Malware Analysis Report

2025-01-18 22:14

Sample ID 240502-bd6nbsee43
Target TLauncher-Installer-1.3.7.exe
SHA256 9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab
Tags
adware discovery persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9d95e947dbd2a170fa8900a06982f361deeb55012ed8b4087ccc9bc188c25cab

Threat Level: Likely malicious

The file TLauncher-Installer-1.3.7.exe was found to be: Likely malicious.

Malicious Activity Summary

adware discovery persistence stealer upx

Downloads MZ/PE file

Loads dropped DLL

UPX packed file

Registers COM server for autorun

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Installs/modifies Browser Helper Object

Blocklisted process makes network request

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Modifies Internet Explorer Phishing Filter

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-02 01:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 01:02

Reported

2024-05-02 01:08

Platform

win7-20240221-es

Max time kernel

269s

Max time network

271s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
N/A N/A C:\Windows\Installer\MSIF275.tmp N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0079-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0097-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0004-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0054-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0078-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSIF275.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Windows\Installer\MSIF275.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSIF275.tmp N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSIF275.tmp N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre1.8.0_51\bin\instrument.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\klist.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\javaws.policy C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_HK.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\hijrah-config-umalqura.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jdwp.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\glass.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\jfr\profile.jfc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\flavormap.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\t2k.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\flavormap.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\prism_sw.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\hijrah-config-umalqura.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jjs.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jabswitch.exe C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\gstreamer-lite.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\kcms.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\jaas_nt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\jsdt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\LICENSE C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\psfontj2d.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_pt_BR.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\glass.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\eula.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\pack200.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\ext\meta-index C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jfxmedia.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\unpack.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\logging.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\jfr.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\sunmscapi.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\java.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management-agent.jar C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\tzdb.dat C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\awt.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\management-agent.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\lib\deploy\splash.gif C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\deployJava1.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\prism_sw.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\cmm\CIEXYZ.pf C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\jsoundds.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\lib\management\management.properties C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
File created C:\Program Files\Java\jre1.8.0_51\bin\eula.dll C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f77cb7c.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cb7f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cc4f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAF0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\volsnap.PNF C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI7CA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cc4a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb7e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFDB4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb87.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICD8E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9E6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1F81.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI50E0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb79.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb7f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb7c.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb84.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f77cc4d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cb82.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cc4d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cb79.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cb82.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIF275.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f77cb87.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f77cc4a.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = f8941fd62c9cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "3" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b646e22c9cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre7\\bin" C:\Windows\Installer\MSIF275.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B436AB1-0820-11EF-B44A-CA3DB73CB573} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000fe0a16009313519a8c32eb046a104bcd5e54bb4d6a3590859cee9819a424908d000000000e800000000200002000000064c8a36599486528e14a9189b3f61130f35dd31690e9a8aa7ff11012696d125b200000002024c5d0ad03cc9077db939c9b7bbb69fc36581194068d76886d193cd983c81a40000000a5475c0647da922e95465cb544b40b2b0f88e97a14df759a78e35899b133f9b4c1368b529e36f2c47791718a099f84f72d47ea08a71c5f1d0efad2d3b791c96f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420773787" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\@%SystemRoot%\system32\dnsapi.dll,-103 = "Confianza en el servidor DNS (Sistema de nombres de dominio)" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f\63C768CF C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\@%SystemRoot%\system32\qagentrt.dll,-10 = "Autenticación de mantenimiento del sistema" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Confianza de mismo nivel" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\63C768CF C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\@%SystemRoot%\System32\fveui.dll,-843 = "Cifrado de unidad BitLocker" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\@%SystemRoot%\System32\fveui.dll,-844 = "Agente de recuperación de datos BitLocker" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F\63C768CF\LanguageList = 650073002d0045005300000065007300000065006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JNLPFile\Shell C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_16" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_41" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_40" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_32" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll" C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0015-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_15" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_21" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}\Shell\Open\Command C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0096-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC} C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_34" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSIF275.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_61" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_42" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0090-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_90" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC} C:\Windows\Installer\MSIF275.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_26" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0085-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0073-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_51\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_51\installer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2228 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 3448 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3448 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3448 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3448 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3540 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3480 wrote to memory of 3448 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 3480 wrote to memory of 3448 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 3480 wrote to memory of 3448 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe
PID 4088 wrote to memory of 2136 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 4088 wrote to memory of 2136 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 4088 wrote to memory of 2136 N/A C:\Windows\system32\msiexec.exe C:\Program Files\Java\jre1.8.0_51\installer.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 2712 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
PID 2136 wrote to memory of 1336 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 1336 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 1336 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 2916 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 2916 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 2916 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 1364 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 1364 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 1364 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3076 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3076 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3076 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3124 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3124 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3124 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3176 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3232 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3232 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3232 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3284 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3284 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3284 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
PID 2136 wrote to memory of 3324 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2136 wrote to memory of 3324 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2136 wrote to memory of 3324 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 2136 wrote to memory of 3696 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2136 wrote to memory of 3696 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 2136 wrote to memory of 3696 N/A C:\Program Files\Java\jre1.8.0_51\installer.exe C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
PID 3696 wrote to memory of 3664 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 3696 wrote to memory of 3664 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
PID 3696 wrote to memory of 3664 N/A C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3480 CREDAT:275457 /prefetch:2

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 150F6EB72403DB2286DC8E2799182942

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5CBD81A0B18531C15E2E8E5F0649460E

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b16

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ConvertExit.wma"

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\\msiexec.exe" /x {26A24AE4-039D-4CA4-87B4-2F86418051F0} /qb!

