Analysis Overview
SHA256
8f657e915ef6ab8f9f0ecb653f2b79b19a6e68bb14d997b4b8c6e005c3923453
Threat Level: Likely malicious
The file TLauncher-Installer-1.4.2.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
UPX packed file
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Enumerates connected drives
Adds Run key to start application
Checks installed software on the system
Installs/modifies Browser Helper Object
Drops file in System32 directory
Resource Forking
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Launchctl
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy WMI provider
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies registry class
Modifies Internet Explorer Phishing Filter
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:20
Reported
2024-06-02 23:24
Platform
win7-20240221-en
Max time kernel
210s
Max time network
214s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0038-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0034-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0093-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0095-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0087-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\keytool.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.password.template | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\psfont.properties.ja | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\rt.jar | C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\deploy.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\instrument.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\kcms.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\lcms.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_HK.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\kinit.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\plugin2\msvcr100.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\jvm.hprof.txt | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jpeg.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_sv.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\JAWTAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\sunjce_provider.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\management\jmxremote.access | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\trusted.libraries | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\mlib_image.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.bfc | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\cmm\GRAY.pf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_CN.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\hijrah-config-umalqura.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\javacpl.cpl | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\content-types.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\dnsns.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\blacklist | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\server\classes.jsa | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\tzmappings | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\awt.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\eula.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\rmid.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\servertool.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\sunpkcs11.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\rmiregistry.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\dt_shmem.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\prism_sw.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\dcpr.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\US_export_policy.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar | C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\images\cursors\cursors.