Analysis Overview
SHA256
ac9fc4e93081a956a51e3da6343e48e6ae60260d781d892934be9aa80f0255ca
Threat Level: Likely malicious
The file file was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Registers COM server for autorun
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
Checks installed software on the system
Blocklisted process makes network request
Installs/modifies Browser Helper Object
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks processor information in registry
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer settings
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 23:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 23:00
Reported
2024-05-01 23:30
Platform
win7-20240221-es
Max time kernel
561s
Max time network
1695s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0391-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0240-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0324-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0108-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0180-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0086-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0319-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0061-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0254-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0093-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0034-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0205-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0282-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0154-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0089-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0162-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0241-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0212-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0196-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0134-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0290-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0311-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0313-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0135-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0191-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0094-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0139-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0180-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0150-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0383-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0312-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0290-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0087-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0111-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0147-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0230-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Windows\system32\rundll32.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\javaws.exe | C:\Windows\system32\rundll32.exe | N/A |
| File created | C:\Windows\system32\java.exe | C:\Windows\system32\rundll32.exe | N/A |
| File created | C:\Windows\system32\javaw.exe | C:\Windows\system32\rundll32.exe | N/A |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Windows\system32\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Regina | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\wsdetect.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\management.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\blacklist | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\java.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Colombo | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\classes.jsa | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Zip.SFX | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\javaws.jar | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cuiaba | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Rainy_River | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\deploy\messages_it.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinRAR\ReadMe.txt | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\dcpr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinRAR\RarFiles.lst | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Yellowknife | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jsoundds.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Macau | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Order.htm | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\cacerts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\sunmscapi.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\jfr.jar | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\orbd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\cacerts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\COPYRIGHT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Miquelon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Managua | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Amman | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\flavormap.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\classlist | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\Xusage.txt | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Matamoros | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaw.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Asuncion | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\La_Paz | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI58A3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI59CF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI181A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI303F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3281.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7a4ea5.