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "00000000000005B4"

C:\Windows\Installer\MSIF275.tmp

"C:\Windows\Installer\MSIF275.tmp"

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update

C:\Program Files\Java\jre1.8.0_51\installer.exe

"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

"bspatch.exe" baseimagefam8 newimage diff

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"

C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3EBB32E94D0E81F4BB2863FC1C03C505

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 java-for-minecraft.com udp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:80 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 172.67.143.19:443 java-for-minecraft.com tcp
US 8.8.8.8:53 javadl.sun.com udp
NO 104.110.22.225:443 javadl.sun.com tcp
NO 104.110.22.225:443 javadl.sun.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:443 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.sun.com udp
US 2.18.190.78:80 rps-svcs.sun.com tcp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.156:443 sjremetrics.java.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
US 8.8.8.8:53 www.java.com udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
NL 23.62.61.163:443 www.java.com tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
IE 66.235.152.156:443 sjremetrics.java.com tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp
US 104.20.37.13:443 repo.tlauncher.org tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

memory/2228-6-0x0000000003740000-0x0000000003B29000-memory.dmp

memory/2228-15-0x0000000003740000-0x0000000003B29000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

memory/772-19-0x0000000000FE0000-0x00000000013C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/772-596-0x0000000010000000-0x0000000010051000-memory.dmp

memory/772-597-0x0000000000700000-0x0000000000703000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar4208.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

memory/772-677-0x0000000010000000-0x0000000010051000-memory.dmp

memory/772-676-0x0000000000FE0000-0x00000000013C9000-memory.dmp

memory/2228-678-0x0000000003740000-0x0000000003B29000-memory.dmp

memory/772-680-0x0000000010000000-0x0000000010051000-memory.dmp

memory/772-679-0x0000000000FE0000-0x00000000013C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

memory/772-701-0x0000000000700000-0x0000000000703000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 c1fddde8d0f33b9aae08f34d2a3f5202
SHA1 3ce3d305b1ec3ee2f2d8346a67be410c59aa38c6
SHA256 9d588ed0ca63dc9475e602ce8a5a51ea527b1f4dd8c5f4376cd0fc7038cf3174
SHA512 2d33e9133ac1c857aca5dc43af45af14fdd6b46b2103fdb45865e72ccc07a198a33a87a72ef97db9ff40563b446cc22a8828403c852b3709a1a9cfbafd2edb7e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

memory/772-720-0x0000000000FE0000-0x00000000013C9000-memory.dmp

memory/772-722-0x0000000000FE0000-0x00000000013C9000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 2dae3de14a845ea813402de06b365026
SHA1 b05af4568ce7b2fcc44cff52f8bbde93b98c71b7
SHA256 3fc25f066ba624cb976d0212725ed6f8c5f036d859e30944f8235a73bc2cf3e2
SHA512 7bf62dfc2ec5dcb5c5506333aafd700a4c3522982eaa1474c069c0c43fa643c2ae0d2e31c33067f1ff54ebb0ae2137cb53b794957005b3672c3da1895f91d9ed

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 959f2ffb5f3bf8e7aa4daac8fb95bf28
SHA1 518a200b0d360ae76aa7caff799a5db2344a32ba
SHA256 3e951323e17e502de5b3d342924a576d51a05024a73657fdb8a8a9f07c0b59c8
SHA512 9b67adb6aebd97ba552933b74b3acc0210822cc64ab9876fba7e648a826b53c93d9b9e30d616c33454233d2db09c3c1a202bfb15c99932399e08f09786a2b276

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 423967f5de5e38e936f1fe20f7e65e8d
SHA1 959069f5c157c5cdee86a55c9f7c4726e350a417
SHA256 8dd76cdfd0239b409208a873c5b7e533149a6154b31c04194b36920c4dcff37b
SHA512 d6590a8e7f5c6e30563b5433eebda5d5d26868562edc2c927360cd3a13e68f30b78f9041da4d20f40ad577fb7e4c1c107c206dfcb25702833c5466c7795087fc

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 e90db569b60630c31581fb0ce2df9c55
SHA1 7f1bc71940f580c79a43e94be3d379a46039f7a2
SHA256 89214216b91f315878142066f3febe8573affdc661bac3660c10377e861fdfe9
SHA512 5a0fce78f0f9d304fdfbc41bf40d9405c45436ba67aba93cbe32b840e769e809c3dbbb73f61b434c9faa69aee8dd82d4e7c2464aa2c7baab26862fd824e3968c

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 f48058f1c26ac266bf01960e271d1dc7
SHA1 d06afaeb6e73c7f0b88b45b60fda28200e62d39b
SHA256 fc9e01e0b4d11cee2696d6d51729284d775bbce53bdb0a0f3bd376f10b145a23
SHA512 82904ba2c918506b94d4ca66a99ffabee3120005afc6be5e37a651444a66710bc5b922ccf1dd214c958f7a59da50084d14ad9d011de39c5257c0463c7540b3e0

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 930b94de5e08c4b557c3c02edd7b620a
SHA1 cf81063008dce01b122404152f51733cd58660b3
SHA256 f2c80ea8ae43ecf37f4d5b280fd60e66c83df80168753b8caafc5251752f7c3a
SHA512 531e2f3ee56e6e88cab4179457188b2ac5c31d7933415bd152afee9b4ad1e00efff69f1de5ca82b3819da24f1bd97aaf788e611620ca8511a69715ae9228c67b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 054aecf886611935c82cb961eb3ac31c
SHA1 7c79d08bd6cbaa60db2a645ebe542f670dd18fd9
SHA256 d92b458492dc534ee4d0ba3c24166164b14955c45329401885f64a2fb8e6ecb3
SHA512 0b82aceaec2a2a6528b22639d924cf1b21b5cb43f3a78026c020bed4e170398a5382951c1d043a2b976915aeca6f6f9ddfdc2a1d2ba143c7203b8eaa9f29b656

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 aa7c4594e37aebbde90b0f3589943a0b
SHA1 9134bd6346f20f5034e93b8946b0fc4eac4dff4e
SHA256 668a27b1d5d01b13b2308ae9895166b15bb17ad300adcbc7ea611fe7d5889033
SHA512 28d48538ac566a17bd9d2bb83fbb9f2b9398d506f8e58253f3043a1ea62c43da7be2ef5c7a8bd87c80a56938193afabdbdd670ea4eaa1b84f4c94a5122bca57b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG12.PNG