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\wsdetect.dll | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar | C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\bin\java-rmi.exe | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\meta-index | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\fontconfig.properties.src | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\deploy\messages_zh_TW.properties | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\ext\cldrdata.jar | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_51\lib\security\blacklisted.certs | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f77ee07.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77ee0c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77ee0d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAB06.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77ee10.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEF50.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2292.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77ee0d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77ee12.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIABC4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77ee07.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77ee0a.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAAB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f77ee10.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f77ee0a.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c046e4b243b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06d46c343b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f45d02a7b2b6b747bf0b25aea4013ce7000000000200000000001066000000010000200000009bbd4acbf7c4ce85a00eae9efe8c2e3575e7979b4073b4452402662b1324b608000000000e8000000002000020000000ea9e44832634c945609363d57517e5f6f60ed87bbbb5560765b9767be5494d26200000002e13d5f56d2ce3ba338ada3a37299bf1c846634b2936db79c836d6b30112259b400000003fffc767a465e37dc461431b47154ca25ec10b793a0162d4dfdd53eead718510afeac9c5082d84d64e1ec83ec6d7851353216494074dde53bf32fe4e5670f906 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAD1EEC1-2136-11EF-805C-EAAAC4CFEF2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f45d02a7b2b6b747bf0b25aea4013ce70000000002000000000010660000000100002000000020185c87e68197000c667afc8325ddfcd66354bc749757df19928e9df1a90cff000000000e8000000002000020000000423ae2b0c879bfd60cde9dc042c2c41d536599f807ef20ce429e79c149f99d3c90000000c15003209f3f5084767304165d72f557581fb9083aec110e2e89830c5dbf058f93ca4b5a562eaf0c2e16d0f7d3b1890ba58afddb68ae4285aa0f7863845803bca51141ab67eab5a51fa35481e8755a49d5020cf65b1d388eb82a0418c150194d523cc8c2abe36b1a58adfc97bad8fdb75135ed93b9d80ca402ef1f0cc049f08d810fb3734141f62d1e55925e9d31bdaa40000000743ad830a5c579ca01b357cd06124858f35cc62f0a647f38622cfa0488cb31eadab487299a0c85502cc5b45381bbf65ecb66e5d29544c0f8b27c82ac82ff648c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_51\\bin" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0034-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0088-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0030-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_53" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0098-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0044-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0081-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_24" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0097-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_32" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0096-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0076-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_45" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_08" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_24" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_21" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0034-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0037-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0042-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0099-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_51\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_51\installer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.2.exe" "__IRCT:3" "__IRTSS:23398040" "__IRSID:S-1-5-21-3452737119-3959686427-228443150-1000"