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7a4e9d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5960.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5ACA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI182B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B39.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7a4ea0.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B68.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5BA8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7a4ea0.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5EE4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7a4ea2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI300F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F13.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF5C9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7a4e9d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI62DC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5980.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A4D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7a4ea5.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "19" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0106-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0315-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0348-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0059-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_59" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0249-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0235-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0171-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0343-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_165" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0191-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0371-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0375-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0178-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0230-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0221-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0145-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0367-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0056-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0260-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0091-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0168-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0170-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0218-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0370-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0343-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0114-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_114" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0205-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0293-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_293" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0393-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0056-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_56" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0276-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0077-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0215-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_215" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0202-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_202" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0270-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0102-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0085-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0088-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0241-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0178-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0377-ABCDEFFEDCBA} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0244-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0221-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0390-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_390" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0405-ABCDEFFEDCBC} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0151-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0313-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0350-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0219-ABCDEFFEDCBB} | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0240-ABCDEFFEDCBB} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0034-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0359-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0281-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_281" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0097-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0412-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0164-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0328-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0122-ABCDEFFEDCBA}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0419-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_419" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0113-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0287-ABCDEFFEDCBC} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0029-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_29" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_34" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0140-ABCDEFFEDCBB} | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0172-ABCDEFFEDCBC}\InprocServer32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0266-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0360-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0172-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