MD5 0f532d4d43621ffcad5410dc51cd9461
SHA1 8831da6c1081c52ab018e6f956f6a07e3008eace
SHA256 b570a49a95f9832d74db97fc6f4aaaab7e239f24f4885ed6b744e325a26b51fb
SHA512 abdc19b909aad1c2f0d5d3247a31654abbfe2bf9fe18f33de3f983eeb49c1bf87b90b6a2be515971dc656efb135df6df03017acaaa802c93720c68962c2e9120

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 852f2a89033362ca1418da6298630760
SHA1 24c45b20e2284842928b54c04e7826b1d8a1dafe
SHA256 0cfe4a342e9abf08cb0577239fa859194082ca4ce17f0d15b6087cc875f987bd
SHA512 ede225ebcd7fafcb25c34abf4a4e7a90be1df1730b987d0dc4ae571c4e7f08bfe81e3880e484c248670a2d5f0c547f6c4df80f59d8e8d9a250d9831d9e74556d

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 009ca67f6b8d8e2740c48eb54a121fce
SHA1 a633b5d0559ff57c9d1c2abf05953ed1f16315dd
SHA256 2d8b856beaec4fc2151637c6dd9134229c375568140f5e0f98d68a1d2714a4e8
SHA512 1f6184898be29e6d2fcd13e1b1ae6b0529287027aab89f30b85f9daa3968ee255a65dab3c91d13f4909c9b0bcd4273119515f508f671d2e77e96363fc4fff345

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 d403eb7fbc203d21fc399f4cef18508a
SHA1 5db578f74e412038a446ef23e067514919d25f54
SHA256 46eb5c27cca4d0fb3fcb59c71cdc8dfc8e90a5932f79118fa9bbf585f5ff0fa3
SHA512 0e0e228313d81f855781de544d867801ca2a8adc1d6c8a6819b6717db672ee181c665da01b88003b130cb36412f321b13a1fd8e50384d939a0f1439a95a92874

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 ad0f62646ec79e11f88d672609f4f796
SHA1 53bbd348d7aea9a1fbf736167dbd1df3e1f92946
SHA256 72add1e28bf7b31746d84fbb7d36119e4a7af7d0da7c682fe767d6fdc51e6a44
SHA512 39e7f06053c6e7c44042c7fded82e10212d77b0a15e8d5488be94412acf2c56825775f5d634e29b229af4171ec9e2ad2c6160d7b6ca39d0ffa4784a343470dfd

memory/772-1263-0x0000000000FE0000-0x00000000013C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG18.PNG

MD5 a63b37f13ad57ca8c6822cf31e137398
SHA1 c20d0f187f53a605afe8464fa09d662a8cbc8042
SHA256 c386b8ba6b96aadbedb01dd63b6f0e2b3e4cd4cb7def1d7ba734fc01056a0f7d
SHA512 9979d955ebb7dd504ee6cfcc158bed0cf68e7e2cf642432402cdd271ad826e9ceb312dac7c262aa920d5603405e5b1b832fa484f7e34d8657c9eb5a093eddff2

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 daf480f723b23d6cfdc9141c80c788ff
SHA1 437e589c8eb2b32e33a2b80f5d3db9607dec48d0
SHA256 03a60271f823e4cb91e8a61d72b317e0ed0c569102bf928bdb8ced75a9b4d89a
SHA512 b41642ea30721a37b5ce78f8ad920be7ea374d220f2308918b88f8555272cb37bd0696b07103bbf79e8736d5dbd24fbe0b8ba2c13f19328c3b610022ac7aa24d

memory/772-1844-0x0000000000FE0000-0x00000000013C9000-memory.dmp

memory/3448-1847-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cecee16bcc110d6265db77e4c7cd9ce4
SHA1 5139f537d351f086a27d8e4189cf222f5d80a0a1
SHA256 bb8113df6eb7250f79ec19c8e82d35e13202beb1b192823b4e4dc0d3be4c7349
SHA512 54cf37e83efdc1a9cf3b3165cd08bfa9e2e5161f4dde47a26fcfa86134a151c71c9cc51a8030a61f077ec0f45b28fa22f6fec23a9563cbe4f2c9ae6bb16f03f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f80b1748cdab4e397d2ad8f0dc77c90c
SHA1 96ba72451c873ff4075adfb49d660ce28f0c5a24
SHA256 7716a1678c49076a166e6a9ec51624ebed768eb475541eb47a8141deb8b9cd0f
SHA512 f2d18fb93270b12e7c479c012b633b93ed258137a4ba212c9b0ee5f45c4d508a511a88ab83c9dd5c3998985dbb18ef9b831506cc5d7e2bff01a8df5196f05537

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bd58b5b5a35f6cf8472b462983fc359
SHA1 ca76e90845b27c2932d5e948bc2cdbfc157cd11c
SHA256 3744b4c87592df75d0dbb62044489224afc79ded4510a62f96047f1021c038f0
SHA512 002143517412bacca0849e8d3a155b4fe624b6e468270f61d15216f18ad7b03e844266fab7e80d765c132a8369398f558c1de0a9ff03c20590f820225f21c0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a1e4c2882a5feb966bcffd8c6e6be21
SHA1 f1c00e41b98cbc241c4b0611a53856f13b17555b
SHA256 956a1c7401d9cb3fce177392188ec1e4dd501d0c571e68d476842d4b6d91f302
SHA512 cc5328795710b70a459eb4b2f42900abcbfd727ef7889afb820e01221c3fa92a142fb7cf87e4509b1043ea55bd57dc50b60e319bb4f88f25764a22b7fff45521

