MD5 c677ff69e70dc36a67c72a3d7ef84d28
SHA1 fbd61d52534cdd0c15df332114d469c65d001e33
SHA256 b055bf25b07e5ac70e99b897fb8152f288769065b5b84387362bb9cc2e6c9d38
SHA512 32d82daedbca1988282a3bf67012970d0ee29b16a7e52c1242234d88e0f3ed8af9fc9d6699924d19d066fd89a2100e4e8898aac67675d4cd9831b19b975ed568

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jfr\profile.jfc

MD5 0876bcedfd8e60815378359f5a428f3e
SHA1 eee5a1d7f47cce948af54821f0c5dbc9fca28925
SHA256 0f459267c79fec84d7c01f1bc7085821248d91d16324af7eef04274a243bed38
SHA512 132a5b8e78bd2d047f1a09654c63c4d59b892546270e1d99694e4cef5a7b064a34ca3dacf6bb8028354205c348153820c48d79d2e9a42bbad5a90eb252976c45

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jfr\default.jfc

MD5 971683e69ca9cc831afec282e999517c
SHA1 b054de4c4a6f6e04800942c3fcdf2e99963d91fa
SHA256 0e90e5023f69c44497f1886bc11fcdc8caf8e5bdb0fbd86ac653327a61e51451
SHA512 99db3a71c96d959b8bc5e5896c834be43f37ad1eff5f7d915183521289563ab7e103dd7d00028c73cb05bae1c0d53441aa0c1d47b2034cd9e08aad7f2d2ba247

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_LinkDrop32x32.gif

MD5 694a59efde0648f49fa448a46c4d8948
SHA1 4b3843cbd4f112a90d112a37957684c843d68e83
SHA256 485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198
SHA512 cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_CopyDrop32x32.gif

MD5 89cdf623e11aaf0407328fd3ada32c07
SHA1 ae813939f9a52e7b59927f531ce8757636ff8082
SHA256 13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d
SHA512 2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\cursors.properties

MD5 269d03935907969c3f11d43fef252ef1
SHA1 713acb9eff5f0b14a109e6c2771f62eac9b57d7c
SHA256 7b8b63f78e2f732bd58bf8f16144c4802c513a52970c18dc0bdb789dd04078e4
SHA512 94d8ee79847cd07681645d379feef6a4005f1836ac00453fb685422d58113f641e60053f611802b0ff8f595b2186b824675a91bf3e68d336ef5bd72fafb2dcc5

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\hijrah-config-umalqura.properties

MD5 1eddfb1ee252055556f40cdc79632e98
SHA1 84aa425100740722e91f4725caf849e7863d12ba
SHA256 69becfe0d45b62bbdbcf6fe111a8a3a041fb749b6cf38e8a2f670607e17c9ee2
SHA512 a0fdbf42ff105c9a2f12179124606a720df8f32365605644e15600767e5732312777a58390fdb1a9b1c0b152ccc29496133b278a6e5736b38af2b5fab251d40c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaTypewriterRegular.ttf

MD5 c1397e8d6e6abcd727c71fca2132e218
SHA1 c144dcafe4faf2e79cfd74d8134a631f30234db1
SHA256 d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff
SHA512 da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaTypewriterBold.ttf

MD5 a0c96aa334f1aeaa799773db3e6cba9c
SHA1 a5da2eb49448f461470387c939f0e69119310e0b
SHA256 fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2
SHA512 a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaSansDemiBold.ttf

MD5 5dd099908b722236aa0c0047c56e5af2
SHA1 92b79fefc35e96190250c602a8fed85276b32a95
SHA256 53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee
SHA512 440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightRegular.ttf

MD5 630a6fa16c414f3de6110e46717aad53
SHA1 5d7ed564791c900a8786936930ba99385653139c
SHA256 0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923
SHA512 0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightItalic.ttf

MD5 4d666869c97cdb9e1381a393ffe50a3a
SHA1 aa5c037865c563726ecd63d61ca26443589be425
SHA256 d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06
SHA512 1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightDemiItalic.ttf

MD5 793ae1ab32085c8de36541bb6b30da7c
SHA1 1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7
SHA256 895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c
SHA512 a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightDemiBold.ttf

MD5 af0c5c24ef340aea5ccac002177e5c09
SHA1 b5c97f985639e19a3b712193ee48b55dda581fd1
SHA256 72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244
SHA512 6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\flavormap.properties

MD5 d8b47b11e300ef3e8be3e6e50ac6910b
SHA1 2d5ed3b53072b184d67b1a4e26aec2df908ddc55
SHA256 c2748e07b59398cc40cacccd47fc98a70c562f84067e9272383b45a8df72a692
SHA512 8c5f3e1619e8a92b9d9cf5932392b1cb9f77625316b9eef447e4dce54836d90951d9ee70ffd765482414dd51b816649f846e40fd07b4fbdd5080c056adbbae6f

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\security\javaws.policy

MD5 9107d028bd329dbfe4c1f19015ed6d80
SHA1 4384ca5e4d32f7dd86d8baddd1e690730d74e694
SHA256 b7a87d1f3f4b7ba1d19d0460fa4b63bd1093afc514d67fe3c356247236326425
SHA512 81b14373b64ce14af26b70d12d831e05158d5a4fa8cec0508fef8a6ca65b6f4ef73928f4b1e617c68ddeacff9328a3d4433b041b7fb14de248b1428c51dbc716

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\security\blacklist

MD5 b2c6eae6382150192ea3912393747180
SHA1 d4ffb3857eab403955ce9d156e46d056061e6a5a
SHA256 6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71
SHA512 898582c23f311f9f46825e7f8b6d36bed7255e5a4e2fa4b4452153b86efbd88db7e5b94dbd9cb9db554f62b84d19f22ae9d81822b4896081c487fb50946a9a9a

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\README.txt

MD5 0f1123976b959ac5e8b89eb8c245c4bd
SHA1 f90331df1e5badeadc501d8dd70714c62a920204
SHA256 963095cf8db76fb8071fd19a3110718a42f2ab42b27a3adfd9ec58981c3e88d2
SHA512 e9136fdf42a4958138732318df0b4ba363655d97f8449703a3b3a40ddb40eeff56363267d07939889086a500cb9c9aaf887b73eead06231269116110a0c0a693

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\tzmappings

MD5 7d4abbcfb06d083f349e27d7e6972f3c
SHA1 eb91253590526f7be7415839ccbf702683639c8c
SHA256 d936ee24810b747c54192b4b5a279f21179fe3ceb42d113d025a368ebb7cb5a7
SHA512 e5c2fbbc07cd53baf14f3cc239b56b42b73de47f9b7904aabf7d97695d2ab8866d0c8179235cbf022245949b9b8e419985e328aa5ed333b14b8b4de2c82b225e

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.9\commons-codec-1.9.jar

MD5 75615356605c8128013da9e3ac62a249
SHA1 9ce04e34240f674bc72680f8b843b1457383161a
SHA256 ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce
SHA512 b65531ead8500493e3dd14a860224851b80f438fc53bf8868b443a0557d839a2b0c868e4fedcf99579ae04b6b2bbd8cdb37f9921ad785983c37569aa9d2e8102

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\v1\objects\db5aa600f0b0bf508aaf579509b345c4e34087be\client.jar

MD5 9dd50a2e6a74f7e186354250c2f2c635
SHA1 db5aa600f0b0bf508aaf579509b345c4e34087be
SHA256 be3fff4f2cc005a1310a96389efdeb983d2bcb4b8e747c402acd616ae73d0ba2
SHA512 0a04a81784183b56b3cd7ab1f8a37e44c2c23325d2c9cc2951c391c8442385ab156e353cae71196d47e9cb6ea270709a4e3faa29504e080abebdb13334b72d79

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.4-nightly-20150209\lwjgl-platform-2.9.4-nightly-20150209-natives-windows.jar

MD5 6cab9a7349c4a33e172ad405682e7796
SHA1 b84d5102b9dbfabfeb5e43c7e2828d98a7fc80e0
SHA256 f2e1f2c6bd7511a7504f389b8b716f5d8dc2fdc71e29c89b52644314cf0a228e
SHA512 83308b1b2edb19b6d252f7363f1cf10b56cb36cf40fbdae83a5ef403436d20a1d088f2c654d85d54143232f82bdef6d01087b3a4d70521d04defcddf548f4fa9