0090-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_90" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0348-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_07" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0227-ABCDEFFEDCBA} | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0182-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0107-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0319-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_319" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_46" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0103-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0145-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0322-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0289-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0185-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Windows\system32\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB} | C:\Windows\system32\rundll32.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSI303F.tmp | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\java.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef6619778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef6619778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2760 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1400,i,25483838576336982,17038990695765205240,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1400,i,25483838576336982,17038990695765205240,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2968 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3136 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2740 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4040 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4160 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3604 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2480 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2600 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1864 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3228 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4920 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Downloads\SLite2.0.rar" "?\"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SLite2.0\SLite2.0\Leer antes de USAR.txt
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\SLite2.0\SLite2.0\StrapyLite2.0.bat" "
C:\Windows\system32\java.exe
java -jar StrapyLITEv2.rar
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\SLite2.0\SLite2.0\StrapyLITEv2.rar"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Rar$DIa2748.39353.rartemp\MANIFEST.MF
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Rar$DIa2748.39353.rartemp\MANIFEST.MF
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Rar$DIa2748.41216.rartemp\Interfaz$1.class
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Rar$DIa2748.41216.rartemp\Interfaz$1.class
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4384 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1784 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2416 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2308 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4848 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1180 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4436 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1272 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4220 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4156 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2660 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3584 --field-trial-handle=1276,i,11065923798414009639,8542031950924693151,131072 /prefetch:8
C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds259663664.tmp\jre-8u411-windows-x64.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 91FCC1C02751A1D92496A0E12EADC142
C:\Program Files\Java\jre-1.8\installer.exe
"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={77924AE4-039E-4CA4-87B4-2F64180411F0}
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding F8B1D943718104B3B66E571815D48103 M Global\MSI0000
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 310E88CFD0DD1C325F8E20B70FC77DB2
C:\Windows\Installer\MSI303F.tmp
"C:\Windows\Installer\MSI303F.tmp" C:\Program Files\Java\jre7\;C;2
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Program Files\Java\jre7\bin\\installer.dll",UninstallJREEntryPoint
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\SLite2.0\SLite2.0\StrapyLITEv2.rar"
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\SLite2.0\SLite2.0\StrapyLite2.0.bat" "
C:\Program Files (x86)\Common Files\Oracle\Java\java8path\java.exe
java -jar StrapyLITEv2.rar
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar StrapyLITEv2.rar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\SLite2.0\SLite2.0\StrapyLITEv2.rar"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Rar$DIa1828.11493.rartemp\Interfaz$5.class
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 18.239.190.3:443 | cdn.amplitude.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2290.mediafire.com | udp |
| US | 199.91.155.31:443 | download2290.mediafire.com | tcp |
| US | 199.91.155.31:443 | download2290.mediafire.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 18.239.208.14:443 | tags.crwdcntrl.net | tcp |
| IE | 52.211.13.38:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.48.238.239:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.48.238.239:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.211.13.38:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 18.239.208.126:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.148.107.27:443 | api.amplitude.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | notifier.win-rar.com | udp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.java-rar.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 74.125.202.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| US | 8.8.8.8:53 | c.oracleinfinity.io | udp |