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f7c27de4190adc860ea959c54dbb70d
SHA1 91d7afa7a4399ccf3138d660704befc9c4231e90
SHA256 9b7bf2aa1d0c55ce99556f79f644afcf3fe280b58aa3581fc6f72fec1c63bf3a
SHA512 02fca0dcbe68a1e9a0bcc9bb349fe76fe713c3398d76e3cef609f8342fd6bb75342160a6aa945c3675da80782109760a3d6aec8da997434bbe7d19b4994dde34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87aa59c191127f3523f93e6a8634a808
SHA1 d84d111aa0f1fa7bc0fa72f15aaea822673b5083
SHA256 422cddcf6fe79af3573ac9f940c9ee430e0b330726a40ed3a58981746183db49
SHA512 f3b2ee070735c80d1c7042e7de6e2ff6e28720df69a7d22cd30af9cfef236a5204a862261595bef1b4bd489b49bf7fa0c2ce476d552763184b2c71d4c2aa7524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32c7adff267c645404cc22e9ea2a2a10
SHA1 03f0488f8b4f719f74d0838e0ec4405b0bf99c53
SHA256 841f428ae216f6f5a6709a5ae664a56250667eba4f967e1267cfb5a2aa59f089
SHA512 892b9ce258db5b4676a568137399704d4934457dcbe976b0fdbab60611c50463b93a58f8d3a5c34e5261423112c03912b921173304403ef06472f550ee84e0f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f2342dc5818119595bda31ad816cb0f
SHA1 6c28dab978b300aab1087b63ff0fcd8d7a29fc61
SHA256 bf3da861526ccd104b1b312a61fec615a42eae75f5a9c60b3c3cecc13efafbe1
SHA512 0327dbca2797b8509980a6b9899a891e3080dca8e58b286e964e2012638ebf08eda1394250e0393b1a1f8cd32eea5e42565cc061a70355039f4bb07bbbfac2d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f7904783408703e50ef47f52bb21145
SHA1 90878617d14d4040b2b94cbdd1423638b83f87ad
SHA256 36697bf5720a0e76bf4f80a460d93a35e2b42de1349970c5fc3ef7eb29e65646
SHA512 09dc2ac32d85978f37a5d8edc20d4aa77e5e5e929f1d9ee0ed30907f292dc57ad812b27f43815d05f708f9476f7765d1b556a81a2d518a44efe3cfde4f2362cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b8b9060ed4a98151b1d6c5dfb681ca9
SHA1 da8cc8019f8c6e2f3f8c21ca07d1089b30eb25d5
SHA256 eef15e770a237a05c14c1d2a3ee9ed555c2e3cf8a2ca61392f65b120c5396044
SHA512 47c1f9e6b40c5d02a23e5e67d6a31bb9e71343909ed495449bc94074a141b3dbafc0405a9f71eb7a6a669b07ace5e9a7dd005a626bdd4cf365ee591b1df9e72a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71f97e24df19ea08082639b74d387041
SHA1 971e842040315aae605f36a253707db2c1611d47
SHA256 1859c34c772d720ddfd924ab9f3966f122488563174fc892fcced58711921efc
SHA512 cc9fe3d459ede726db10aba5297494faa48b017b7430f5477f59c63b04abefd3ee14d7d83bb40910772aa66fb6b4688980adc3f39750f3a9412e283a68b3efd5

C:\Users\Admin\Downloads\jre-8u51-windows-x64.exe.7242wad.partial

MD5 b9919195f61824f980f4a088d7447a11
SHA1 447fd1f59219282ec5d2f7a179ac12cc072171c3
SHA256 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
SHA512 d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 394985016b8170dd325b83b21ed0d57d
SHA1 f53c374fdfb2bb71e94422b933852fabfdf634f3
SHA256 b6a6541caba5715ead95b09eed4f499aae4cbd0c4a2c4210db7291a71960ddfa
SHA512 3ce04598b0f59f9dab5b7d03ee53759c536f1f88511884a157043547a5ec4214863560db163c8376a32ed3d57fa5ab306846e0658d7c9c5fdd8a5058775d03d0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\51LUB8ID.txt

MD5 14cacf8edc4beec90c0ab50342874e05
SHA1 1d9646f711f7e2691202d8be86480a8c5d9e630c
SHA256 ff9616c32483d3394ade646875323939765fc265f8e586f41ea04c4bcf6c8596
SHA512 60d7215b4d0fce16af83f5d8570b2df05d2d039e7a52f7f974759e49843772dd15db5e22cec68fd6ef0049ca6cdccef0cd421c989d42a00ae0ff4bedd508b5c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d9573cec8089eae57182ca4c245a47
SHA1 3f0fb4820c0124b464f0263393dd34603c8cf633
SHA256 a9149c4998ef0842f9b9fc902564e111bb1d7b3f3221e775a2ef5ea7990f5644
SHA512 eb5003c1138b77040dcd1102abeba63a96c016d98b6a99a380f4600d4b6f10063f10fc30640b1bf12670a98e9085dbfc1661c14a2c255677e12de1e3b232b6e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 38f47263050b06dd3d8bc9ecee04d999
SHA1 a69992960f5848cb5af5a58fed3d5f523f67a501
SHA256 978badb7a19cfbd972b2c1dfe58140cd63ff05828d53662b257a45436eccc544
SHA512 34ce97a388e90c9a31fc543c6aa2b276c6205f35ec3021f1d8ffcd83651207111569dc5b522452c578862466b32782bca8d3212cd6498c03097bf803f76e08d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 709b4a1efb9e7fbf624245e0da492264
SHA1 6b1f61a54e3e68b7eef458536e6e663bcf8207ec
SHA256 4f284152e72ceba1750b434eb9255c8027b3c15eee01fa4a73fb24152e14c24c
SHA512 15037ef0e5c002576e040ec51cbf72d5241e627996077363cab8ba92c535e23a40291b22cd3fb9e68533539ae17425e94ec2e6f62b8224f995a4a24fe8b41921

C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi

MD5 1ef598379ff589e452e9fc7f93563740
SHA1 82ad65425fa627176592ed5e55c0093e685bfeef
SHA256 d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2
SHA512 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

MD5 b96b955139a67ee11ef5f2339531f686
SHA1 85b3aee5d5566fcc2f36525645634ce413471208
SHA256 f5355e797d447988064bfce3830423d0512ea3815d1d781bd5bc5fc5823d964a
SHA512 5d05a85ca0eb82739f1cf81d1866ca9cd47e1cbeabcb6025918b109e58f0573353c666636a7d05124b9126b27408138f7610f91abb784243489afde1eed2d68a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 401bfda2b9e8163ad97b4c475dc5552e
SHA1 bfc1a6fa35d6555de0c5d5b75c5975a681e6219b
SHA256 949d727c57ae65bf6fc124cac187ff3bebca9523ac789927a63c058e4a18cc75
SHA512 d8d20376333d371bf53dedbbcbdd849c7153f3bde57ed49ec7389c0ac958c24aa2f21c2e0072fca743ed12799d7029472dab8221785c36debe0f2902b8ef6482