C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5-natives-windows.jar

MD5 b168b014be0186d9e95bf3d263e3a129
SHA1 385ee093e01f587f30ee1c8a2ee7d408fd732e16
SHA256 24afbd5e1fab17da57d16a4d3f19d53f36155ef46a9976484201a4bb9722287f
SHA512 e8dd2c73c97cb0ec065acb3973a89cacf742005d60eca5f68edfd5306a23c4a6be8dd8deb4f7ff870075f75d79fff9a87c2aaee980ef7b4da764bcb822257dfe

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\java.dll

MD5 31401e170ddd8437635c4c8571a80341
SHA1 b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7
SHA256 3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533
SHA512 fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe

MD5 7b23b0aab68e65b93bb6477f05999574
SHA1 920752e4c22e1165e6df27f69599483187edfbb3
SHA256 32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a
SHA512 e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

C:\Users\Admin\AppData\Roaming\.minecraft\TempOptifineStore-1.0.json

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 5333972cac548f3b4372d5f64fe1ed38
SHA1 512f62075f4502e004dcd1433adb42aa5d144f4c
SHA256 d249f250144cd12abfe1afa65858da26a5e0a1596c4a027ca5cef239d56c8225
SHA512 dbdd8001391f1babaceca4e8958509206fa58fe1e1173afde5ee6f0cc86164140f59159925b74177abfdd242f95d55f4e6b3646d155fd8eb7c1e1ef4bdc52599

F:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1001\desktop.ini

MD5 a526b9e7c716b3489d8cc062fbce4005
SHA1 2df502a944ff721241be20a9e449d2acd07e0312
SHA256 e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512 d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

C:\Users\hehhe\Contacts\desktop.ini

MD5 f91762a5493e05ed1cc04d4719221a3d
SHA1 e75f6828d5114df44ad02dc439730c1144c556b2
SHA256 ca57feeaedb6856dd479f4a0b836b2ca8b029c686ff0e38e7c80321f98004580
SHA512 e978dd50edb80ebeee78e5e5100b3df83e65b1d83e575ccb01c2713b2e3e1b2c7e6b95fcf70fd3266adf78a5fc954c43bde16c1b37a260b7dfb9677f0218bcc4

C:\Users\hehhe\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 bcace27bf2ac09003caeb522208ef3d7
SHA1 bd067809c15609aaf118402f16215dbf5943a385
SHA256 194010ae72b577dd5acbe6bf3f04a50d17e5c9f3422fe28f269e236531db8d16
SHA512 b124dc8e6448630b93a29a5c28d7e02b8349d5530a3b8f0a4c00c3bd2388bd97cfc5cffbec05e8455936f6453ca055f75447c6bd1b4ca9acb83b87dbf32999c0

C:\Users\hehhe\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\hehhe\Videos\desktop.ini

MD5 50a956778107a4272aae83c86ece77cb
SHA1 10bce7ea45077c0baab055e0602eef787dba735e
SHA256 b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978
SHA512 d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a

C:\Users\hehhe\Pictures\desktop.ini

MD5 29eae335b77f438e05594d86a6ca22ff
SHA1 d62ccc830c249de6b6532381b4c16a5f17f95d89
SHA256 88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4
SHA512 5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

C:\Users\hehhe\Desktop\desktop.ini

MD5 9e36cc3537ee9ee1e3b10fa4e761045b
SHA1 7726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA256 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA512 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

C:\Users\hehhe\Favorites\desktop.ini

MD5 1971d71c62ea75c4f433476600caa4f9
SHA1 428e9b5498ba9746c123ebf3ffd86a14f73878f3
SHA256 3f7e7774532126e2c175de962ce9d620471f4ac75463457e1b93ab615abd4de4
SHA512 88667b670c3ffc78b442e0767ca0ea2c1409b8a2c5f18e69496831f7bfa7496e54843819fe725eda06de6deca9ba9dd769d4b5f3ade4126905ed3b1bb6f94422

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

MD5 a2d31a04bc38eeac22fca3e30508ba47
SHA1 9b7c7a42c831fcd77e77ade6d3d6f033f76893d2
SHA256 8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531
SHA512 ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 17d5d0735deaa1fb4b41a7c406763c0a
SHA1 584e4be752bb0f1f01e1088000fdb80f88c6cae0
SHA256 768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed
SHA512 a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3

C:\Users\hehhe\Documents\desktop.ini

MD5 c0d27ce20981388b3609d9d0cecbded3
SHA1 314359c10e05a88a3e39029b4664272489bee81b
SHA256 830a97fd09125e179c34f2da404dd7bf1da80329e33c639c2fde7ae705d62015
SHA512 635365e3a1c5752f2dc09a0675a24b283eb6186db8a1ac8ec31b1c6ab1c3a4b943c437027707802cbd40df636de4c76c2a848f3a9ea34bfe5940e5795b17a199

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 7135f7ee163d5461bbfa422594517be4
SHA1 045a82b46131ca4829b314334db0ccdd578cee37
SHA256 0b0310ea07a0c3ba0013666d54282a04bb1131a339f5a6cb32cdd7d61131b875
SHA512 8a65241bf2b3a330f88e4edd18c7c7158667666d099f0f7f5e423f0e384858e50cba598748e7db3de0d012db5f5c58700bd6f9e57550484bba0b3f7b55242a03

C:\Users\hehhe\Searches\desktop.ini

MD5 8e11566270550c575d6d2c695c5a4b1f
SHA1 ae9645fad2107b5899f354c9144a4dfc33b66f9e
SHA256 1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704
SHA512 a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0

C:\Users\hehhe\Downloads\desktop.ini

MD5 3a37312509712d4e12d27240137ff377
SHA1 30ced927e23b584725cf16351394175a6d2a9577
SHA256 b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
SHA512 dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 764bcd12f24f7fa8fa5887f720a19179
SHA1 5c8348269c4161726f49fe257f0bf1d9179489dd
SHA256 d3cdda5c91a4998c77a697056ab5b3f23f44483de31714d3a069e4a67055c518
SHA512 581d7c9076f036482ea5b116fbc179e402f2264239c1f118af3fc9c2914eb23583b770f3d9e6f8d03c9017ee24a3d88873d547bb0d200017de72121c41dec160

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 f839a452743f295fe526ebd23a24c2d1
SHA1 8569821ca0b2f6248c4bbed1dd8e437800033b7d
SHA256 a7d4a44b62c141d3e1ecac2e20e469d03357d8719cca7a5121c814ea002b6507
SHA512 49817cf9246f5d8675c34cb6bb7a6920400c26bd962e61da6912ab3660c3d3e570b36c6c3cb12ff1d5340cc973d6583b6e5f823bde0dfec28bf28fc8e75a32fd

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

MD5 7f1698bab066b764a314a589d338daae
SHA1 524abe4db03afef220a2cc96bf0428fd1b704342
SHA256 cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76
SHA512 4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

MD5 548b310fbc7a26d0b9da3a9f2d604a0c
SHA1 1e20c38b721dff06faa8aa69a69e616c228736c1
SHA256 be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac
SHA512 fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1

C:\Users\hehhe\Documents\desktop.ini

MD5 ecf88f261853fe08d58e2e903220da14
SHA1 f72807a9e081906654ae196605e681d5938a2e6c
SHA256 cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844
SHA512 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 0ff56a4620c3221ff64ec61a3a0d3033
SHA1 3a45320be12b585dcdc5ab2af5ea1455b2c919a1
SHA256 0b0a65accca705494739d03b6c2ea769c78cd0eee996bc95b0c6ebc0941f4b1a
SHA512 962a340efeb6d18c85e5872997eebb83374e114be088689690ba438f0db8e2e4df6c24713a35cfaec518f58d5322cf9617638ea55ff279a9d161c4fdf9af74f6

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 a9de55c2270b90f4743c490318ad0636
SHA1 007386d5b7bd347d10531fa6a4746e20f7b95bb7
SHA256 222c79339da3fcef6ee29f12b24eb88fa15ba76ae9c794cd74d00942756fb84f
SHA512 d89e4178d328c3cc00f44dc38f4773304d2d0abef6aed434d3288e3a930d2b456d909d9e07425e823710011d5383c0708a3f1f935e906447887c7707f58f4c5f

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 5b3cb03b21c9ac27e81bff6a3cb701fa
SHA1 4ff2d865fd0495eb2045047b0e372f5218a6a391
SHA256 79e11cedf1281c8b6bcab3c20c235242f3845758d3a589de28c3451bd4c21d0f
SHA512 60c9b00f7e3bfd9e0f718e15a5517395ed60b6eeba119bb3c534394dd51e4d323ad41127d54850621c0de52e0f101862a55d859e482cc5f7ed4cba89850cf611