| US | 8.8.8.8:53 | dc.oracleinfinity.io | udp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| NL | 23.62.61.162:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| NO | 104.110.16.41:443 | static.ocecdn.oraclecloud.com | tcp |
| NO | 104.110.16.41:443 | static.ocecdn.oraclecloud.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| NL | 23.62.61.162:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 18.239.208.97:443 | consent.trustarc.com | tcp |
| US | 18.239.208.97:443 | consent.trustarc.com | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| US | 18.239.208.13:443 | consent-pref.trustarc.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | oracle.112.2o7.net | udp |
| IE | 66.235.152.156:443 | oracle.112.2o7.net | tcp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 18.239.208.58:443 | consent-st.trustarc.com | tcp |
| US | 8.8.8.8:53 | 684dd32a.akstat.io | udp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| US | 2.18.190.79:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 2.18.190.82:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | x5s5cjycck7fezrszjrq-pla0vm-d6a571d89-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 191-101-209-39_s-2-18-190-79_ts-1714604643-clienttons-s.akamaihd.net | udp |
| US | 2.18.190.79:443 | 191-101-209-39_s-2-18-190-79_ts-1714604643-clienttons-s.akamaihd.net | tcp |
| US | 2.18.190.82:443 | x5s5cjycck7fezrszjrq-pla0vm-d6a571d89-clientnsv4-s.akamaihd.net | tcp |
| BE | 23.55.96.141:443 | 684dd32a.akstat.io | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| IE | 66.235.152.156:443 | oracle.112.2o7.net | tcp |
| BE | 23.55.96.141:443 | 684dd32a.akstat.io | udp |
| US | 8.8.8.8:53 | x5s5cjyxhy6yszrszjtq-f-59b5b7886-clientnsv4-s.akamaihd.net | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| IE | 66.235.152.156:443 | oracle.112.2o7.net | tcp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| IE | 66.235.152.156:443 | oracle.112.2o7.net | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| US | 23.220.112.104:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| GB | 104.103.251.196:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NO | 104.110.22.225:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| US | 23.220.112.104:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.163:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ecd8ebd0d441c0b49b641fbcd5444d17 |
| SHA1 | 75760164655f0e440880cfb868a10a01b67b6c90 |
| SHA256 | f46d8cdf1812d342e3b49ee242fdba78935d597ccdf86989d165e28696cf62b7 |
| SHA512 | 99913f343bc9df93bcd6d789c4ddb2378e7f49778836e844bee55de79a98c39a9793331a22c2e6b6f171fd3289c77586a4e32b9d9bbcefd68a0029f6d11d2256 |
\??\pipe\crashpad_2384_VXHUBOUQYQHYIAJS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\45351f96-bc13-471d-91b5-1e265f10bf28.tmp
| MD5 | 892c8ff305635e30380c54f25ce5d8aa |
| SHA1 | 66346fa88626e81e82a6882eb1730149138e9b5e |
| SHA256 | 3a03cee5f275932fae84d14ae5367cbbffdd25c14a447984a9da7bb902e7270d |
| SHA512 | 7d656d7b5f43da20a9eaa21865b39154065cff869a7b2212ecc6c784bcf09ae31d4185dda3734a30aaf6f687897802c83ba12f9d66d4221869d8b81773a7aa0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarC6EE.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eee23e9d2fb8df73c6df3516f1f2b04 |
| SHA1 | da0438165767c818d59ab13f5120cc8ea9d8220b |
| SHA256 | ba80ef89d6141a5d585447c7617dccce02976a3cacd8f4c00395679e6ebfb660 |
| SHA512 | 6cb144bd47220bb4ad9b115de934cefef6541101bf0049a67f4a80ca896dd86fec16cc6ba59918ea451a8e7c5705ea9298f9f56689bdf0dd6eef30d2bfee76ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | dc8d0ba10c4f918b46b2858b7225fbec |
| SHA1 | 6af8d8c10809165a16f8d2523fa11ec2e9fca408 |
| SHA256 | 947ba84e23abbf455368d75770b60ad259b0d19bc848db06f8ed649f5d8199a7 |
| SHA512 | 78ad30ab2281b7576096c1b48f831c26fd1917b08d706b96c5fedefab86021fbf656f7ed0cbb6c5b90b1f32b4a27ee2521042536133b7bf3e4d095ce49befedf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d205c66e13d2fc28e73964cfc7b1d41 |
| SHA1 | d78b6850482b8ceca942853da8a9907a0ee84ab5 |
| SHA256 | 6bb60c73dea5884f3dc500fc328297a0143bc4350c89920b05226394679d1d97 |
| SHA512 | 7390f5472539110bdc273dd1f562d40a0ba1dc8446725a7bf1c9067193d3547614c7c2a2c66ad8b3bd40c350ad44a1acee004c4fa06c2cffcc5ef401eba8a7ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6d6010d5f81c88425bb86bce30101d3 |
| SHA1 | b5b6eb3a58cd1e82b4498a8d07e5511727e8175a |
| SHA256 | 7727be2d6c3fd704428c3b825cdca703af02d629cfe4912707974f0aed6710d0 |
| SHA512 | 57b3b6341b57c57d5340f084318e882a9889d945c5a2161de47f11aaa0b0893731607685775318a77aaaa179a2d7cdbc7bd73d8a2d40bf9b136fed42a9284d55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 326031127d3f4ea0512622cbcdde4b0e |
| SHA1 | 0f0868afecc11a2bf0b02a6e3204832a915403ba |
| SHA256 | ffa6f494c76196b33c99756503600d5ffd1a188639a98272e59273777d1bda35 |
| SHA512 | 543230d4a50df65398b88c6be8d035375b8c2de98bc704653dbdd98e59d4374d1d098e60284c1b5ca672dfad09ded75a02d12502fdbddefe887eaf1c2e3d1d11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e32e4007d9838a69f76804a91c20902 |
| SHA1 | fc9d3e59141ec23e3e21d23d07d96144740dcf52 |
| SHA256 | 1ed8a8030f6eae0ed07a4b557393f3aa58c90594b34e3f143a6d804899c18472 |
| SHA512 | bef8967f29ed8b36f29a0b299bcae1a507fab9f7290460123035bb863870f6ba4a9c3aa533a833560ae3aae742dbd617e690c5bad28a8fc7bb99f388497f4d9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7484c9a132b1c4a220e2448dec33c0 |
| SHA1 | 950626069c6aa306bf26e6213e1a91d4c72c7c29 |
| SHA256 | d1f90873cd26b31c879df9c8ffc453fc724643efccd63767b1aa4d9009fb8776 |
| SHA512 | 30360bf2bcad7b82c24e6e6119c07c1729cce7fe2cf50de12682de986d582d1c926b7d98ed8dbba84dffdde566734944661ab1d19ea5730d7ee62a086de37d5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a926f71039289016eddcf1a9ed16ad0a |