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

MD5 ca9431dd3660a6b2ce75955eba2c888b
SHA1 73fd9563beacc5d2b58d2955c9658f5bc69f4757
SHA256 b10f00db400c8575c1a4368794ec6194ecc7acedfb53ef86a0f6ef8cfbc5f43d
SHA512 3a3eedb6db769345a588674b270067dfa4fb714a20c2a077c6377d9a5fe477dafb7df9d63d3815df6f20c3af34cf6140afd5e49dd9d9987dbe3021a893c5ed2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

MD5 cbed24fd2b55aea95367efca5ee889de
SHA1 946f48b5c344fd57113845cd483fed5fb9fa3e54
SHA256 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4
SHA512 c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

MD5 636a5e827bb5a2f7a4689a7caf6c0483
SHA1 6f98fe3288275460094c2d3cf7878d6c916c8fac
SHA256 382320f30980287265f57ec1daf4a784122ded4bfa2353ab41c2d54c04eac87b
SHA512 d3a8a8e69e62de37b21337e6b8a512c798c0b1b6d6c6d8d69e417ecacbbcf9f30f112d080ade94d937f362e6e729403f73d05fd9e2dd690e287fd13a255ccd58

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 315a0d5c352637002922f08dfde3514d
SHA1 6d0812e339d47e675566855e37c179350b03760d
SHA256 e8b818b0306017bc640310e5db0b33d799759c0d6ae958c95911adeb85d0f4cb
SHA512 c22f37cb91839334ce4de213a89a3b31a74ca0b55f76e6a1118b8aa29fa284e2038adbc25c7c82218b519b8da049a6e7e741d4f5c7c75a48509f11e0bdc0300c

C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe

MD5 2e7543a4deec9620c101771ca9b45d85
SHA1 fa33f3098c511a1192111f0b29a09064a7568029
SHA256 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1
SHA512 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d

memory/2712-2557-0x0000000000400000-0x0000000000417000-memory.dmp

C:\ProgramData\Oracle\Java\installcache_x64\diff

MD5 d417682702b140d7131851bae877f046
SHA1 aa78da727e8a62c839a9bb6f7a93b48d3a04be70
SHA256 3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8
SHA512 9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd

memory/2712-2563-0x00000000001C0000-0x00000000001D7000-memory.dmp

memory/2712-2562-0x00000000001C0000-0x00000000001D7000-memory.dmp

memory/2712-2561-0x00000000001C0000-0x00000000001D7000-memory.dmp

memory/2712-2567-0x0000000000400000-0x0000000000417000-memory.dmp

\Program Files\Java\jre1.8.0_51\bin\unpack200.exe

MD5 5b071854133d3eb6848a301a2a75c9b2
SHA1 ffa1045c55b039760aa2632a227012bb359d764f
SHA256 cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf
SHA512 f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c

C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack

MD5 5cfc3a1b269312f7a2d2f1d7c0497819
SHA1 d048284db9ce7103156f8bbce988b4d9978786b7
SHA256 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26
SHA512 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b

\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll

MD5 df3ca8d16bded6a54977b30e66864d33
SHA1 b7b9349b33230c5b80886f5c1f0a42848661c883
SHA256 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
SHA512 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack

MD5 5a83bc9b3e4a7e960fd757f3ad7cd263
SHA1 f5f308aec7e93accb5d6714c178b8bf0840fb38d
SHA256 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5
SHA512 b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c

C:\Program Files\Java\jre1.8.0_51\lib\rt.pack

MD5 f0177701b36068c9a2bb4924dd409fa5
SHA1 71e4b32c95e20dd565a6603d3de3819eb4f19d33
SHA256 93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec
SHA512 8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641

C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack

MD5 538777ddaa33641aa2c17b8f71eed307
SHA1 ac7b5fdba952ce65b5a85578f2a81b37daed0948
SHA256 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135
SHA512 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b

C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack

MD5 45288142b863dc4761b634f9de75e5e5
SHA1 9d07fca553e08c47e38dd48a9c7824e376e4ce80
SHA256 91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac
SHA512 f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8

C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack

MD5 2ad7c3462a7494b29edbe3701ebeab4c
SHA1 7358ab9b0c4771efdc0d28764b90a46aac55e865
SHA256 7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db
SHA512 8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb

C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack

MD5 168f72fd2f288a96ee9c4e845339db02
SHA1 e25b521b0ed663e2b050af2b454d571c5145904f
SHA256 5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6
SHA512 01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1

memory/3324-2831-0x0000000000230000-0x0000000000231000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe

MD5 f49218872d803801934638f44274000d
SHA1 871d70960ff7db8c6d11fad68d0a325d7fc540f1
SHA256 bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528
SHA512 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d

C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe

MD5 5ed6faed0b5fe8a02bb78c93c422f948
SHA1 823ed6c635bd7851ccef43cbe23518267327ae9a
SHA256 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5
SHA512 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92