C:\Users\hehhe\Links\desktop.ini

MD5 a0937da2979e2c7350e48db916cac4be
SHA1 acfa2bc3ffc65886ecf82ce2d7b997f132cf7927
SHA256 11199cc268a92259c5a397a7559e56e84e03b48c792c51cef294405fd8f4e55e
SHA512 6a9c642918203f089fdc11328bb2614eb5972a0fe666ffa93b00667b431bbad61a3833e2f1704e92fb5dfeec3c4895746990e8a69ea9da82010082ddf4dddeb1

C:\Users\hehhe\Saved Games\desktop.ini

MD5 dfb9f6037a6bc86b5aa6f224854a0cd2
SHA1 499f866cccbb413ffd5b18f380d00c0529797f22
SHA256 58047327df3fbbec7e816bd18057b9d0317f682c384eabb7e9a9d3e634502260
SHA512 ea0dd50925937d1aecaa0a43b7d9d508e3bf1bba1fc4cc8645e3244aedae77fa50499655e6dfd72cad5d2c14d1fee47c35ccbf2df19c11a7466664989cbafa6d

C:\Users\hehhe\Links\desktop.ini

MD5 98470d9bd7fba55a0c303065f9c4f9be
SHA1 5303b190e29ba48332f7c90a832ef08af5a1953d
SHA256 3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72
SHA512 134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 453249f95d75eb5e450eb91fa755e1c8
SHA1 3e200e187e8cd21d3d1976ea0f7356626254de18
SHA256 01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a
SHA512 6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c

C:\Users\hehhe\AppData\Local\Temp\RGI29DE.tmp

MD5 3006752a2bcfeda0f75d551ea656b2ef
SHA1 b7198fc772be6d6261ed4e76aca3998e8f7a7bdb
SHA256 dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a
SHA512 3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854

C:\Users\hehhe\AppData\Local\Temp\RGI2A7F.tmp

MD5 a828b8c496779bdb61fce06ba0d57c39
SHA1 2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda
SHA256 c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d
SHA512 effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

C:\Users\hehhe\AppData\Local\Temp\www2C73.tmp

MD5 873c8643cbbfb8ff63731bc25ac9b18c
SHA1 043cbc1b31b9988d8041c3d01f71ce3393911f69
SHA256 c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466
SHA512 356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943

C:\Users\hehhe\Favorites\Links\Web Slice Gallery.url

MD5 c2858b664c882dcce6042c40041f6108
SHA1 52eeaa0c7b9d17a8f56217f2ac912ba8fdc5041a
SHA256 b4a6fb97b5e3f87bcd9fae49a9174e3f5b230a37767d7a70bf33d151702eff91
SHA512 51522e67f426ba96495be5e7f8346e6bb32233a59810df2a3712ecd754a2b5d54d0049c8ea374bd4d20629500c3f68f40e4845f6bb236d6cca7d00da589b2260

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

MD5 da288dceaafd7c97f1b09c594eac7868
SHA1 b433a6157cc21fc3258495928cd0ef4b487f99d3
SHA256 6ea9f8468c76aa511a5b3cfc36fb212b86e7abd377f147042d2f25572bf206a2
SHA512 9af8cb65ed6a46d4b3d673cea40809719772a7aaf4a165598dc850cd65afb6b156af1948aab80487404bb502a34bc2cce15c502c6526df2427756e2338626062

C:\Users\hehhe\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 8273169f6458f6a2140092fc93d060b0
SHA1 c9e1afcfe0b7cd7750678f4e75f1e8106deca089
SHA256 8f37dedadb27d370ea3a3e90a8eb5c2d9a146955c7b6f075624b22673ed7803f
SHA512 61812f9bee36c61e366d4a3c967040d9bdee1db2fd870a27e942bb2f54a3b657e5809f892d160a3c52fad5b7f86cb645fb81a26ab834b912193622a6a083b98a

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 46a4eca2a791d84afecfd9f129a567df
SHA1 004f2926d9377cc23c5b68ce26907435b8539643
SHA256 06b6d34db7e9ebecc07e0b53fedb2a9bc2d4563b1d2037b7630fbc002942baf7
SHA512 dbeecf882210add0dd4ac57f75ccdf6a9604c3308e92f70747313f89a7f9c590f4e1cdd507e53ee37e0a1b7e437320dc6ec1299d406ef34ddd67dfd900fddd98

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 74b1f8a7c6a760280b57b5228a183bff
SHA1 077ccb8f0127dbf2d69d7c7404de8d4b1b696434
SHA256 ca696aba6579f3bd957a8f8e7a268373321bee068cc53cd510d2e4dc5e14eadc
SHA512 d752bfd14e497caaca8d13a3922fab2232c8991c25faa2da2ab1e734b5e1a70289507353014889b13c8371b314c513992e2f70bcb59e6f2706eeaccdb65363fc

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 bc31d447a50c28675ec5acecd8b9de38
SHA1 02c46601a0df47f9222acb0ea3f1901a11f62d44
SHA256 c4db10df39313f3b28a1b515c3228c7cfc6df24bf9da905c1e294edfd1958ba1
SHA512 9b910ae56be4987234bc9176c9b1e61a27bb0c152da27443c0bbd177fc18bcf9eac2891c85feb333d3528e5ea2c62ce84db6d544fe3a8470470f234d3329a1be

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 ad86b7eb7d80f4f439b070b8cb5826a5
SHA1 d81e126f2359a0239b5e2b62d060687e9643ebfd
SHA256 c2e8ebcdd21147c5560e8b6524e83be7fc58caf3f02e0a1c10dfdd34df111680
SHA512 b665df568af0b734d77779c3483250166f850ffb7207f33891eb8b74a66bbf8baefde8087c4eabc8f05a1f865d2bbee77bb8aaf670a046fa9ea0cd7604d1246b

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 7a426dad9f1518ac8d25cdde4178e2c5
SHA1 1a19a9099c5e0833eef6e31c6e3b24edc1662aa4
SHA256 f0c5d2c4496a0b54663ae7eda0a0d97499c4d5edbb275f4db33f5df4d2e4a077
SHA512 38348ecb316b0f01181ae4e4e8485238986cb27750dc25b73f186a8b6844ee9a9709bb35b947945e8b31652dbcd24950097e97451587094b1d79b76eaafd9fc4

C:\Users\hehhe\Contacts\desktop.ini

MD5 449f2e76e519890a212814d96ce67d64
SHA1 a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd
SHA256 48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7
SHA512 c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738

C:\Users\hehhe\Favorites\desktop.ini

MD5 881dfac93652edb0a8228029ba92d0f5
SHA1 5b317253a63fecb167bf07befa05c5ed09c4ccea
SHA256 a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
SHA512 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

C:\Users\hehhe\Music\desktop.ini

MD5 06e8f7e6ddd666dbd323f7d9210f91ae
SHA1 883ae527ee83ed9346cd82c33dfc0eb97298dc14
SHA256 8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68
SHA512 f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 e4e50dfa455b2cbe356dffdf7aa1fcaf
SHA1 c58be9d954b5e2dd0e5efa23a0a3d95ab8119205
SHA256 9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927
SHA512 bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

MD5 f107d0270e21a2fe91099fdc15918d44
SHA1 dabc2f24f4a4e90053743166e5c4175dcf2b2d2d
SHA256 eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8
SHA512 b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c

C:\Users\hehhe\Searches\desktop.ini

MD5 089d48a11bff0df720f1079f5dc58a83
SHA1 88f1c647378b5b22ebadb465dc80fcfd9e7b97c9
SHA256 a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17
SHA512 f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8

C:\Users\hehhe\Links\desktop.ini

MD5 de8858093993987d123060097a2bad66
SHA1 0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5
SHA256 4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec
SHA512 fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c

C:\Users\hehhe\Saved Games\desktop.ini

MD5 b441cf59b5a64f74ac3bed45be9fadfc
SHA1 3da72a52e451a26ca9a35611fa8716044a7c0bbc
SHA256 e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311
SHA512 fdc26609a674d36f5307fa3f1c212da1f87a5c4cd463d861ce1bd2e614533f07d943510abed0c2edeb07a55f1dccff37db7e1f5456705372d5da8e12d83f0bb3

C:\Program Files\Google\Chrome\Application\SetupMetrics\19903f9b-b979-40bc-90c5-deed3164a81f.tmp

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

MD5 1a255195e48185838d66e5094a7875b4
SHA1 73774dbff1fcf5d2d1a570f8fd13466396331fc6
SHA256 004efdc22f5bec06c63ed0441925927306612f922ba41ea698b0c6f68c8ee25a
SHA512 bb86a0f2bf82c65db4b4cab178ca66bcb147bffc38b986fafcd2cc4dcae6ad89d3fe11b15a379f3414346d7ea53fafaf6bf7732c269b1bd6e161b36829d93203