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3492 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\jre-8u51-windows-x64.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\jre-8u51-windows-x64.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Java\jre1.8.0_51\installer.exe
"C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" REPAIRMODE=0
C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_51" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF81MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNTFcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A312A029270EA4E48C32A176DB8670C7
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe" /c del "C:\Program Files\Java\jre1.8.0_51\installer.exe"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
-cp "C:\Program Files\Java\jre1.8.0_51\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
C:\Windows\system32\msiexec.exe
"C:\Windows\system32\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi" ALLUSERS=1 /qn
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1AF5385E205931C1C05DDCCE18244EDF
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -r jre 1.8.0_51-b16
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.36.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | java-for-minecraft.com | udp |
| US | 104.21.71.37:80 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:80 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 104.21.71.37:443 | java-for-minecraft.com | tcp |
| US | 8.8.8.8:53 | javadl.sun.com | udp |
| GB | 104.103.251.196:443 | javadl.sun.com | tcp |
| GB | 104.103.251.196:443 | javadl.sun.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl.oracle.com | tcp |
| GB | 104.103.251.196:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| GB | 2.21.188.103:443 | sdlc-esd.oracle.com | tcp |
| GB | 2.21.188.103:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.sun.com | udp |
| BE | 23.14.90.97:80 | rps-svcs.sun.com | tcp |
| GB | 104.103.251.196:80 | javadl-esd-secure.oracle.com | tcp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.156:443 | sjremetrics.java.com | tcp |
| US | 8.8.8.8:53 | repo.tlauncher.org | udp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 8.8.8.8:53 | repo.fastrepo.org | udp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| FI | 135.181.139.36:443 | repo.fastrepo.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
| US | 104.20.37.13:443 | repo.tlauncher.org | tcp |
Files
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | cd0ba34e6182159d0c7a70c40fa0bf6e |
| SHA1 | a20c20dee4b7ecd1e2c1f6b025e2766b583e2c38 |
| SHA256 | fe88a318681b47a1e9aad79cd8b42fed323555fed23a04633b1bd16921380d86 |
| SHA512 | 2c540e510bd22fd70dc6393599b13aa1cd820b8434692b4fb2cdc60c08f4c03e4a4d0357e75672d4c08573d15ba3d1e62692756c30be00226225b5bec0efd79e |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | c333af59fa9f0b12d1cd9f6bba111e3a |
| SHA1 | 66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0 |
| SHA256 | fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34 |
| SHA512 | 2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4 |
memory/2280-18-0x0000000003210000-0x00000000035F9000-memory.dmp
memory/2280-20-0x0000000003210000-0x00000000035F9000-memory.dmp
memory/1636-19-0x0000000000B20000-0x0000000000F09000-memory.dmp
memory/2280-16-0x0000000003210000-0x00000000035F9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