| SHA1 | 1633a9bafd1f31e2cb0e4c3df3738f1ee8d777e9 |
| SHA256 | b7f939e6b2a0dce4ae53ee9e0a18275ec94e76f0b34d45f90fb918a139e34030 |
| SHA512 | efe2e1a64c1ac960834ee6888e9732bbd1495d2c77cd4df3ddcec769d0764f00f99e94c4054505d372568b0cb8d3dbb655374c05e9faef9468157fa08f0c06c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20dedf321c75708b1eb2a2a61120e50d |
| SHA1 | fb01db4b926c919d35b473fe6c0efad74717399d |
| SHA256 | 23de9d5f414431036bf7f49de50a281ead27a2744c45826cd31a3ff11d0c6906 |
| SHA512 | 927e5b9d6fa8e4b1f284034926a543b13ac54ef55b372801e3a222b68d736aa12e864de26f580c5ba5498d4037d29d46e4b15ef2f3c860aa8f5fa296bb8c52f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eafe6adb0def20ceacb4c9685f7f2816 |
| SHA1 | 32086a81c3103db3265d6557d0198f41ccc25f19 |
| SHA256 | b83e49487f022e85b9844d5e6727b87e346e6e04684d7cd2bd9971fd024dc366 |
| SHA512 | 7fc5dd0f02cef644b2defc7593a81db87db68ba6e1147409e304404b245df29fecc4c212034aae87f8506b8b7e13f04a46ab7d0be42e12a1eeb5ef9d53a84b0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d7b10d59a3479640f32ee1a2fe6ff03 |
| SHA1 | 3e2276dfcb9e2b1676fae0f93b01cdd87a8b9e8d |
| SHA256 | af1e17d8444148c1ad8eea08c9a05a89206f7149fcdf288d08ef7da44efbe6e1 |
| SHA512 | fd3a943c77f7d3f9287bb1d4af11fbef4e248cb78cce4c6b4aa1d9485eeccf66bbc418a219b78a78d74f166d3d8a6a6d44acef3eef2c661e5b0ee600fd17b856 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 595b2f72a53769bfa52df6f59652df72 |
| SHA1 | efd004d09372562ad631873bab831427ab03f963 |
| SHA256 | 624c06b4f76c9ddef1cca32bdcc2bebec3762c1a73359edf2f5498eca052d29d |
| SHA512 | d77c9b3925912cb442a1a81a6b023873b5112a7c24778a73fa1fa59aaf5d29142b9a9f236e483ded3a437f0f2448fe1a3a47233dc1c964af77198a34e7583373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ff7da3a5db47928648a74e320d1fdf0 |
| SHA1 | 3b6d3e17532d7ca95a5e1a97b816e12d63203041 |
| SHA256 | 9146d05987ea731163c9c567b93ef8b4f156990d2c3400a1698f6234b8db61b7 |
| SHA512 | 0a3472f3e5c22066fa80388021000a9f03ace3049fc52ea1e45be4616457c63fbfb050b3a3c7230fb0be6883f1012326fd987e6d2faf79eaa3b142df6269c3f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75d9f955-18cd-4cd3-83dd-94fe3e7f06b0.tmp
| MD5 | df279a8d78c4089c72a45b8d433553d0 |
| SHA1 | b2684735e56f52b2f0e99d2d02a274a9912e868a |
| SHA256 | c4eee378224a2a905d7856bf456e932453c9cb6bdc4f0116450c7fdba34fb629 |
| SHA512 | 63a1451858f88687b782d28bafc0cfbc56ffc6f05f0eda0ba78e6f578ea133c8965d364364dc5e5f7b65f9b052ee00255545907fa9478bb3497f2ef457213069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 175928eebb47310f00a973d359e1eada |
| SHA1 | d09900d9e91fdfa2d264610a47633fe13e6b59a2 |
| SHA256 | e69b05e650e4ea53a75e3bdf15c1327c965a4ef6300d05ec26b731be8a275531 |
| SHA512 | 866af5911507168344b8fdcb75196cdb5d4fa27ba25db7a437a0fd9d992aeac15329f6f5428d9f073c2807a5022bfd535b548d3bec8d44b67105e4d05d281da2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6eaa6bb78f4d34d2bfb618c51b49110 |
| SHA1 | 08b8ce94c2db7ffd604ca1fd9d5ae77e005ae5aa |
| SHA256 | 4701d35f4c4a1ab61b5c334f04d8532cdb56b52a570bf1f378e44e0c1fbe0d88 |
| SHA512 | d0d9cf8d391064f382ef307ec5bcafc803e389b7363e78c49a35a05748f6e0e17f7afe8b30eb67d9e2611615bfe6e1d4c1270a8b598c481141327747f277b415 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27cb7d63bf095143c9c8be264d3cc357 |
| SHA1 | 3d3b3e0c4bc9bd7cb91d82d865cc4052c476e8f1 |
| SHA256 | 1cefac87cbc65a960b71a728147dc3d275c214932c77250882150c18baf76439 |
| SHA512 | cf54300ee552c55221eaace105c82703d7b14e8200ad671de3d5fd5a0ce9a72a1214f205e96f0d2c3e3080ce9b8f40a40e91ed23da288a2878640c3d207c0254 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29831d5f481cd97224b507fabdce3860 |
| SHA1 | 940e6d39f821af313c75a5a4e4cc7af97054a0b1 |
| SHA256 | 423da5752b297a21be100844980dd0f9fb9620a939a203f59bf472f77ddb0b56 |
| SHA512 | 46cd6d965da45281e439f57733b9b114297c7360a5c6b47481286e333a2f73ded006aa68e866404d86bf9df7b2431a9e33d96a1ff967380097f27623523334af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13d0f737436fa981e3416c7300adf745 |
| SHA1 | 7916a8f571d755657cb1cef63cf54a109b99fc20 |
| SHA256 | 071ea4a21220812be194102e40e259efa3004640826f2d7a272cf5e36c0e15a2 |
| SHA512 | 275bb88f4f349a6a475220a96d0216927d9618257189fa6dabbe97693ae5a11e9fdf759eda38dae22fc64e884b202da81dab404fa5b86b720ba80c4eefb347b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4d82c205-cb1b-4257-bc66-1e71c8fe08ba.tmp
| MD5 | cb1bbd7ebcebd8099436ed6df226fffa |
| SHA1 | 065d291b318368a4862f0c35136e1fc48ff71b0e |
| SHA256 | 4345b03ef8b6e32d79b01d5c3d561aa0dc688677eed2cb1b07338406b84124c7 |
| SHA512 | b3cd591bf6db853bc3693ac67692c9cb5f07fd82f2be43bd678f09c56fc144f15768ce10dbbc9894d055ad2c942613b590e3c988574f7a35fab837b6fa5b082b |
\Users\Admin\Downloads\winrar-x64-700.exe
| MD5 | 48deabfacb5c8e88b81c7165ed4e3b0b |
| SHA1 | de3dab0e9258f9ff3c93ab6738818c6ec399e6a4 |
| SHA256 | ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24 |
| SHA512 | d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9198a6e1d221334c698bb48a73effa53 |
| SHA1 | 6a8954a17b7145cd952b1e8573dddcb25a6983e1 |
| SHA256 | ad867bce7ad6bdaed3b7ad07d2f3f81741ee6eb886de3e832a6c6f3fa9970665 |
| SHA512 | c2d38c7c16f1bfd1cc5dfab3c03215e7dc4e3233627647e2f833410e55f6d0d58551f753aabf5839f7cddf3b09e4bb2ece15beeb19e3808bd65623badee24f2d |
\Program Files\WinRAR\Uninstall.exe
| MD5 | 0c52b3fb85bd6ec371183a4bfb0ec5ed |
| SHA1 | c756d66045e8b2603c1ad8fb3caf8d01efe48f9c |
| SHA256 | 4d24274b446a85edf45270b606b2a9f789d16ab84714e745512051bd192faad4 |
| SHA512 | 7d3aaf09ee7ee50fe542a17818797ea1b0cce9bf2d337d8bbe5fabeed7331ea774faf1e4e337c2cc2ee0dab6de261ee1f1245cea21afd15eb7298a1298613e70 |
C:\Program Files\WinRAR\WinRAR.exe
| MD5 | 5c854dcce18e265addab39558db96a02 |
| SHA1 | 151c8b4295630a71f2c1bed76326055100378b66 |
| SHA256 | ddc4f274cdec3954acefb624ed3fc7a8f8c5fed767934bb028a85db62b781fb1 |