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 1c61dc21f9b83172d65be1e94b79026f
SHA1 7324473ddda64b87c299bf6e3b9e9aff53f7fd74
SHA256 8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b
SHA512 9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 9a1b13fd914dd7054b83bc1760c99ab8
SHA1 340c37602b11cd3cb9ae681d09bfc4c81f733742
SHA256 7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3
SHA512 50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk

MD5 26d1196c058c2396610e31504074f7b5
SHA1 38c6adf3bc2f3cea7c65def7f880b5aa1a437a8d
SHA256 d7bd51e3a4ddd9c0c6db4ec5473906ee146a6c16438d537874028d8a8c30f8b8
SHA512 e02f2caa771ba5bc6997d5011ead29edc06cb9aa061612e111108128941a102255f43206c545f317db58f0763d31e2b7e42dfea3ef02bfb969e0d9ce2c839987

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 e5a8eb64419f6d85a1b7aed2152616c2
SHA1 f5d94f8953bb235e35fccec0ea4f14ba69443081
SHA256 5266b08d0c1bf229ec5eafdb6dae2a4849b6b394694d34033453cf8a379725a7
SHA512 7c304bc842c81d3b5cff745d34b038a2a867063c65e502f4155439ba0642e8b0643f9b7254f74e85d5b150c134836b9e398a0dcb192550d97dfd431c3d93f1f6

C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk

MD5 47b2e1c4ddd5fa161f4e7314222d7a29
SHA1 f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4
SHA256 20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772
SHA512 07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

C:\Users\hehhe\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

MD5 e0fd7e6b4853592ac9ac73df9d83783f
SHA1 2834e77dfa1269ddad948b87d88887e84179594a
SHA256 feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122
SHA512 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

C:\Users\hehhe\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

MD5 e562eaf2a07c06f6df713525b2c94e78
SHA1 e5a80a57205ae56bf679fd1c9bf8304aa38854a9
SHA256 16651594ea3306259e8ca77e3c17229cb34d3dbf43f6659fac1075000652c984
SHA512 d12bba8a470cff04ee5c61038edc9c1bfcfbfc1232d7f76906ba3eb804218b9cc8d8d9a53c21536fbfc90a3369620219e1fb0f4ac0866ececc087496ef7a12a8

C:\Users\hehhe\AppData\Local\Temp\hehhe.bmp

MD5 dfd29f39029120433d3ac45d765b9dbd
SHA1 d4768dbb61c2ea65d0b68dc65ba26c89f69d7f02
SHA256 73430a7e7903a8bdfce675c5e13dd9e968b7e4e365f31fb1a6772f800d9b897a
SHA512 7ddbb9c3b2d74ee974ff0df7e9638f5e7c11120062dcbe1e26da5c8bb99ab111ae3191a07a6f47242bc3d46b1bb3c8d7e53e3bf7dda734fc5ec00fdc417558e5

C:\Users\hehhe\AppData\Local\Temp\Guest.bmp

MD5 b0de08b6aada24cdd3458113d175f1a7
SHA1 225797b52f320b3efb2643c55fe55ab3a5618ae9
SHA256 40015814487b93a8372f33284d45586739a4a1e9d2b7961ab8c6d4d9561d10cb
SHA512 fd59488e0223f49d66bb3ca7a70e74b7ca2052769f78790aee0682e0306f6e9421d28ab9a34487bd8934571cccb6798c98040b25934dfe1f0a13c7ca490ecbe2

C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms

MD5 9a8927a516802f2b819ca74307688455
SHA1 c9f471c9817cd47a779ce12c52a5dfc53d5e402d
SHA256 31d1ac89c7afc2869a7cb15818472e31a647aa3185bd8b25a6e29a48a86b540c
SHA512 98f6a9333fad20d537df8ef915135a69a970f680d11104a222c74cb96154fc5eb67cd75dd1523b510a1563950b57792c87fce074d9d06d1490e6dee83e9c7d31

C:\Windows\Installer\MSIDCA8.tmp

MD5 a44986470c4513447017ebf68fd2903b
SHA1 d5816fd82873fc9b1b35131624daf70fb86c2e72
SHA256 b75408cd4961060f0ebc89340d37fb94c42509c17d7540464f6a13e6a94c57c5
SHA512 1b28e5f30049d8b50e1d4245b988a995a5901a250f8af3fea21a6b9155c7529ba6720784f7da0f63ad2be33b118c5a8f6c734939d8c49711d20486dd89ea0b84

C:\Windows\Installer\MSIE2EA.tmp

MD5 8f680e0f517d35bb14f984a7f197e35c
SHA1 1ad84f7120c2712a32ef5aa82edde5b704eeb27f
SHA256 030d6e3dadf9da76a1f5e15657cb7673265ea545402f181624cbf64a45e53805
SHA512 dda5cec6042f2c255dcc814c5f19e7692beb07de9ab950bf817169d076b368cdfb268aff1b5b5caa12409058e015124206a9b87714133226b84d3eb5b850013a

C:\Users\hehhe\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat

MD5 7467bbbf6cafab8f76363e45f3031d00
SHA1 94a024e4153e032cd4880de450e12e5fe6ab5e04
SHA256 6ff318e6812282ab1ef8922fe15957642d8ea59c1de0939da220482a29200606
SHA512 2d8ebcc18eec1122d929883d2348789d77f571f696a1017fb471650dbe03b28323cd1d75bf06926bb247b6902276c5e02b444f30a1a339c8d370dc3472fc23c0

C:\Windows\Installer\MSIE923.tmp

MD5 94ee5f4e1500435f1d8eba5a54c231ed
SHA1 d8ab879fd681cdbf7cfab010523ab7c950b68e87
SHA256 5fec0c3e5c0dafcb9950eb84e2b5e59a679877bd128bb9cf7290b47ed76f9495
SHA512 10ea6ff3497d13b2f8e4f20e833297603f68f90ff42ac6224933d04aea8fd28365383b414acb513c155e032b642df33cd948ecb321bd337494de62a1b2f523a7

C:\Config.Msi\f77f870.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\f77f779.rbf

MD5 8e9d045e3dd4608df809d187653fae41
SHA1 866dc8b39379545247b66c2495fecdda840ffcb5
SHA256 1890d5dabea7ab18864bfd43363f68b8480039eed8aac6ebe3061143f32cabc9
SHA512 7a294db2324968b1e9a6c6277e901e73afff580b8ad6478d001eb54d02ee7ebc603f69bef0e5582041200183a01b22383395c055a99cda4b292a71f562c54332

C:\Config.Msi\f77f77a.rbf

MD5 d9b7012727c061e76dd77fc80d29ffd0
SHA1 a8829cb1571816b5da3158137262213ea98773ce
SHA256 603d27901ba743de7fbd678fd834068e8e99de243c43e4da5a30db2ef39abe67
SHA512 c2afdb13fc20eb8e835891f3b081f524d869b43fbb67df13d0ffcbb3b896c74ea2f3f13a1ae3388dfb2b83aa2026524dec644e08eaa96c4d64131e535283179b

C:\Config.Msi\f77f778.rbs

MD5 3c3018dfebb74d51a60b117ae04fce63
SHA1 37c64f0ad6ada1b4b33c3a8a64397e618f22a18f
SHA256 c04910b1bcdef2cf8fcd2461ed855a88f360c0e6bc55b1db7464575c3e15f727
SHA512 51138cf2089292ee3348f66e57d7d2c3aa4393a7b2f9996255bd97bbd9d3b46ce3a31e83e5fb6af2e7f5e2deb3900b520ac1b5182ca5887e4b5fdbb169905540

C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\67892915-d91c-455d-803a-9b28e9757220.tmp

MD5 451ac4dc06aed04b0b9ee9953ed28783
SHA1 fcb20e3dd1332df11ac7ea68d78ec26d6c20d00f
SHA256 a39bbdae9d814149ad0ea89f6b9f237cb3042995f8c9cdfa691633bd7f9b0a44
SHA512 77d62b321a835dfcf927f254bbf4f24cd831cfecd56169a7557f3a430f8333e102f0a6fd41f96dfa61f4d50c329e37eee45594f894db98b8f8536da0bb9edfbe

C:\Users\hehhe\Favorites\Links\Suggested Sites.url

MD5 2578ef0db08f1e1e7578068186a1be0f
SHA1 87dca2f554fa51a98726f0a7a9ac0120be0c4572
SHA256 bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3
SHA512 b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