C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll

MD5 cb63e262f0850bd8c3e282d6cd5493db
SHA1 aca74def7a2cd033f18fc938ceb2feef2de8cb8c
SHA256 b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012
SHA512 8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b

memory/3664-2911-0x00000000006C0000-0x00000000006C1000-memory.dmp

memory/3880-2915-0x0000000000470000-0x000000000047A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 bda8d67937cd0ef2816de92f4e34bd97
SHA1 b49b1a5d37246b45df79fe21fbe2bf5ff2f05e37
SHA256 731b8d97daf06736ae4fee7b61c56582374e96a5429eb35731f34f01f7a2e359
SHA512 1d352445e1a0d4ea9a0f7724d7a1b4357c45557a53f59c9e386034f8189d7940ba18566139fdb472ea9234f6f557357845025ff5166b9875536e74f9fbbeb759

memory/3880-2952-0x0000000000430000-0x0000000000431000-memory.dmp

memory/3880-2958-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2588-2962-0x00000000005F0000-0x00000000005FA000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 a19e4567658fa1f6a10dc07def14f522
SHA1 84add11c07c8e677a4aeae5fa1df5c337572db80
SHA256 777d554a78eb6e21c6c908e32748c1c6c4c7e51cffd842b27cab8f09cea3e1f3
SHA512 350e10466e81507bceef62cd21246aee6b59004caa0e33ae0b434e3a466c55bc3ea6e7ce3d3134d46c2048f65fbf87a163ac27dc804e884a6c0d217149e3e2d8

memory/2588-2999-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/2588-3005-0x00000000003C0000-0x00000000003C1000-memory.dmp

memory/2588-3006-0x00000000003C0000-0x00000000003C1000-memory.dmp

C:\Config.Msi\f77cb7d.rbs

MD5 e822a20ce26ce3f119492a12812fdcf2
SHA1 5461f5e49dd5c64b5a2ab963ea9ac517c5b6234a
SHA256 1117a97b05ee8b08ccfc21b10b0744fceb3e9c784901eb8d8325e9bd3b923c30
SHA512 e2c0ea381cf8355dc5e20337497bda8fbf6fd59a5320f919908836449d9cdc6553f865ad5fb401b6ee47bbe4f5c455713eeceecae163a8446e9f33fe0845878e

memory/1624-3051-0x0000000000330000-0x0000000000331000-memory.dmp

memory/1624-3054-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2876-3071-0x0000000001B60000-0x0000000001B61000-memory.dmp

memory/2876-3073-0x0000000001B60000-0x0000000001B61000-memory.dmp

C:\Windows\Installer\f77cb84.msi

MD5 4afca17a0a4d54c04b8c3af40fb2a775
SHA1 96934a0657f09b25640b6ad18f26af6bd928d62f
SHA256 b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8
SHA512 ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305

C:\Config.Msi\f77cb83.rbs

MD5 f44d28a9ac9dfd3b3c5a25cf7085afd3
SHA1 3735d165fb118db9b641993862a5710ad149fe74
SHA256 94e5522aaf75542247ec453b61e8843c92f4c8a96039eaeb36d948f7a251a2a3
SHA512 ebfd7cde0980e056cbba201f9ed952e71f151a38d4c791405b0c0ef237780752b0a617c9ae255acb12aa97347b1337f1a86b9fdfa3254f37058ccddf647d5513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88cbfde1b3762e4fc0cd88896a35112a
SHA1 8fd6552fbb0ec0ab7873a17345da6eb1ba3d9cdf
SHA256 78f570bac4ce32769c9095e9e06b4430d95b9412c68c0ce324d747a045247528
SHA512 78f70c297cd1fc751d5fb859d2cce656bb3918c734459146e7f129d9a26e84ba991bc623dceda9a442dd1b4010b30ef4b0b519e80ac60d79e92d5c139702095e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a8867ee514e32200a398df6d67b93f
SHA1 53dd138ab77f6b36a26e545bd78b8986532b0dfa
SHA256 0eca75d314f292a795590e88bd69e2083b5352daa6d4603639b1b441bc654518
SHA512 85f109c6f4a029bbe4b6e06b2b5b1aab376f6efd51a9d96abb8048e0471d4297ff9c70fa4318d3409b0c77805c9ba9f8640bf7aeb15a0cfd06047614d5be35f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58daf4ee2b9c3ef679ea1f1a772254ab
SHA1 b35228722bdfc6bfd61bf0df5eee4c0c8e3820a8
SHA256 d73d691e814dcb8f64d03d8712c46d4be99f56f709a7fd533d7dda5880e696fc
SHA512 7ad32e7f9b9693bdc71f6a93cb9913b04c5982c85efd82651d7ce19fb345105ba4cbe5ada4f385fccaa82c9637150f165eb911b5731e13b36655b42f28ae2844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 924b405b6a3c76b1b22df5cc6d3a7d10
SHA1 73d01c080384cc5dd6792d799ff033929fcad29f
SHA256 0b351e6d9c1f08117bbb178c565049a2aa2be251f04bd32527a84f7186e311de
SHA512 087e6de5370a287eb582e0554ef25d5e6f545a301e95e82a40bb5cf9b12b0abe2d0ec58a741053047cd1698eed1d464a19b016061f26fb7104da5786487cf065

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1afa5d87ee4c13108d18afeb11fedff3
SHA1 3c0584f8511462dadc2845feb3d48a097c71ca98
SHA256 6303213a533b86f1b51be77ff4d8bb6682b609e147fe99379bf3d345549fd086
SHA512 614d1c2d65344871f7a96bc80895e5d715fca064edc283a41ca30f0a7cf2ff0a944047b7b43748164553c009fd531324c7271d5a22c013db7dd1a7b30a25667d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bc11bf9933265430b0cb36bbe134f69e
SHA1 f622c7aedf553c2b7ebde1a049520a3d7e24e7d6
SHA256 3d2ec8cca3be5c4797189e23dd6234e78b3184f744e3808fd01e352804d4921b
SHA512 5f12889f51ff8bd075b6c7c57430c393b2fcc00bb0ceef9752ec263f81ce43e5de31962c502964f8d43a79c2713cc58e62b476c8c19576be8a2e0ac93faf6e28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d907a78b429df245e31d309c80ce0ef
SHA1 d2ba13a165ed788c8ddb6fbd8e1bbfa2425062fb
SHA256 94b3d1ff2b26ed141002db262bc035a6c5364167480fc017ff028d48e1119348
SHA512 6bfc2b626d577ad73876408be7f7f712053aa25002dbc2c115c85d20e0b3729540a8fe0386a9ca92cc2d85097eaaf379b04cce4e2fed88d1ff62ae51e072969c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba8909e1d3433c77ec7d9d1f92c95b9e
SHA1 0b2052d0e85b308c6ab1ebac615175b19ca9e2a5
SHA256 e466181558d4d8968a0e5d1b7f799810f641893a09a3f348c8e3820fe535df89
SHA512 8aacf193a77410897c0e3cb7ec40f6fffa13881f972d21ce367a0665d7bd2d7a64b9a86391e15f4b52b67260b47df6d9d0d35d59ed686c77a65d1f153676c5f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da029939ed2b48bbe7f540b740bdd2b0
SHA1 b004fa574ef6a53d2e0790eecc4708216f75397c
SHA256 e536cca54ff86ea3030127fe9dd042c71d7c5832ef7a42bd4d8b7e1f1f98f04f
SHA512 654028cdd2107c8d0b2c3f34023e09c763617660633a468137e9059c08b052b713bb6a9d438207fd0b9e87ab7a5c61b4442df58089276e344a1596e474c6643e