| SHA512 | de26ef2f1bc0a910f43fbb874cf87ac1d892bcc2c220d4850970be5ebdd208f426eee5250088b8e3b57431bd9aa31ff120022e72173cc2fdaeecd894a6c03a00 |
C:\Program Files\WinRAR\WhatsNew.txt
| MD5 | 2b9e0d72411ef328313c0c703d76854c |
| SHA1 | 6f52c400fb211181985cd28330a173b74af0a685 |
| SHA256 | c13db7e2b3fb2430a10abf78efcc2a6fb0ca1dd7d18c9d7b28c09a41238d7157 |
| SHA512 | ce71a9a84ac9f4da74bda7653a150a8b950e5da95cd708de266fb33506054aafd12b35ac3d28e0569f3c298967db4a3c5581d184a3d320bed6122bea1e1cc741 |
C:\Program Files\WinRAR\Rar.txt
| MD5 | fc13e375f3144a55adfb46f342778447 |
| SHA1 | f2e716a60f6371eeba55fbcc90c3b8b7c14eb4a4 |
| SHA256 | 7511c100daa946175efc18082d1923518bf1bfc8c1a80ea0252af585fbe295b5 |
| SHA512 | 8ca4a0ecc0d55d29a8ff291afb8cdffbf4a949d0979ffe2e262465db8e8c7dc30837a4ea17c163fea1902ed0bebb5a937eafc179d25f6ce1fc747f6309181e40 |
C:\Program Files\WinRAR\WinRAR.chm
| MD5 | 9a61f439dc229638f26846c69183043a |
| SHA1 | f35c4c41272311853833b71cec963fd92637638f |
| SHA256 | 0879cdd9d81b1cb319692dde76bf3a3c16369ddc33f006ffb199ed08d57bfa18 |
| SHA512 | 0da8117c3040b7d9fcca29e424612176603880a3c1985d45d8b7ec90ef2349dc910b89aa539b69b6d35e786553194b8e510e928a5fbeaf4450d5ad5ee40f3416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9bcf7c49-3ca5-41ae-8d41-9de5ddd32756.tmp
| MD5 | 4aedef6c592656270fd9c323291b38a4 |
| SHA1 | ee4b6ba15380dc090207591c227757647207a4a3 |
| SHA256 | 380db05e3033ede21fd8094dfda033ea8b74b77069974acb1c0d33b2dde4a731 |
| SHA512 | 375c5db20e22957c24db6aaefb3761cbae905829a438734ec84b40b23cf7edad7b6c6e298fc7776a374fe0332eb218772849704827398d80ba3c7a7193be0c81 |
\Program Files\WinRAR\RarExt.dll
| MD5 | 3068ec5dc5fc098d27e2270366a7c4f6 |
| SHA1 | 2b5a5abc33aaba8b49799e835798f027114e8507 |
| SHA256 | fa913a43d99fd0af75959a176c08a6041004a511329d608510ae6ebd75c7ea8e |
| SHA512 | 46b199885da3e44fe6defb2358ce651bd166f99f42ff6ef09da19630c8380ebf43809fe08502652c70873e84f0f39ce7707028bdea0f750f5ced7893209c244d |
C:\Users\Admin\Downloads\SLite2.0.rar
| MD5 | c0530c2cd9199882b8157b7d5f5e092b |
| SHA1 | e46b9569e308fe2a5b2aa3ca47ac59c161c75bad |
| SHA256 | 52ebf41bcab3d1102f91e5aec0c80551adb5a99ee349e4c938b527ab2dc8ddbf |
| SHA512 | 3333c562112875e74f1747dc392ebb1d2f4498c9482ba58462e672b0d698161f16868394b1eb06b121b03dced2aa3bf6058e399a0b81cc1e8f5be486f3053e57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a980bb019d1e481fa1214f5a6aa3795b |
| SHA1 | 1966f5f34661054c574bed8e34132b697bf6bc01 |
| SHA256 | 8fe89d0102a8118b9d9646b16e442d1f102926a287a9886b72e0ce0af49598c6 |
| SHA512 | 26d4b316840e9de51a4975b921086d494a76a320dd570df7f4edf3a320fe94135771c51232fea66a77aee8edb77905b738f764701313a745a02e9d608a285ec4 |
memory/2980-1048-0x0000000000320000-0x0000000000321000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5cd7e689839e4bb51438de7c2b1a1524 |
| SHA1 | 3e1c1d608bcef9975dbc1a22aa9ff82d8a47e2b0 |
| SHA256 | 432209f02b78fa65f315d34dd8a1844e767f7087a5396f35a2a4527570f255f6 |
| SHA512 | 2e9f5f5aab5781d44af31dc0dde04a63daf0532118f53fec1bd5f324f76c143277e602df47efb977deacc55ee064d9a3d4eab96083d141f33c2e1f7a80df4766 |
memory/2748-1101-0x0000000004660000-0x0000000004670000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\82eba8d0-af9a-419d-bc10-c0b6a4fe7f37.tmp
| MD5 | aa250ff1ab3f8abc6c4dafd18a831394 |
| SHA1 | 62f5bc86a371eac57cfda7c5b81b052f85b83490 |
| SHA256 | 3cd3ea37449b379130f99d084085dbeea2ea1bb0de81eb741d7d5265f7695397 |
| SHA512 | 0f42e8e40ba9b6b485fe2516c3cd7ab48ec9ce442ed5749d6f593410bc0c2a624eeea595c45e3d27798796578a01820d5e1472624779e50d1acdde55dc5f1da5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0aaeff3435902caa1081d4a6f0039422 |
| SHA1 | 02c3e908ed36d5aa1ab9162d27a5885a9b682149 |
| SHA256 | b632cd66d2f382ee6bcdcb22fba9456dc340aa4ab0dc565dfed0347e415e44f8 |
| SHA512 | eec13a48c5d733ce01df1654c6fc493026eba6ee6b2d2778795138f6fee643aeed856b584cfa34ef9cb5fe0cad5ca3ad558e82e22fdf1d39c97b238535d70142 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7f9a34396e5f91ed5def30b60fd63c2f |
| SHA1 | 3e3a533f1e8fc8720e5e2959e8a0a59f29e8f24d |
| SHA256 | 28bd87469078faef82d720f820afa2499a034365fb25679cb8a56251ac6961f0 |
| SHA512 | f19614795cdc20a2c6d31d19a51fa14a591a3fe5a8f4c468af14db991f558a93531ddcde1c69f819129dd17674e19f34b546db0cbf988e376e88a8e3749be2af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5ab95087293e0762687fdabe49cbe6c |
| SHA1 | bc0996c72a34cbd680ff9755498a9b3605f194d9 |
| SHA256 | 90e634c293245071f486701d39df805eca848157e375c8f255b319351d287074 |
| SHA512 | 5462d3529526e281468f4e8dfee0cc129205d500428e65973164fdf76d08a5455618b781f4fa96a4d8e0f0e364880d42d1754c7c242fbed228b934620fd46990 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d08df21e-70b4-4291-8ca2-07cb3ab8b2df.tmp
| MD5 | cfe63fcbfe9758d35765cedfc61c0aa2 |
| SHA1 | c09802916763835495775fbb9b70d373be20e59e |
| SHA256 | 80d6dc5a02315441adb11156aca9b1d06a5c63a39d28213ffc24398b2ec7c71d |
| SHA512 | 9fa02698ee67c494f6b2fad8db7bfe39a91ef2338e1eb10bcfc14c65acfbe29202985323e03b72ae02fbb8cffb291126d212d9533554bc47801e075ee3efd133 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 359ec3cc5db57944243e9ed2f9395302 |
| SHA1 | 33a25792d900d2eb7d8ce1d369a40b5f0c3ee03a |
| SHA256 | 6f02f376c31ba04014341915d0aa775651acb5672fe44072505c765e22423487 |
| SHA512 | bc1d27c54c60ca110c3f65c7fb808500fa2e12769275f7b2ed735a6b33f5f925d26909318b49a5bad8e7d0939d6b8e7cdff46aec51836af1211d2eef28850568 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c2ecde374b13b82025fd2616767bf0b6 |
| SHA1 | a8f52f28bd643265bc52f309454e2d9fca229a1a |
| SHA256 | a4b99ad9e2d68c094c15cdbf79f8bf13e22b281c93359034714efc10bd17b80b |
| SHA512 | f6e481ef1199fd70de754bc05ba09b296b41409a4ed714c47db03105d99494567f1434d83fb42582f8b7bfdbd84b394884e78c5300c1ded7984f5e8a02a4a589 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | bacdbeb9fed88fd2ef51b3efeff0c298 |