C:\Users\hehhe\AppData\Local\Temp\www52F2.tmp

MD5 2ce792bc1394673282b741a25d6148a2
SHA1 5835c389ea0f0c1423fa26f98b84a875a11d19b1
SHA256 992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48
SHA512 cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

C:\Users\hehhe\Favorites\Links\Suggested Sites.url

MD5 11cede0563d1d61930e433cd638d6419
SHA1 366b26547292482b871404b33930cefca8810dbd
SHA256 e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9
SHA512 d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

C:\Users\hehhe\AppData\Local\Temp\www52F1.tmp

MD5 a1fd5255ed62e10721ac426cd139aa83
SHA1 98a11bdd942bb66e9c829ae0685239212e966b9e
SHA256 d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4
SHA512 51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6COUL3QH\favicon-16x16[1].png

MD5 7fc6324199de70f7cb355c77347f0e1a
SHA1 d94d173f3f5140c1754c16ac29361ac1968ba8e2
SHA256 97d4556f7e8364fb3e0f0ccf58ab6614af002dfca4fe241095cf645a71df0949
SHA512 09f44601fa449b1608eb3d338b68ea9fd5540f66ea4f3f21534e9a757355a6133ae8fb9b4544f943ca5c504e45a3431bf3f3d24de2302d0439d8a13a0f2d544f

C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46IMXO38\googleapis.proxy[1].js

MD5 eab0dc82067fb5758a121009c7040231
SHA1 8d869354f7a947ecc087b23868999bc53f77bdf7
SHA256 9c77d6db3131248f92ae41075f189b4ecc2e51bcfdcca143719a83145f8ac070
SHA512 280694c2a85a67cffb24deed946e46d7bf8f2c52194eee037f981ca25a58730974b5f0cdc74ce86e81c5d252362e6792eb0b38c8816b3bf6c096a58c6c84f1c4

C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQGZ03B\cb=gapi[1].js

MD5 7d8cbf3c10edeb25732380ab3a9485c6
SHA1 dc6332379fa46051ae4884abaa785d2b71fb9daf
SHA256 1b163608a38440e0853a40a67c2645f310d490a4be2dd556a258c642df2e57d7
SHA512 ca6cbca85deb932d7e1cadf40967ee8de721fca1be990a879c5891c157a44e9db36683d5fcd0acb4ccca782b819dec74cea07f317811cfba9ea54091b88d58e4

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c7622079d4fdd026e34cf0a68fb45997
SHA1 1c00fe9e0a0ae9d3f2f286f85cc480ded418ea8c
SHA256 96a8957312c9fb17247626fd66a0296fa04d37c123c2d8fb2d8b8783d2735b7a
SHA512 0cc09ec53ff94dae8d8ea91d9a3e1931d5eab8372f693bc15cf6084dbdb5883ef95cd901ef0c33f7e1411a5263f779a1fef6a1ad4fbbfd1ca214b13e8d58b2d5

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e142cc5531f761a931b8e748c59d6e1f
SHA1 55d3b90c3f47c2f67e68fa03a0d8b3c08c9ae3ac
SHA256 785b685ee178c157ee482c0ffa7f5d4a2b6d85f4660a6f9bac22b007af398b95
SHA512 03878f75f5c52dc25c49f5199e15bf8ab48e1456cee27f24cfe05eac0e1c46f689fedbf7ed03faf14c5b4a78ff4059dd19c7d9dd58e335b7771bfdff5fd47c46

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11c7e1ede9d650dd0485a2074b03ed5f
SHA1 b4d8cc2c811ff0d3e94b5a7357665db939723512
SHA256 1c8d38607ae5a01f47c86f8490daa2d1a7423c0a94aebbbbd432b86aef7812b7
SHA512 3dac782e45f8cdbf30dc275fdaaa3cc50255f078ec84985058982ba4cb89158cdb71c80ce0702380afa3d511c6d5a62053c188d78b954109b45107ccbc3bbb33

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 54233f1e65372632abd6cfc79df23c3b
SHA1 4d3f6cc6637a3b56a85c2e9229af03f893ebc240
SHA256 5785eb07f8d6599b0269f005d34b6ad854256102ea78cd0c862b0c89cea76a07
SHA512 0de4180be4370a6cdec609def5343cd417ae715d8f52edcca32ed46cccc96d244a4aabdfbf3a5bf244f95579460b5c2a0c7bc0f2a8597f2f6520a87449c18726

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c0464c86b5430b84a7ab78785a451bf
SHA1 c7365e66476ff5582eed84c8b987bc86cd5bbadc
SHA256 96dbe26df6e9b1fbbec8411528fc57fd17b8ad7cf35aa59609bc13ce966529c7
SHA512 c35a8c399bdfd18f59e16319b7a7b127b5b4ddce3794212e243f60868ff7beec1b21db9c48843a203f0dd4fa6085c8d08a6b8cec18d508e976da0526be98e4c9

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9aa855b86b250c534dfb4f6548384dc9
SHA1 e04f964449daf590a05d3ba505fb23d478f31090
SHA256 aba7b9a52c94caa397730b494b6d2e95affcf1db731d62afe7911e65e081a4ff
SHA512 226157aabe2092bf5171b85354341a935160e884826584581ceef593a496877cef7670d025a37f71d7118683d28e932aa541f5da2ed4724bfa1657890bc3a46d

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0241dff2b7f5fd76be12e972ede43860
SHA1 0dc6ffb64681037ae944a1aefb3574650207251a
SHA256 6071ad5cc855817d2db85a58d9ae3539d324571f14e9914ad07ee2455c2a998c
SHA512 bba19c50dd4b89e7b8d46081552a395f75ceca8ae0917cd8f4d15060794f686819bc1706fb8540239b3782615f1bf4d63538f32f443bc98e75139e1a2223e4b4

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3796f8c6f32c49831369993fca37212
SHA1 7752241a0307712791d79fa459a444de96ee50b8
SHA256 d40d299948d43f3ab8ec95fd4ddee713bbd0884d07039916cbbb2ac595b081d5
SHA512 196edc52b4002c363fab4682938d6795a759f1df63ffde52baf3e1c9f91a406bfc6f8c34c077e41a4bf3dc7ecf34cad96eae5d22048cd1c9cce3d54735bd9a3b

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64da8eaaa22cb7d425ae3918be641228
SHA1 3b9413ff4b3bd9ef5ee198271adc4b814d111cc7
SHA256 994ac5982e31d660092363836e262272913c335f0ac694b0ef4faa67b149eaa7
SHA512 df2a33eb8828de1515848ab48e66619c68e143cc6f0fb36746d8116a65179c07b8882fd30c4016a15a717c66ce6bc6f05f6aa71b35cc28584598523bc363a7e0

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3a2883a5a083ab727bacc3dc092bf6c
SHA1 f8b96c71ee9f5bde753ab986faa22460de61ef5c
SHA256 3482fed0f10871a7e1d97f32a63f1cf2a5fb7ef344e30457f8257dae87d81083
SHA512 39447cbab6081530d8e52f43dee4059718dd35cb085545627d893136868c9dda245af82719ecf39ba870b5c3eb14e0c9b12359ed00d7f0bca5f6554c2d45c538

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14cd524de47fb34a356169c80ae0e897
SHA1 ac6f28b74ef2f8971a9d4e5cf2206e22b083dd19
SHA256 ef1169573b8b4b482f214f08e1430f6764c63cb3fba306a79a655e3c85c801a4
SHA512 e59e11e4c9fef89f0d4877cde02241773e9d1bdc9991e62af5679a5867df7fd8873f99b5ce87f775eb18994c87d4c8962e08ff0c2ae39efad4b80b2e7653c843

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 325321ed8747b901b80f9e68c9929ba0
SHA1 eac99d842cc021e2e76dacc11c6ac9ce963ac521
SHA256 9c4128d2c648a6a7d7c465330059a265891bd7d40ba26a1cbb342f4045a3a83a
SHA512 3b748f369f65c3bb61a8eb484809611362bd195e3f0f56ce8290e2c30dfc490c0b0ed51e479e559caa2a39e585cfec9c695053e38e3768fe601fc3feec6c5ef8

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74bc6fd00b9b2627c382564492de7ffb
SHA1 a385376bbb33c1e6c41db468635a29aae0fefd70
SHA256 94410bc32d6badb1ac7e2966031e86aa11a6ed333e9890eed4ec037f9a51f2a1
SHA512 e6d71db50459f5e000f895c4b73b29070dbb55f8d578b624d06ecb3df580c9e2c84fb65d32ce5b6cb84f621755f1463dfe24cfe697ae9d55bc0463a7165fa517