memory/1636-583-0x0000000000560000-0x0000000000563000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | dabd469bae99f6f2ada08cd2dd3139c3 |
| SHA1 | 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b |
| SHA256 | 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606 |
| SHA512 | 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915 |
memory/1636-582-0x0000000010000000-0x0000000010051000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1D39.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 2885c4a1dc2bc52ea298b8d9c7e1bfbb |
| SHA1 | 964bff819cbfd38692900403460c67b9d0dae8b0 |
| SHA256 | 4007ca82da52600902ad2e269445e0ae15701187d111ba7f59546c7dfe1fc3dc |
| SHA512 | e0480ece21136a29a727fe99001fae8a9009a4ce92bb1a48644cf20dfc57fe70cb685b6427a6582f85ac2ffee93d85fe91c7cb1bc5b8e2121f3cb38907da2e50 |
memory/1636-662-0x0000000000B20000-0x0000000000F09000-memory.dmp
memory/1636-663-0x0000000010000000-0x0000000010051000-memory.dmp
memory/2280-664-0x0000000003210000-0x00000000035F9000-memory.dmp
memory/1636-666-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1636-667-0x0000000000560000-0x0000000000563000-memory.dmp
memory/1636-668-0x0000000000B20000-0x0000000000F09000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP
| MD5 | f35117734829b05cfceaa7e39b2b61fb |
| SHA1 | 342ae5f530dce669fedaca053bd15b47e755adc2 |
| SHA256 | 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3 |
| SHA512 | 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP
| MD5 | f5d6a81635291e408332cc01c565068f |
| SHA1 | 72fa5c8111e95cc7c5e97a09d1376f0619be111b |
| SHA256 | 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26 |
| SHA512 | 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP
| MD5 | 3adf5e8387c828f62f12d2dd59349d63 |
| SHA1 | bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a |
| SHA256 | 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0 |
| SHA512 | e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | 833512c89f1ab92c80131d415f89f442 |
| SHA1 | dd9953ddcc33278bb97502ffdc6e7462e8005680 |
| SHA256 | 717f80429e16e7c467a8472dfb0404e22fdf2d67ecd94018b6536dc9d995bff6 |
| SHA512 | f23201251ea19b6122f60a788a027bd59aca1233b17b265709a51a2babc1eea1394a4400eadcc6792bb5f9843d73a95660f60f487779cbfc05766f53fa3ef3d1 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG
| MD5 | cecc7c02d44d9c449121a542bb0fb36c |
| SHA1 | 6984cb702147fa42d975f101b286d802c66148f9 |
| SHA256 | a64ddc02113b74aedc3e77837b5045b178e82978e68e9be9d04425eefc6fc690 |
| SHA512 | e4a5bf35cbfe71789cee597df48268679b76093ac3dfa22cdc71015e734f6f68027e5efa489e6d010ec3b67f0eb56508cee949905e6a2d48c438b02d19edcd79 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | b196ede7761b55fd40b2167723f489b8 |
| SHA1 | c6fb9ec2a28bb6cb0c052d05018e9c81205244c9 |
| SHA256 | 987b0a991162db5aa6d7560abd18474818e0639aed080643132c42b701fd1d8d |
| SHA512 | 661f91be3e77679cda55a63ab50636b2b68256e08bb4ed511e646bbf6835f85c3959388632843a1062677b5e405c1d76a09890086feb3d23f52cd72885763497 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG
| MD5 | cee48467f5141425823298a0726aa52a |
| SHA1 | 8af5b57d4163514bdf1f1548ba612f227539b532 |
| SHA256 | d8aba6d89980c78a3554511653a7147210f544dabc457011a45957be596a7b72 |
| SHA512 | 48c7ec8ba3087e06a38d66d2c3548c37ff02efe508a6303d3361de38c1d27ec8f8b17aa07eccb9e2c7ea10478d548c8049a3a50f13dffb0a006eded034e9fff9 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG
| MD5 | b3900ec4c610092ddcecd3fe8d14a529 |
| SHA1 | f3c0713b0fa185bc2acd774ea4b6a7a568b20f2a |
| SHA256 | d077af4a50d041a710c2362e29da0dcc4eae5c90cc7aa3f058a2cbed28f1c5a4 |
| SHA512 | 5dbcab9c44fced17af4a1dcd713c81c079689e53a979501e2a0714494f553305d03bf52270b533828a71a9ad2c0c722f87a64a91c3b0e7cc4484774b4b54daf1 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG14.PNG
| MD5 | b5fb5788225a22d2235f27b5f4f0a275 |
| SHA1 | 0820031da047efec3105b7f52c4254170102700f |
| SHA256 | 58f73ecf94e61492320c1cbaeed3b989fb60131d1441320cab502768c67a58c3 |