memory/1544-3604-0x000007FEF6A00000-0x000007FEF6A34000-memory.dmp

memory/1544-3603-0x000000013F970000-0x000000013FA68000-memory.dmp

memory/1544-3605-0x000007FEF5B40000-0x000007FEF5DF4000-memory.dmp

memory/1544-3606-0x000007FEF46E0000-0x000007FEF578B000-memory.dmp

C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF

MD5 5e961b1e105c3b3e61e882a553bf5355
SHA1 a5410576b80da1982c64fd9bb81b85f6bc7cd12d
SHA256 1b68210cf77bbf95273c182120e0e38bc6750b361a5c2725319afb753dcfc0d1
SHA512 943d43bb77968c9d1df98076ec4a344c01596b2ae7771ce37dd10389ff96eadca91412106f404da5b54fb345d6e0e845259c8cec4537ff4d23c46a5a4e8d756a

memory/4052-3725-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2608-3731-0x0000000000370000-0x000000000037A000-memory.dmp

memory/2608-3730-0x0000000000370000-0x000000000037A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 ae8c984c57d74d88cae2943197b76697
SHA1 04a4cb0c99f0c570e6c898394febd8a8732aac91
SHA256 7f0f26d8c6ed54fc7cfc121d47ae484399b793d7e7ee6eb7b82f0b6c7b3d370f
SHA512 67e29b68fb922275d03be31289cb3d03bd285435d2d9f9408051e3e2ecb2438b23c5b83f1c7ee081b66d91b5acb1cfec6dbd3bf5c64c2e3f8cf70e6a87e67f53

memory/2608-3766-0x0000000000330000-0x0000000000331000-memory.dmp

memory/2608-3772-0x0000000000330000-0x0000000000331000-memory.dmp

C:\Config.Msi\f77cb88.rbs

MD5 9bcec2051d0872dbea5d3f55079c5e4f
SHA1 394336864e9d4a49b391cfe56a4255dcb02f0b83
SHA256 a6a213950cd2dccb445a9953e4fabf87ae38ea2fb446bf13c331048090f6b5a1
SHA512 6deeec96edf472036df24c80be235afa28e4a3915eca70e1f2f434f865b351850fc368def4c4818fbc8a3093c665a53637bee31d7eb0a830d6c10bb1e833e9ef

memory/2260-3927-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2260-3929-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2260-3928-0x0000000000230000-0x0000000000247000-memory.dmp

memory/2260-3932-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files\Java\jre1.8.0_51\bin\WindowsAccessBridge-64.dll

MD5 51e8850c0ea1bf609100b1f37a4e680b
SHA1 756ab35b823e3b403a0757a7d13fb937ef51bf6b
SHA256 69cd12bc4ec5bd7f0e506542b5d47f503f91f2236adbd39e6e191445060cf1e1
SHA512 1194f41b36409727c78f9199f8fdb3ccb6a9029051870622dc733e682cdb680418ded66c318f79438ccde7b266e6bb9f2275f93b838ddc3731491d13c9d0a07c

C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\invalid32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\Program Files\Java\jre1.8.0_51\bin\java.dll

MD5 31401e170ddd8437635c4c8571a80341
SHA1 b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7
SHA256 3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533
SHA512 fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe

MD5 7b23b0aab68e65b93bb6477f05999574
SHA1 920752e4c22e1165e6df27f69599483187edfbb3
SHA256 32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a
SHA512 e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll

MD5 dde10ec36be410229d7af47a2bcecdf9
SHA1 ef377955905bd228548a02e55ba65800271ab059
SHA256 240e962a459979f4c67020f9f6c21492dde53ef03fc79f150a02e2bed3146986
SHA512 a585cb3ba177549fcbf477a28328b0f34db9c0909a56e24b5ffc491fbd0a97871bb495b10decb117239f7fda4eada210f6e92dfc9e3c57f19c2cf8ff67703e5d

C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll

MD5 0b684e3038a662dae061211a4d87e15a
SHA1 be7762879cfffa6089cd779fda14171660cd0493
SHA256 c37efb9fe3fb0ed305ca80d2c8a29f63410d2734a5d636370ea44d5a06f4831c
SHA512 92bf56934370a681ada844677b358b700b697e7703900d1f4b31d9b4386f0cc796872265e936f8996447123e767b3180d0143e2d6ab87360ab3d8e2a67edc607

C:\Program Files\Java\jre1.8.0_51\bin\jp2iexp.dll

MD5 c5767eae1e5fabaf111456b92969487c
SHA1 7bce3ac298f3a0fb3965fab8efc46c7aef572465
SHA256 db84ba217329dc2131b4082e6b589f29c099a116f7bff49db27ca22aa529cb9e
SHA512 b54d5a59cc09cbeae9326afe08734fc5f612c9ac1c3caccd0d2f542c9c49c796db2a12c911e61896714dafb8cf28fbe41f5c9baf551f534335de7a77729fb83e