| SHA1 | 97006c7baba625be7bb88ca65bab5f62e80f799e |
| SHA256 | 5cf3b7c59025fd79951673c9dff63483eb9c16f097de02982c678e3da009d97f |
| SHA512 | 2f5dd30d605db20b780111659b4e59fb0870b96fbc88c6875b7bb875b967c27a307d4cf20f99d7d1aaf4dc26433e816a82c96661cfb23c4cb3540af1dcc2e156 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 3cae524b099d69f0c1a81cd840464469 |
| SHA1 | 50048a4039bb433d6a08bbdf0c3accad36847f5e |
| SHA256 | aa146ea594b99debd83652e02f216f8909689f408457bed61ecc802627bd6a13 |
| SHA512 | b24563c9d19b827446c3d667f1d3a07e01635e01f68f621e6363a38065a1c46076376498eab32c33ab9035a8bc59d9340d297bc4660d7df5821753f3e012d338 |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_411\Java3BillDevices.png
| MD5 | b3c9f084b052e95aa3014e492d16bfa6 |
| SHA1 | 0e33962b2191e7b1a5d85102cdf3c74fcd1254e4 |
| SHA256 | a68ddd67f6fcb0bbf1defa0778ee543e92c1074c442197ab623f733cc6285948 |
| SHA512 | 06f51ac2962a0ec5f05ad6c90a2ba85b851d1fa2f0c079dc264fe930316cead959f68f6e34ff591b131867b482c266ac42400b06385dae712637ff0a90f902d4 |
C:\Windows\Installer\MSI5980.tmp
| MD5 | 1b5e31057ba3666cc2a5dd9117ef7758 |
| SHA1 | 96707393a6ba7841190aee876c774524263b5205 |
| SHA256 | 2ed8f2150e57bef05350211d09198275f14b492ad8cdc8ae255a955acde90eea |
| SHA512 | 2d2cf65536656b8ce4deee5508415ab4cdbb854f16c27cff3e11113b41eb751ee7a850ec6b55e595da33830b1484d2ba686c8520e5cdd262790612f2595f9e45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe536694-320e-4b2b-be70-bb94b93d4b21.tmp
| MD5 | eb96b7d24934f31007e20493114173a3 |
| SHA1 | 377c9360af154ebe5e0db9afcc24d3e72d63a2df |
| SHA256 | 93a914a982848f3b15cd8199f77260e8e35e856aea000dac66bd2e5dc57e1758 |
| SHA512 | 18be78df6c0f3887ad4d697b766e1753a73b5cf44a0a2f02423b8492125ae34d0f22adef52e833d25ccb2ca4e9aab4e98aea04d00b211604332e58678de8de1d |
memory/2012-2164-0x0000000000320000-0x0000000000321000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.url
| MD5 | 625bd85c8b8661c2d42626fc892ee663 |
| SHA1 | 86c29abb8b229f2d982df62119a23976a15996d9 |
| SHA256 | 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a |
| SHA512 | 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obtener Ayuda.url
| MD5 | 6684bd30905590fb5053b97bfce355bc |
| SHA1 | 41f6b2b3d719bc36743037ae2896c3d5674e8af7 |
| SHA256 | aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20 |
| SHA512 | 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644 |
memory/2500-2369-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2500-2382-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2500-2385-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2500-2388-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2500-2410-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2500-2418-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2180-2430-0x0000000000120000-0x0000000000121000-memory.dmp
memory/2180-2441-0x0000000000120000-0x0000000000121000-memory.dmp
memory/2180-2444-0x0000000000120000-0x0000000000121000-memory.dmp
memory/2180-2471-0x0000000000120000-0x0000000000121000-memory.dmp
C:\Config.Msi\f7a4ea1.rbs
| MD5 | 60345faec5b0e72230b28f3a3f28d4bb |
| SHA1 | a1fcb8ad39f0aef123ff27e4d3fc2a0442ed68ff |
| SHA256 | 2cef4d464433cd8bfeabf68b78a5d9d31aab9a2a3550f1905d2d55a348141451 |
| SHA512 | 45b72b1a3e3c4f2f8cb6abb77251f6e9dbf51defca79a77f77b3d6514489acfe41b216f2a3d9a3c040ceb5ab4abb96cfd5837dcee272be121aa07786847e0476 |
memory/1684-2537-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp
C:\Windows\Installer\MSI3281.tmp
| MD5 | 16cae7c3dce97c9ab1c1519383109141 |
| SHA1 | 10e29384e2df609caea7a3ce9f63724b1c248479 |
| SHA256 | 8acd0117c92da6b67baf5c1ae8a81adf47e5db4c2f58d3e197850a81a555d2c2 |
| SHA512 | 5b8b803ddabbb46a8ae5f012f3b5adbbd8eb7d7edbd324095011e385e1e94b2c5e20a28f6c0b8dd89b8789106c02d41916e70e090fbc63edd845d75c6f210e69 |
C:\Users\Admin\AppData\Local\Temp\java_install_reg.log
| MD5 | 515c45d9da4c615f7aa931fe67941121 |
| SHA1 | 71582470022487dc37cbcae8395bf9614ee8b365 |
| SHA256 | 251c6dcbaff7129aba535ab84bba4e4828f2eacee8172d6b07acb4db2714c6c9 |
| SHA512 | 587c416a401848ee7306a26c8a3100f778e71ccf1cbccdb04be9b405f85201120c2a1aac7551d6d119153d52b464eace7bf78fd4b0a81b8952700d30cb44f06f |
C:\Config.Msi\f7a4ea6.rbs
| MD5 | 5c18e54986af07e7441d7f1ac659f321 |
| SHA1 | 2f1884fc2006824012f221310b767ebe3765789a |
| SHA256 | 7e4a97b45cd811761f5660c866df61896e7f2fe7ec2de4a1e7a2c339b57b75d3 |
| SHA512 | a40caf26afd95cf94793013e77997d3e8ee94cf60e3390dad3e50b53eb7ce5afa891b78264b91bd1a0898c7ebfe82d7dd13756abd68d52a5863215e5b50ec4dd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\runtime[1]
| MD5 | 0935b5761ecd6784de439e80ba9cd9c8 |
| SHA1 | e4e563094abbb9411439e598a2cf50746bbc99ab |
| SHA256 | f68d13e9dfb62943ae7ba8c6ee8ba4453d611d6448440f4377a8dca35ab9fa3e |
| SHA512 | b1e513cb442be4ccd3666f6ea6130a77bccf79176d4d2f56366d74220fc1b041aceab56570595b209375f5d7bcfb965a15a50c600228951f4b7d572d0ad90f47 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\host[1]
| MD5 | a752a4469ac0d91dd2cb1b766ba157de |
| SHA1 | 724ae6b6d6063306cc53b6ad07be6f88eaffbab3 |
| SHA256 | 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3 |
| SHA512 | abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\l10n[1]
| MD5 | 1fd5111b757493a27e697d57b351bb56 |
| SHA1 | 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711 |
| SHA256 | 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f |
| SHA512 | 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\layout[1]
| MD5 | cc86b13a186fa96dfc6480a8024d2275 |
| SHA1 | d892a7f06dc12a0f2996cc094e0730fe14caf51a |
| SHA256 | fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058 |
| SHA512 | 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\rtutils[1]
| MD5 | c0a4cebb2c15be8262bf11de37606e07 |
| SHA1 | cafc2ccb797df31eecd3ae7abd396567de8e736d |
| SHA256 | 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1 |
| SHA512 | cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\common[1]