| SHA512 | 1cdda78535038b51ef264acfcfc299bfa3521f69ad6d86b4451c0a3e311c882fd442094e99a213304670f0b4c50aada99b3559c4b55422261cc6b37b431955f3 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 7485ba0021020f5e01c5f5d1dc46a259 |
| SHA1 | 374e07adb890b335d4847bd9b9d355fa049e47d0 |
| SHA256 | 66cc78022a6aef9a56a2d19fd9d80a93c7b2dc3fb1b939d765e001085dd04051 |
| SHA512 | db41e162066552222fbab87eebe1e6a821aab52fa770973af85ff6db2fa6e916abd74413b19f52baef2768e6a30a74b0868ab32eb1446778e27c626142762e20 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 28d1e2ae273aac31a1a7a75c7b82e49c |
| SHA1 | 3e811172958b35ffcdbb9ea3d87ff8d9cf591332 |
| SHA256 | 2a09d6b6c635d2a05f1371cbb1dc2a549a527de7366dcb5da0aa89e34959430b |
| SHA512 | ddf8fba19a68deceee29f9f37878ac1a9381fbfc27c593a0bb3d70fb3fc539468fe7fa6ef5deeb3f7c0f2b44005623e0ac9d5059695af23ec640c21448c6ecdd |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG
| MD5 | b66b94a905366bf25b5163fe5925e0d9 |
| SHA1 | b0e91b1797a1f9455d111e9d8dd5bd4aa72e935a |
| SHA256 | 0ced93717234ba2914c3a3b5c2dae4a7c4c52fd5393415e7c1482e4cb4ccf7f8 |
| SHA512 | 2fc07db7c8791eb2c0eb67eb50b472f61fc180a281159f9a68d3e49391d89545726ef0a481d0efa8267eee64ee6514835a81a09bb537e62889612baa95a5bedb |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG
| MD5 | 9d0f62b656198cc2751cab6bf2a36a46 |
| SHA1 | 616dbed062f7ef1be165cb167ea5788867a34923 |
| SHA256 | d1ec7db451e7e25d970fd62b22a7779a3f59eb3978a0081120d069ffbdb14295 |
| SHA512 | 2591c988f685b9140a7fada6320f3ef5763ecce62cc47bf0f9bba6885b1714e136bb552672d9656efd19a08ea891e1686270fe56289598c6093dc8483a5f7636 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG16.PNG
| MD5 | faefac14b9ba4ba2f2571fb164539f77 |
| SHA1 | 9dd91143d4a95e52f9c380e3c3ce23c9180eaa15 |
| SHA256 | 6509bb99d5392d840700e08452366518bc5ed578ee36b964adbee69f37048b2d |
| SHA512 | f9851d8f801fc78739ab038375401582a7d8554df0efa05bd397127a0e431520c6715c5ebe65cc012306aa542128484f387473d200f58b0065581403721c9e24 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG18.PNG
| MD5 | e802a83fd63eefd5b70eb246f075639b |
| SHA1 | 5d201c7d3172ceafa318151acf499270f33db060 |
| SHA256 | 50c8dccb06fe1332b471400c9d5d1bfcb47df1833077ada7e54e0018a82deee5 |
| SHA512 | 7febb82664b9b160f5b00d978bb97d2f993a7d40a70696a40ffc472fdea23a636f5faaee6a67fd74c55d7c17b685e38e7f6d14be88f9f260d6520f17af06f09b |
memory/1636-1188-0x0000000000B20000-0x0000000000F09000-memory.dmp
memory/1636-1743-0x0000000000B20000-0x0000000000F09000-memory.dmp
memory/3464-1746-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5ba217c9f076a7a06b8c849b3bb5630 |
| SHA1 | d9db8026acae025ad24232a0ef385450b2e3e58b |
| SHA256 | a12bc63adc6de882fcdda29e2ad98907edb3f138abd6bc812ef3457fcf4e1d4b |
| SHA512 | e3eeadbd061017e7648547dbd9d5fb4610519dc229f17646f2b224b746d66bb624c446830edb08b20f3b46328a60998022ee980095c7aca80d100f1fce04d1cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc6d0e6042abc4affbafa92bb59e83e9 |
| SHA1 | 334a9b8918aebc1740908a9dfc19ab38d558b017 |
| SHA256 | 552ce8936cc79f52837c54885418733f271b9101246a5023feebd349623ac859 |
| SHA512 | f5f467e027c471dc06ef1b6a7c307959bdcd0ce36cf233739321eea4f764d0f7746fd74277d2c0dd6de1a165e397565d40b6b3c6fa82ee9ded20a7d86a926088 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efb8053536670ba0ecf2ee9223178d24 |
| SHA1 | 229bf4dfe011c86ea2b447ddf903d9d9d9930be9 |
| SHA256 | 7c182e78a2faba5d9e1b7a47d14e377b92a244dd613e2818105544c9f6335a4a |
| SHA512 | d7efe6c1e01c28c860dbcd727eb237d7265ab4265386f9d702edd90e9cbbbcb482a5aa560274445fc52faa0846c62405f213def875f9e88429829dbbbadf3b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b68d7536ba2b464a85f789383ac1b63a |
| SHA1 | 0b7e48911d1f5cc6ee9581129f632d01a7d49037 |
| SHA256 | 19875eee6a66f8a3d75b8476ec36bc8670b10e6835b2a984eb799497de1334b0 |