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df5b6c55962a3aa84c042973570355fa
SHA1 2eb5fe0d4631d228564e5a547ef3e9416afdd627
SHA256 c4524ff1e3c02b745408678734a61f93b5676a9fd6955c2f8ac80d9c1dddc068
SHA512 adbc693be764435b776258b0608c7cfc0b8c8f51fb0b4c68ed8fe1259d8ad5e703048aa0830d80aeed05a9546afe25960bd069fdd66c85351a3615a079790e11

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f59120549ab663c2083baa4b103d03e2
SHA1 e07e7e83c4cd4a2633995e905129d3ae0dbecd38
SHA256 14080bf7939911f4c058d97023a484b5d3b7f0ad2e92ea82af2ca35ff7a91a2c
SHA512 bbf078e7d0afd453391d0f9339321926779d08ad9677f6e01fe61e3ca47097cb416f990c6ee6622e09cf0bc14e8caf8ad801e97bc8823d7d768ad9450b1cd94f

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f75a126ed7de9615e5161c97f37a5d50
SHA1 1a03d3d3db668dd0df60df2412aaf16c7d52422a
SHA256 9025f67afdaa810e2f1b0c2484a0e2bb1ab2ce5472aa11b83b3aad5de109f071
SHA512 11f4a596feb0b0e8641a8f0c908fcf8b9811abbda08b50d4ca4b389c058c046da82a1259f8427587da923d3d0cb72af0a10de2d579213418381fcd7ebec7cae8

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1a37067fc6c054d2c15a7e4a3f9f1bc
SHA1 76b22a7c77a4d840e1618446306e728dfff521ef
SHA256 942c303c7ed37afa1c66e6a7f36237bfb2f97d22b6d1f4b2afa3ca4cc77b2ed7
SHA512 7284830c1042d085635bee65d8655f3c054526ea371042d19a5990a2a41eae03d2c1b7ad71a82e3e2bdc905335ec2b264373029e61b9a120269bf89461cbbf2b

C:\Users\hehhe\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4ab02947a9fe7c92a281b10d6a0e9ae
SHA1 7c7fcaf20b02b2d59a2673b82af245a768514227
SHA256 9e0cf6d4e20765f74e52abe0c861bb3ccd58089f51bacd448fcd01a6f3c5e75f
SHA512 824222af156f3ebf9a1516bc0f5c8af5e89f4b3aff62df5da58d3485276536238fe1ac7cac7c0d732ad4a2c77677e90f717988dd4134c4b64f8612b10dda85cc

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a89936823abb06553398029fd9371d3
SHA1 03be1c5e35da5e2984c60a18af80de825ef10aad
SHA256 750d5f8cd72f308dea32b7b37363fb4175a93c4311cd2430d061049fe2019686
SHA512 3510e78517e9696cbfa494217bb6cf484b8eb91bd4b730f1ef3a9125584a783475ff26b53cdf3dfec344efb097eeeeccdfa3d7ee5c9493c39565e33adbf6cfca

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46ca1e14b16fa2195d049172d6e3d044
SHA1 2f04baaf0a7ef665b2f0dc23a0a7136488841866
SHA256 390a2539a8525ffe826e15b8256ed4b5f7275856893993a66ec03da7b2826b0c
SHA512 d5d2e5b8cf67b2f9410356138d00b1415d3555dde610863399ade5146cd4f9b425cae82f8d4206002f612e9db90b90ec8eaaac483ae28eee4742a136d08ebb0b

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c9bac6691faed31717197d2eddfa554
SHA1 0aad0f5713d4d7aca31d1e3e2b9b6ae448b7ce31
SHA256 079978b39c150bf1a68fefca64e9ffe85e924b6393b13e7332ebf6280d543db9
SHA512 997f45e6f4abe22aec487ef8191f9c4494a88cc66d5201628ac3fc1c41eb391b9f4eef3c6cb9bb0d9488353fbad9f4ba1c512829e94dbb139f430cab1c931174

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 367d0536cbdfc63259cc0812c13110fb
SHA1 7103e27e9d0ca1e870898893398324f40c00fa99
SHA256 7b812de2fd32d388b730d55faf94175134def0e11279b752218a94c2ff272e71
SHA512 9425648caacb5efe1797803638d8de8b6a80a14377d5213bc1429922d424d9bc66c01b18ddbf16a90c3550f44b0254c6c9179c3bdc9c6d1de9ef1b3d400a06de

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58fa9dba0130a2d2383871e59c604378
SHA1 b64ddedfd9bee7d10960997ba7e511f28ddefc62
SHA256 d308d4be7aaee5078cbbe799a13d3188673d0f76970c01f145ac2f088fddd14a
SHA512 17c26a49c516c620a471d93f8cdbc4af7d37e70b3bda2d0b7ee67f2272fb54aafe76ea96805d3da7739cd08a984dff63a9e244e48ac98e2e9434447a6eb62d81

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db92222cac237b22c41d296c4a9e79f1
SHA1 764a64304ebee347a35ad94048cfed16ac037fca
SHA256 48d7b5eda4a06e5a2610e5190d9fc0833dbd6967929424d26842cd1fece79682
SHA512 20432110c664c9c26cbd120e02e7c2d86bbcd9a1f3142471cf53bebe8677b4a24263602142f97abb9d49e91562d48d11f2d1471d8b8a1e74931145eb3c719dd6

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0065bad28b154210f694b2cf310d733
SHA1 7547c4e71f9da798d67d81492da3169f0624f433
SHA256 f0bb53484ce8c772bed7024ae23817ffde02197a414704a768f54fb2ef506902
SHA512 a49a9e584bd41a5da227ccbc619d06678d31bf1c51349afd8df469dbde48f2899b5f0be6b54c78a0109fd99880fd7ea6b540159ba2af883493be1169a08915a1

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7261d9687a8b4d79d5903f71fc44da08
SHA1 e7b12cf10ecd154beae66f68518085a8104551d6
SHA256 bd9adb729942e1aab2103bf6f8c0b704acbf521a781633ec0b7619b2c02453fd
SHA512 eb227533a5e73c1c63ac8cce700ae86eb8774eb8971bf7515e85bf46973df75b68ed86c02ef53824ff5817aa9a7d6c5beca72d6430c5ef8ebc8c911c89a584c7

C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89f83c3cc5b4782960bd53c54d6f3fd4
SHA1 923ae4abae6fca939927f11c26a5b96fef8d2769
SHA256 a0837aa60cf6dc627677c65e1c874a156678696b5467d1be097708d79d91a045
SHA512 554415905f1fbc137ac2916bd7af0f1890698c2fb8229a73a517730361b49fa37d5ac3a114eb89dbbe9a00668aa0ce60050d976d7040c18bb8b096164a783542

C:\Users\hehhe\AppData\Local\Temp\~DF0D138C59C8969204.TMP

MD5 f31ef58aaaec97af30bdaf2c575622c7
SHA1 8ebd8d780c0b0c317f5e4258901898eae9bef7e4
SHA256 5259b7449b8a6c334cd44709fe2cfffe9985043f7558e84d4096f1954fef8e5a
SHA512 7ab019fe4b659f15fa59820dfc8a9f711c8b208f4f3c17fbf9123216da489c4471b9c0c07d76e86e10c84695c7626a48e1c200b92c5d6ad5c8edb6fbe560539b

C:\Users\hehhe\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

MD5 d5e535e4b017c0c5dda171adc1d399b3
SHA1 180937b58f9a60f38012f72d574925b4a5d97da4
SHA256 4b4f70069e2072c81219a465ffeaface0e912569c5efbdfd2e05155def3fe971
SHA512 99cf1b5a44eb9fc9357f70560f10ef11ed977733635b105f9222c728094f23b10b643fee73f7a2cea90b5709ff0b0bd24e91e3ea8986deaac439a36b8e7687a7

C:\Config.Msi\f77f874.rbs

MD5 1a77d6563eb201b977096cb957ccc0b7
SHA1 7036e68661c87e7aa746b26478a61966fab3a7f5
SHA256 52b10710f9036c961d1ffd5ffadcfe0a4580cee786e5992f494f952947a38625
SHA512 013c9fc3771fcb1f80a310ceb775d030283f8540ea72ef83195001ff758a531a1ba524b4e235e6950b93ee795fe0eab476295ad80a6fc35752af070b6282ba62

C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe

MD5 ad782ffac62e14e2269bf1379bccbaae
SHA1 9539773b550e902a35764574a2be2d05bc0d8afc
SHA256 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8
SHA512 a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe

MD5 856f6ba813d0bd232817be42d277fe0c
SHA1 a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e
SHA256 f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23
SHA512 f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\UAC.dll

MD5 d23b256e9c12fe37d984bae5017c5f8c
SHA1 fd698b58a563816b2260bbc50d7f864b33523121
SHA256 ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c
SHA512 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\ServicesHelper.dll

MD5 b9e8c2212ac8dae4b0eaf97c048529fa
SHA1 331d172323480b0518abdb0cc9e256dc7f46c357
SHA256 d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f
SHA512 d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\CityHash.dll

MD5 2021acc65fa998daa98131e20c4605be
SHA1 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390
SHA256 c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14
SHA512 cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 7b067d56eeaaaa4e1331772929f1ed88
SHA1 0b2c8947ed849bdf519c6003d807d0571b05d937
SHA256 8572d9a412db0dcb0463abbfbe44e7866a99129bcb057badcaec8ff0e4047e3c
SHA512 135bc05383b10cc446e45432e93861d6f347731a01ba696c314bb3e153aa40f27e66ad1de62f7cd1641fdc883ec69fef8489bb6d674e7253a5c3a8e3779e09a4

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\BitsUtils.dll

MD5 8dd17c172a24ebf9601308b949a9ea22
SHA1 507e586c9f69ddc7e58442631efc44f3fe58089c
SHA256 ab77c0a6c79e76ab0f509d655273b2ee5c682c702217f4f884bbab3d2fdfc4c0
SHA512 7de5a35771ac8ead2e3096de29bdedd8e94696d35dc304388c1cff2a14bb264e389a576dae21aaf9cbac79de6c99606b61f1dc5f0ba35fd261b2f5553d389e59

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\InstallOptions.dll

MD5 fd249bc508706f04a18e0bc0afddec82
SHA1 b94efda9f41c89fc6120ed385867125d03f28bea
SHA256 c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad
SHA512 c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 f7ec039deeba38e9a68a2f761b5c5d2d
SHA1 27a6aaf4b782b8835a83fb1e2ac3ee6a926ea25c
SHA256 58c89c8292e0a4c4019eab37e268691de3619ffe438e1d5ba11cbf13d304c3e7
SHA512 59629997d8f52896688e933092da4563d5667198d36b3f197aafd2540e37eb6a536e9c85b1cbd32909b3f6fa584912b0c67f503dc623a84555c7ca594477c20f

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 1bfed254d058661293a619040b491748
SHA1 38e2793fd34b1659b8612300b43b1fc2940347d0
SHA256 f3d3e6b4725d47659ad99581fa188d1c546ef4f2917ee72962abfecc8d51f10e
SHA512 30ef55223b0e91e385547d359b71452d08606a44b9e2ead598cabc8e2a478a2f395a666efb9fa1902f73f5a87bdaffd51f28cd8f50745b53e957aeb68ebd00fb

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\modern-wizard.bmp

MD5 49ff8ad8f51875597f3e919e8770c24c
SHA1 1e840ce0f68281e312317bcbdbc10fdfcd3959c3
SHA256 76da716588b8e51e36ee7a674cd873a8069e27fef73851d1e190face5a67fc66
SHA512 dcf29bbef46b1bd8d9f6c6221955ab06da23bc6661c603c188ce34fed80984a3b6d2006ab38b49aa9d1908d714cc0f40e63b6230244e4d4a0c9baebbbda1ddb1

C:\Program Files\Mozilla Firefox\nsjE301.tmp\AccessibleHandler.dll

MD5 650e92170be6d72b5b03b4fd57d9c768
SHA1 96afb8675e8d0ddeda7e5188182d2f7bcfc33ae4
SHA256 1f82976a2d2dfb39ecb4aef21390151d6407c4b76f8401e86b6162920c17e622
SHA512 9ba4d29a8557a50e972a77edbc72c05ffe62fca5b238c68ec7325932b554d10a3feacd5ef3a4a004feff41c5d956d2a78ac98cc2688b3a83ebd35e7c9d1d6b2b

C:\Program Files\Mozilla Firefox\nsjE301.tmp\crashreporter.exe

MD5 73603c36b4d1522c3402d67ecf657312
SHA1 6a964ae5d681455c320ea0f8611b79a99a35b283
SHA256 7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4
SHA512 5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

C:\Program Files\Mozilla Firefox\nsjE301.tmp\updater.exe

MD5 4b45049272a1df52475a7f60d51423ac
SHA1 5d5238acc80b9fd5c8eade99c080ac86578f223b
SHA256 fe51946b1bec69d578f11e5715ac1a49c9aead788a1f65b3d26a3224ed32c9ea
SHA512 d6579749a591d850e55b3b8fade0ecbd033657e489f90a48e9ee727ba62f91958b461f5a4cf649cb1af101b3ba23ec0b1560f598c1712882def7244da882f1af

C:\Program Files\Mozilla Firefox\nsjE301.tmp\pingsender.exe

MD5 4d71df73d0ab010ff183ab084b21ae70
SHA1 366b6476dd874867fc353c27a4e59aa0c304ab75
SHA256 0adafbc9288c344b1fbeb66d15f9f5a8b7591ea717aa0a595bfbbd0386b1c53b
SHA512 bfaae4316509f70dd997819ea8d17258adffe8a65819a15b28ce082f11ac16ee7ead735b62d8f3d435e6cf56aa23e1fb07a216078ace5a64bfa31914e31b8637

C:\Program Files\Mozilla Firefox\nsjE301.tmp\nssckbi.dll

MD5 93e4fd86c80f87d9424c2ff54f30b42b
SHA1 d2eb5789496e1688d73e6780015bcea468d3819e
SHA256 41add942e653a0e917c9e6ffaf4db57451a12609a3448ce0850eba041d5f240c
SHA512 f581de34c3abba8d774804d6ba4b31c62eae3d31f6f4355d5ff16da46432a1b9cd49f630051468b9f88337e68cd4b87bf78754cb80998cded7979185340e022f

C:\Program Files\Mozilla Firefox\nsjE301.tmp\mozwer.dll

MD5 a3c52915bad6f32984d0c5929cb49df6
SHA1 08c6f107f82be866451b5aa4cf2b2ac02e55dc95
SHA256 fafc8c8c60062012926ecca6ed49dff88b5654f7d36aa2ed6920216deff3af38
SHA512 8488778dd21a1d78fe949ecdc618d34b6aecbea7c92d15fc911bfabc550bec82f1f631cdac4565f6fdcca4a84bacaf57f378a0ef37648a8f9415fbb54cf75066

C:\Program Files\Mozilla Firefox\nsjE301.tmp\minidump-analyzer.exe

MD5 b846d3a4993ad116ec786701492ba32b
SHA1 3b8525674a49757fadf61d5760d709a09b77338a
SHA256 1ee390efb43599624909919540ce1d8896d95e1dc6d70ef9ec861206ecca9939
SHA512 637e3cfd67cd725db9ff741919ba3234bac5f5c5454283949fbb0c35fa8043afc1d5610060b956212fa65fccdc8a4f0d57c4ef298b12e0dcbca23f61e86c18a0

C:\Program Files\Mozilla Firefox\nsjE301.tmp\IA2Marshal.dll

MD5 f309a1b32cbb2b87db1504174fa36b8d
SHA1 5c3096985b95f2d69153cdb3666d5f18629da03b
SHA256 ad868b5352811dc328c4e75b2898d45c75c5af8d3b0ac062810d95847a99e0bc
SHA512 a493a111cce1de0ea9d9999a7e1773334a1fc7b7e71115e60b22d0c1b52e439d889865051c6487665d2638705a676f8600653059dc120d9bdb87d8a81b737112

C:\Program Files\Mozilla Firefox\nsjE301.tmp\freebl3.dll

MD5 2bbd81e8a24fe88cd5222673429fbbf6
SHA1 ac6146256fd524de7e4e39fb5f776e8fa894b2f0
SHA256 b7dc465478516ea8e9011519761e6c02eb44c18f20694ca8bfc84ea236dd8df1
SHA512 d4e71ee9b7920c77476e56c793e7621ff01bd8138c02cf30cc5b4188f75bbb781a91e987098e8207e71df167f3998f0a1bc04eab0a9830274b860fd49774d638

C:\Program Files\Mozilla Firefox\nsjE301.tmp\firefox.exe

MD5 1fd347ee17287e9c9532c46a49c4abc4
SHA1 ad5d9599030bfbcc828c4321fffd7b9066369393
SHA256 912373af6f3c176b7e0a71c986d6288f76f5be80de7c9a580b110690271e9237
SHA512 9e52622077e805fcff2c6fe510524bf9ca7246da9ef42843041e82ced28b59163a2729335139df9e2d2a4c748ed56471bb053f337655a77d2d0976370f07acf4