| MD5 | f5bb484d82e7842a602337e34d11a8f6 |
| SHA1 | 09ea1dee4b7c969771e97991c8f5826de637716f |
| SHA256 | 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a |
| SHA512 | a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\masthead_left[1]
| MD5 | b663555027df2f807752987f002e52e7 |
| SHA1 | aef83d89f9c712a1cbf6f1cd98869822b73d08a6 |
| SHA256 | 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879 |
| SHA512 | b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\masthead_fill[1]
| MD5 | 91a7b390315635f033459904671c196d |
| SHA1 | b996e96492a01e1b26eb62c17212e19f22b865f3 |
| SHA256 | 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00 |
| SHA512 | b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb |
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | 1269305f1b1c8f434632f8debedfa872 |
| SHA1 | ba83cd649f5e7d4647d9ba9d17350ca18b00ec83 |
| SHA256 | 047d40755bbdfeb6aff5a3f93e42ab9bd913c03d7d24e9a67923c735cb0b9fa9 |
| SHA512 | 70078b0411e74444565e3265cbf356ada02d1b3aad8f2118b21a25ef4dbda0d90903481bf0cea4e4486b23a9c24403c0c31a404becc01e246c04049e004d5efc |
memory/768-2722-0x0000000000220000-0x0000000000221000-memory.dmp
memory/768-2725-0x0000000000270000-0x000000000027A000-memory.dmp
memory/768-2727-0x0000000000220000-0x0000000000221000-memory.dmp
memory/768-2750-0x0000000000220000-0x0000000000221000-memory.dmp
memory/768-2756-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\30c4c693-9991-446e-adda-36711a29691e.tmp
| MD5 | c1d89a881d1a88e9546398f65ce71b7d |
| SHA1 | 960b60f86932f71fc0f455ce7712c33adb37a698 |
| SHA256 | f84db2cc7e3849d46b19e65459cb7180e453fe81dd12480e38aaf7d211eb3a71 |
| SHA512 | 66e85daa4bfcf6bd1c873e936d7849717484626238ba5a465bdf240ebcb3a638aed3a362765f9bbc9216e64071b861cc0de8086bcd995bf244579fe8414f81b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-01 23:00
Reported
2024-05-01 23:31
Platform
win10v2004-20240226-es
Max time kernel
1801s
Max time network
1806s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590781499656611" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdbe9f9758,0x7ffdbe9f9768,0x7ffdbe9f9778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6292 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=228 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 --field-trial-handle=1836,i,3186175087953454646,1339787089554470844,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.63.106:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 18.239.190.3:443 | cdn.amplitude.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 172.67.170.144:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 19.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 18.239.208.47:443 | tags.crwdcntrl.net | tcp |
| IE | 54.220.145.120:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.78.246.130:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.88.132.196:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 47.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.145.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.246.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | 196.132.88.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| US | 13.107.6.158:443 | tcp | |
| GB | 216.58.201.97:443 | tcp | |
| GB | 88.221.135.81:443 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 208.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:445 | static.mediafire.com | tcp |
| US | 104.16.113.74:445 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:139 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 3.248.140.97:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 97.140.248.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2244_DSZMBQVLOYTMPHDN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eb2340e278a7299607fc923abf42cd6c |
| SHA1 | 97616367667998ccfa97675b6a2434208c5b3bd1 |
| SHA256 | 6392ea936a1834919b9aeb965a7b10899e90ecb9e23b220488aa5ca93c85b3e9 |
| SHA512 | 2a5cf74b4e626dd4c3de5902df5d3cbe6ba681edb708d17a1ca39427bb553636876dc6195729b03aee09e3f1844924601a0a949d90384f11842fe97b36693529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bc040e15abbed3a6278f7a31453c5c3 |
| SHA1 | fcdfa9cc3c2343f4e5186900583eae7bf1c970b1 |
| SHA256 | d1940c5c39b69ddaa63cdcda0a0f06a7a9b2aafe7fac83d0894e658ea8dc2c75 |
| SHA512 | c1b3dcf58d01c47da2fa690fee20f18c4c963942cf95baf250b784c24d1cff148136b58777f2d88c35ec644c4efcfdf27853408386055542ff1139b8587ed204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 153017d68dbeadc13870f33a965ff948 |
| SHA1 | 09eb62f1ce1eb2c340e734c5b65f3dcec25de326 |
| SHA256 | 56eff2f9d0ad4d4e24d971319cb7ea882099e272d7b7d9e9615dcfc8153c6152 |
| SHA512 | 2bc7c274be1b181f269a334c118b1ad559ffe10c5acdd69090c91b9a90feaf9ff49dac0e9f64dc207fccf3f2f3397fd7f582af461b54c44cd0db4bde0a40e7b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c602f1fe0e8353ee272469da016c8979 |
| SHA1 | 2d98961abaf9df0f5e48d13c15f2bc2cfa682bd8 |
| SHA256 | f390ede0941b469bcd29fce66f07b6c48e9ef3a7088cae93a3bdf65ff3ec5f3d |
| SHA512 | 90814f842c9b5c8848d73efb4f75d58460cfe0134ac3dc9913d8d7e9ddec73ac1a18adcf976fa88bca63a557e17f6b25c745fdb35e1036e775bf135b0a027aca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0108e539f41fa1714573cb21a0e803cb |
| SHA1 | 9042c662351bb8da9a602e0b6d90fafb81fd6119 |
| SHA256 | 3ff201d3260f036e7eb12fc76e3e32cafd9688e7e6d983b68d9f8901fc4d3d7f |
| SHA512 | 5af9bd5a3a37354045756e78616d5b3bb384670f2c462023e31450d1c441d31635dc3cb34d4782665c5bd7538c3e42b82a1416f6ec78dbf457f960d3f2f11453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 001d27cbde3b4c7a42405a2514b28e12 |
| SHA1 | 97f8e5d42d29cb3638b94ce44af654ffa8dd72bb |
| SHA256 | 581022cce22097becfc31f926f4577500f1116d74d7fb32f5c298a5736bf5614 |
| SHA512 | 5557a83a97ce24866a85c09852e62556c4aceee6c7ce3b7169a23343e06f5605f8f67419463a5143b5e22df055925238ef9681cbc428ad129986e94f4109fdce |