| SHA512 | ef26d398927eb10d006b0f80a8d45d7025b7a7887513f8adc040052b017053ef11e87200d2d06b24a97f893d22165fd0bd7799dd9bc2151a1cd9849c34adeb4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 111393987a11fb0be032ce555f0def39 |
| SHA1 | 360e53c9d60e06ac4bcc2b4cfa046742f957ec4f |
| SHA256 | 86f79b26dbf91dffc33e3dcad3cc2cbcee61bf3d243ef4c450074717d05481d5 |
| SHA512 | ede0863800da53b9a9aa68e79346b0ec187500249bcbc882c0273a2006002af170a1438628460b267eae4185ac5fc257aeed07d3e894bfcd5e217cb58cf5fb5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41fcafece564f4d30e17d6e8dbbde135 |
| SHA1 | 47927a53e00fd66640e40ec3259f724da7a7da89 |
| SHA256 | 621ed6bc1f0705eebf10c5c20de667c6571b04c59cb3ce971fc6e41e9c5ac84b |
| SHA512 | 867aa1c301d8f88a5f108ce4322dd9582298120249c873dcc631d90498efe302789cdfa1cb1947c85601027e248f1feee730bbf8548b7839b0a62336808f2865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 303e755066fcaa27232fad4b26d8231c |
| SHA1 | db10de30cb3edf000c6321f831569a655a0c8173 |
| SHA256 | 7a12e8c371ed29c0779ee4ea8cd7330939d91950cdaf394cb0c0498b69be79fa |
| SHA512 | 62248215cd1899ef40ce478eba36a7ccea8b65ad077aeb91a53994eca27ef44ee08b788f8397c34837a0f5b12a996fc03fbb3838867ed2953106bed56c8ddb53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62c7de04e9173142b30f3c5942d4ee0f |
| SHA1 | eaf64485e0dfa6d1408820418a127f540693922a |
| SHA256 | 460ce349fe242bda86c449dca286e7af578697217dda1e3246b0fc66a0851758 |
| SHA512 | 151a39a81006143c4c682f9314b7e12fbebcbd2e6b599a488c175ac6cbc19a95f1d8b60ad026c7392678b90f2fd1c9836626a63df81d39c62f9f4e129ea47f51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b19628c95dde153bd054529661147fbb |
| SHA1 | afe774c3c4c69aa0716635c44d3296d87ceedcd7 |
| SHA256 | d56641352d474556e17e8952086f489efd2bb1d5c2788610f4accbc053c5636a |
| SHA512 | af5858da006901bb094116406354c9795b47a31b9bae9f991e653dd5717d21c68c561413d2aac9617f18512a8a2d927ed239a14d2e7274f91520c74cbb1eeb49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abf668be7f2c7086919a0f74572c3067 |
| SHA1 | 6eedba81944885418a0c2d7b8df27e363ac9bf42 |
| SHA256 | 74ad240bb5f0ba2adc6324712e04f702e16d7053f47938dc25b6e688cc23079e |
| SHA512 | f072155b4d2045f4b40573399d365f63b475e373886fd11da8d02bf8f4d9efe58b2fa3d0d98b67e4a1c85719ca4f29de7a1d84ca6d594845b4b8e84642be6c07 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\jre-8u51-windows-x64.exe.uzq3jdy.partial
| MD5 | b9919195f61824f980f4a088d7447a11 |
| SHA1 | 447fd1f59219282ec5d2f7a179ac12cc072171c3 |
| SHA256 | 3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01 |
| SHA512 | d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | da79e9f2d5f305567f337ffa0983cbd3 |
| SHA1 | d999c364b64d71e22ce9cccfc33ec895b437a161 |
| SHA256 | 81314807f052a8f65d16934d6386491f39ee89d537798008f28cb43c07fcfe21 |
| SHA512 | 2e08ace373b5ef9c303287ab3ecb4009c95fce42eb25b88562e8c3d1e3823442eaab036e2fb1be578ba9a64153dcbe7d9291717170370d47887b2e683b0b9214 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NB4ER2HB.txt
| MD5 | 4ffa741ee5dc9e96983fbf05177597ce |
| SHA1 | 75314554ab61edcd4d61c46529474c7f636d6038 |
| SHA256 | 66b23bc662a094dff8829a49d78cfd1d9417005a6e89f8f241693677d2bc48b8 |
| SHA512 | eb07b6ae9ded302d379cff39f0306a779338ea2eff72d27061812cec4865c29d6791df5b50892a0b0bf050236b9539d61289c674f613783e78139de4ce9fac09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74464bec32ecdfb795512733492b6a25 |
| SHA1 | 6115c9639f181e0e1694d8090608c7b76a32e511 |
| SHA256 | 7ae870408b20758b4e48d0064f67ff3ed2a0b4ef526fe3e1e8aa185da01dd862 |
| SHA512 | 9d74280766ceb240e7d12d04a357b26296bc46612e518cc61a92d3728ddf10345ec1d291ca463161367da977e16833f10f4d6f7fff2254d89f08dd02935e313a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 5045963f2f3edf90c8bca8ad623d8ca7 |
| SHA1 | c0a2729fc8e9b10d01658b5391a54e783fe13ea1 |
| SHA256 | 3638488981c1c73205ecf3c13253e8fa4ae7a70110f6e87da7f4746962d587de |
| SHA512 | 3e054dfe0a69c357ad6eb0f7cf3abb574962ec21d4af1817e5c95b2b7766f87c108ed71e9bdea020a09ef4d6c971e5b8ec502554f018ccf1b1c9092ae491ecc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | b355e1aa7dab450b39bd213a0a94f3d4 |