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 d4abcf8dffbc73f85a1b67a64915b4e0
SHA1 88284d3c3d2d8828aa0119fbbd267013d831353b
SHA256 9a5ff1c08e38d680321cc014e7c1e741b1e159ac9677c91a8e1f4713fbed1413
SHA512 0d6287e4af46801556fe641bfacde3be4869d1f870053ad4a8b6544bf06cc59117b63f95649ea9e7b3b6a567db8e1b2234158853fbebfccbf86bf8ac74385f1e

memory/2484-4273-0x0000000000430000-0x0000000000431000-memory.dmp

memory/1676-4277-0x0000000000400000-0x0000000000417000-memory.dmp

memory/1096-4287-0x0000000000440000-0x0000000000441000-memory.dmp

memory/2484-4297-0x0000000000430000-0x0000000000431000-memory.dmp

memory/1096-4319-0x00000000021B0000-0x00000000021BA000-memory.dmp

memory/1096-4318-0x00000000021B0000-0x00000000021BA000-memory.dmp

memory/848-4317-0x0000000000380000-0x000000000038A000-memory.dmp

memory/848-4316-0x0000000000380000-0x000000000038A000-memory.dmp

memory/1096-4314-0x0000000000440000-0x0000000000441000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 77bc2529938ca48a0baab7d9f4248953
SHA1 cd3c90c8b1c4c7704d2cdc529c14f47e6b13e92f
SHA256 0d1c9f1359b4d6f6c24c3e88e941ccfbff05548e16533544b35541bc7e2f4c43
SHA512 28fb339e56085d13778a40a80c02f0aaad56f784a83c48269dca8452c5a0fbb6d5e8ae8d2992c9039223e88e651d89d199a1fd2a5e7d881ac2442c46e24bf4b0

memory/1096-4368-0x0000000000440000-0x0000000000441000-memory.dmp

memory/848-4386-0x0000000000130000-0x0000000000131000-memory.dmp

memory/1096-4414-0x0000000000440000-0x0000000000441000-memory.dmp

memory/1096-4421-0x0000000000440000-0x0000000000441000-memory.dmp

memory/848-4430-0x0000000000130000-0x0000000000131000-memory.dmp

memory/1096-4450-0x0000000000440000-0x0000000000441000-memory.dmp

memory/1096-4453-0x0000000000440000-0x0000000000441000-memory.dmp

memory/1096-4454-0x0000000000440000-0x0000000000441000-memory.dmp

C:\Config.Msi\f77cc4e.rbs

MD5 5f729f8d69e46687327a154fcaa0021f
SHA1 b9770fb271a93bf6d6aedb3ae5a6ba0c843d4eb0
SHA256 fd1fc409bbefee0f3d60502df3551c42d0d0a0a43e529dd99aa25e12d2f9e764
SHA512 2b9c0d987d98497ae30064bdbf309953473c8ca4b1112f9da5c2639cc5f97a58d314d4b818a70c8ac7e1e65ee3d0403af7a67788eca6475f089544b7a28b242c

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 91db38ec63d5ba27c2d84d1ce4f5950f
SHA1 0f981c54c5dc136c271387b919d0da1c043484d0
SHA256 4a21a1eada9a254e366a32670c65ae5e1fa9b12ac72b1be4e55be54347a1f38e
SHA512 299ea4bbf286e7f4d1eac2b9ed5e06d0deb25a79d3d8effd8524154b576c16b14074e6d6d4c8225cd633e2cccc74547a3ebeff1ced03e99b6879cba08e330356

memory/3612-4497-0x00000000002C0000-0x00000000002C1000-memory.dmp

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.921\dependencies.json

MD5 dd4d9eb42e26f86cdb8f58ac1401e217
SHA1 24fd4a27ca650aae032ad1ecc15f1b7560803822
SHA256 22127b008d98bf65a5fe9f846641eae124975eeb91b0af0285be977037c41993
SHA512 5df828b723041e41db19a58a20c8446a791a1dc07d3669b080c4d128b229dd8fa5b43f83f445ade20545339bc402372d7924861acdfecea1e609dbe7545fda1e

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.921\resources.json

MD5 d892039e33a914bdd174cbfdfd0e7331
SHA1 42754a8f3d087d09999d8b89ce6ea4eab522f1f9
SHA256 5acb848f36f188765ef517f67d90fda54892af1d5db3612ba8ed5d3802e2fbb6
SHA512 f21dd600db9140adc394b749485102a89723a7696101cf19ca6e365f2be9d3a7b0ad54a335985065165c07122415afb9a85170cc1144b8acf237f07538865511

C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

MD5 f13978be4b36aa150e81806edba84b86
SHA1 385a25fb53c1511cc613a1b20da79ba71f8d62b8
SHA256 bed73f8b873db3f0c5b8894cc8afe694eb1f6ca4519bea571f2dd834a1f2d470
SHA512 1b78931fb76e1a293d8e45a6c1ec6eca3d2f489f11561957c9b010eae8d086084d9734047b92fe5256b8e53850ea744f7ba19d6922f54d8a40afe9ddc318517e

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

memory/1096-4822-0x00000000021B0000-0x00000000021BA000-memory.dmp

memory/1096-4821-0x00000000021B0000-0x00000000021BA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-02 01:02

Reported

2024-05-02 01:06

Platform

win10v2004-20240419-es

Max time kernel

141s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.3.7.exe" "__IRCT:3" "__IRTSS:24078146" "__IRSID:S-1-5-21-3411335054-1982420046-2118495756-1000"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 13.36.20.104.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 a14411ca54ffb3b223c21c63a784409b
SHA1 33050df5397e5a44169cf0cd702d776269233f36
SHA256 1c830be41a2d969da6e8e889a1ae23fc41594d5323520e5a39de7f2c32c5dc5b
SHA512 0bc34e8d826e3e026068c52c41eb4617e9bff553c675ff45c525ac4210b6cf878267fdfb4b6796d4de4dad2e8145eb3dd98220ee01957bd3e839e9f8a8d4bba7

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 c333af59fa9f0b12d1cd9f6bba111e3a
SHA1 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0
SHA256 fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34
SHA512 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

memory/4788-12-0x0000000000FF0000-0x00000000013D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

memory/4788-598-0x0000000003520000-0x0000000003523000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/4788-591-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

memory/4788-614-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4788-613-0x0000000000FF0000-0x00000000013D9000-memory.dmp

memory/4788-638-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4788-640-0x0000000010000000-0x0000000010051000-memory.dmp