C:\Program Files\Mozilla Firefox\nsjE301.tmp\default-browser-agent.exe

MD5 3fa2910cbd44b17be47ff26ef27c5157
SHA1 d8a2bbcd3c88671b48478db293c61268fc24accf
SHA256 d448206c75c51f8a44a1c7fd5dabb8b0505f670ecb2e5d2adf55791b9cef1b0c
SHA512 16b70c679db2ba74a98f99956984fa044e96c821ccd5521b4882134c705b823674891d0521dc49c2391d5c184bbbd0c6d68890df65aad1972113aeda4f3b944a

C:\Program Files\Mozilla Firefox\nsjE301.tmp\AccessibleMarshal.dll

MD5 603790c20a3c54910d57a264b9570251
SHA1 cc116b933d2765ac44d268202e342132ec30b8a4
SHA256 682a1749e7de1f422f7bef98b726e419eabaf7f5c06d89d75626e51a12729b8d
SHA512 d9807ac77d3df4ed0b3f1be2923f8b61794c37b7bb759c9c5b1ed80c2c629b0ce0c7f8607e98ed4628d3143d8fdcffe7d994e670ac08a55db4934461af8c205a

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\unconfirm.ini

MD5 19313efd31f6576a8ce93ac026ffd896
SHA1 4a4ea15e220c46df28bd5bfc8e6eb491e6b60355
SHA256 822d328426d827c8fb8529cf17c548f57bf0873df3a4a2286977451c7ad5cc3a
SHA512 7a4adc9534a9300f64a4f3fc86cd536f700c0e1b0e75cb5578ff422e24bd9f1ceab88e47d4bb088c624521220b1c2cbb1038c926f0b10583ad288e6ebf17226e

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\modern-header.bmp

MD5 d74f354a7dff27324b463404f4eec99b
SHA1 c0cd9ec50ef163bb868f574db8ca97ccbaa109e4
SHA256 bc08eabb8b11b7693ac5de4db4d787ae31fdc9f29f6020536c838793bb2d4438
SHA512 09116cfc89e16c0cb104e13292976fe8cb97131f309228fd6488a13d2afff4b902ed490f12cb633be232654ceadaee00f23cbe6206677e61c0a9642c72486c4e

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ShellLink.dll

MD5 fa94d120efb029b43217c66bbc8c650c
SHA1 1fcf2d76adf69b403b7400681ac91d50ed20385f
SHA256 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db
SHA512 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ApplicationID.dll

MD5 fdc0338e6faeaf6f7c271982e103473b
SHA1 9a41f7932abe8be7e32c6371f085cf14de355d00
SHA256 a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e
SHA512 a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

MD5 8d117f0cace088ed532bde151099bfef
SHA1 1d27ba224308ab9dfa08d0b4c19dda4ab47d7e2c
SHA256 3fbe674ede8c7099ba6c316e1e1562c6ebe1f3bbde96276d6676fe4309658c81
SHA512 2560ebd7e040b9b7a3de60d16e00182f2b0fc0c0224125cd9bc6eff0fdcf23aa44c2683d7b1a39a16a5cf7f70cc5dfb84628cbfe6c2e6263e1d2936bf8723cd6

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 ec735849b809a4443f61b1aebe9d946d
SHA1 4b7b3b5a7f39472e777c9b7a8d8ef4ff999aeb74
SHA256 52d60bd4135d5f634f6868b27d18ccfa064c258565ade8a5ff3a476009aa27fe
SHA512 3a99525d6a48d9ff265e3c3989458312ab968cdd160856f4f77440799458e1a396918cdff174dada759e38915c3bbb241d36815d695c7778d17d9c5648c61ab8

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 8f6c94936deb2c04a3dd912705bfb3bd
SHA1 f633ce624000b8f2e83388a20723024c91a7f5a0
SHA256 5fab9e63a106c693b1a3d23ea6c1ae5ce6d2855a4d522ddab4e5ea1032ed3b51
SHA512 360403e52770a69b03c14168bd3f742ab709c940718c92009f567b52494570e52cebf9ca4f63e96f690d87fe44f16be3db3d5daee3652cfaa57d5debb40bb921

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 f3b6a8306906cecfe75232fde94e74ee
SHA1 fadec33a32f85a723f198e02e0c3e56892c04e69
SHA256 0da1e23b3240713362243822d813bbc2c8a62d1e6a0fdc5073d74dadd8fa5cb4
SHA512 f30adfd902387cfdaa9fec4ebe0e3a7e6ba4558858046ab2105f1655902e3a0729032d8acaa2c2f89376ed1973c7c4e5bb9239b69a3c6bdb2d048040e558e3fc

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

MD5 571751c8158753f769c6953f3bd4b57c
SHA1 2b8208fe51abfac9beefd3ca5ece8de03395ecfd
SHA256 74864672f0f7baa094c4303b0f2ef9815666c54bbdae658a00e91fc01b8f25b6
SHA512 0b47555af0c28807dad49c3b11066b5fa854c72fff66c8dd6e62ad31254fd95277828260e7eb6bc5005b2c91c05b6964fdf547a9a0d0fbd89f7014086f2cbd89

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\nsExec.dll

MD5 0e584c7120bd474c616013c58d51dc6b
SHA1 0bc980892341b52985d92fb3d8fbb6be77951935
SHA256 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391
SHA512 aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\Banner.dll

MD5 2b3f617f22f70710aaf7f27efab15c40
SHA1 66c2397748b46c0aa03f0de1d3b1ef0598512f7c
SHA256 2393ee61dff10c520fea62b5d6dc1c3a559fcad55f5cf15b22e1f408692a35f8
SHA512 69295601e8c20a97b512a99afec2609997b589d46a507b2738a6c974ee5b68bde0e56fce150ab1fc4355aa561e8125335378a9c648bbc533bc5b44de1b85b3e5

C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 5ba8b6e3a9d08a4fd4f71eed8cc56275
SHA1 5bfd77c8ddbca1dd2d4e6a9e08a0d89b50a654d0
SHA256 e202657abb97ac953185c97f0d4e3d3133fe760d8b8c4e97a2c53d94bb8d58e2
SHA512 e8242d974ff4c103cc1af4d44e55070abca619dfbae0fe450fb2dbe165a0af629c5e010bc0cbc5d7a8d40a2c420aacb3857f4d410f65235da8099379458fe419

C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\LangDLL.dll

MD5 27cf377d1533f78135bb36ff36b6359f
SHA1 8eda472e1cb83e67c1f118579ef01c1ad06d133a
SHA256 998d77553254e5bd11a4826a2bdc8549d0e28e9199db799b919bc6d15f8b0694
SHA512 f48e597f7d77bd03aa150927234a639c883d2937ee6b24a9f5bd13e70f2b609ae61301ef906ba2f5b047846d2f2818199f5bfb2457618709f2329bd5193d65c2

C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\System.dll

MD5 1fddcb352cab98f4bd46583dd6d71501
SHA1 ef7bd2afa119945527fb9e2bdca6024e7622cf55
SHA256 47e565ecd4e5523d6e4969f1108d6ba8894d2577b83e319fe4b53776a8ad5b5b
SHA512 ab5e6c586801bc5ea8914b4bf42823d3a619990b32eecba39195370175a74e3984c9c87e6b01add2670796079f5fe2e44910340dafc9b4a4b2950fee14ed928f

C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\nsDialogs.dll

MD5 30dcc81f69c5d1790671c05be0e93ec1
SHA1 9db43df563ed5144c0419534f47fad0af4c687c6
SHA256 d43a3ac1b2ddd073c9d20f4391c212cf092c469fdae80a8a632f478205d58b2d
SHA512 7b4019ef62840160c1b285214775a81074f14be4ed674a0dca11cca32a1b7156ef6aaadb85e96a4a34f52a89f473c7488a2116f9cadcb583286a1d352704411f

C:\Users\hehhe\AppData\Local\Temp\Setup00000b24\OSETUP.DLL

MD5 fcc38158c5d62a39e1ba79a29d532240
SHA1 eca2d1e91c634bc8a4381239eb05f30803636c24
SHA256 e51a5292a06674cdbbcea240084b65186aa1dd2bc3316f61ff433d9d9f542a74
SHA512 0d224474a9358863e4bb8dacc48b219376d9cc89cea13f8d0c6f7b093dd420ceb185eb4d649e5bd5246758419d0531922b4f351df8ad580b3baa0fab88d89ec7