| SHA1 | 5c660e877dcb42d0cb7dfeac1eb6f73c40587aae |
| SHA256 | 67281de0e46264c8aa7e6444a71ebedc777cdb0403f3f8fdd23fadcce18377ac |
| SHA512 | 8d2d9b6c6749dba432975d3130fd9b6b784e7a34eb3c0bd925a0a2a98e38fa360f316768629d097f1018a50681e41d4c7310821d2d81c068209056d73435a9bf |
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_51_x64\jre1.8.0_51.msi
| MD5 | 1ef598379ff589e452e9fc7f93563740 |
| SHA1 | 82ad65425fa627176592ed5e55c0093e685bfeef |
| SHA256 | d4bdc230eaebefe5a9aa3d9127d12ac09d050bf51771f0c78a6a9d79a1f9dbf2 |
| SHA512 | 673f4b08fc25e09e582f5f7e01b2369e361f6a5b480f0aa2f1d5991f10076ba8a9d6b1f2227979b514acc458b4fdc254fc3c14173db7e38b50793174d4697f23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
| MD5 | 3f96f53d80163c820dd9ff086abe37de |
| SHA1 | d119f2c657b1799497b85f791890d43d54696771 |
| SHA256 | 218a40db2329441fde5d28ba5071334a4de6244db27c971579594e04964aa637 |
| SHA512 | da00703d8338f4ea012de7c7e09a615a9a04705ef4a20f6bb9cf1ec8ba8c7fc5976e08a83da4740e9cbec40e351b885426fbe5ca9c93afc6faef4dc28ea03275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE
| MD5 | 4471f5087c2379f776de68df98528f93 |
| SHA1 | 6e92316beb7a60d5ccbefb495d24ac61fb1655bb |
| SHA256 | e2843fcc3d6b9864e059275af94114369b3f9bc24c06beb8c4d2a65a4bcd6ffa |
| SHA512 | c700f25359be1cefdf63ef843f1689645875b96f98e7d514902f36c35814558a92abf2059d64c9048d266acba65ed01055199ba682ccd6bb87f2f8406bbcbd74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB
| MD5 | cbed24fd2b55aea95367efca5ee889de |
| SHA1 | 946f48b5c344fd57113845cd483fed5fb9fa3e54 |
| SHA256 | 1dc8a0fcbe260b77adfe5ad9aaac543239b2a0d9f4e1f3c2657beee4376ffee4 |
| SHA512 | c504a11ea576f8ce14de26a0617e22e71e14db0f1dadefc187ce94e4a35a83743c743824e3629899c262aae4772bb86a0ee5bb643db20645483f0c376215ec6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
| MD5 | 7ed3cce70f2846147d3c0891aa399aed |
| SHA1 | b1429194a2940ff93703644d1bbe12bdc7e7c083 |
| SHA256 | b49e155f202c2859df53e508ba86265ea6a3ea3deec4fe9d167d6de9fc23e64c |
| SHA512 | a5686c1be321e5430fe94cd14add4f0aa011859682f50cd2bedafeeaebb0b24b3a4abf37f3c155e7a127f45e7d4b3666008cb3b6b789727f841b54a56abf2a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
| MD5 | 4e1910d5b9c6c6ce32e560c728739df1 |
| SHA1 | f1f30bbf92854ff01018936c49d399ca69d203b6 |
| SHA256 | 7708f145a008a58bb05adcf3739a56a6894d7fdf1fd789064426a0e0cff1ddbf |
| SHA512 | 8202e20136c253dd83bef48a1cda6fe39d5b37baf3c292a7fb0a11f519872f7e140e38737acddf247a32d6f5ec6372b3361869f7cdb2dff4a887c2f66fedc473 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 78de628097965c30cedc7230ae1eebfb |
| SHA1 | 613098fe84a53b3f97edc626f5b97faed0d61d9d |
| SHA256 | 4c4ded4149d005c2f518f560b9a5c5caed3999d19efe6141f5bd844a9f56b628 |
| SHA512 | 06c8c71a76a013f6419a29b6b977400233e7ea1cef58949df8ebf552053bff2aee35b5b22a9a39bd68f46aea0fd91a4b61c361a4cab5757be06d4cdf8e5d4933 |
memory/1780-2469-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1780-2477-0x00000000001C0000-0x00000000001D7000-memory.dmp
memory/1780-2476-0x00000000001C0000-0x00000000001D7000-memory.dmp
memory/1780-2475-0x00000000001C0000-0x00000000001D7000-memory.dmp
C:\ProgramData\Oracle\Java\installcache_x64\diff
| MD5 | d417682702b140d7131851bae877f046 |
| SHA1 | aa78da727e8a62c839a9bb6f7a93b48d3a04be70 |
| SHA256 | 3b3657c83e4f588f0e759cd46e99309cece2ebb54af2c377f9dc087ec764fda8 |
| SHA512 | 9e107b7f61e42410807aa1e6761ac7adce412846f69ae8e2e21b147e39d1a95d41367e21624381750eb11c77322206c4d869a477e5442e8323405c85854c03cd |
\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
| MD5 | 2e7543a4deec9620c101771ca9b45d85 |
| SHA1 | fa33f3098c511a1192111f0b29a09064a7568029 |
| SHA256 | 32a4664e367a5c6bc7316d2213e60086d2813c21db3d407350e4aca61c1b16a1 |
| SHA512 | 8a69acae37d34930ed1b37a48012f4c1b214eacb18e46c7adc54aaa720b75c17ac0512206e7c7a72669c9f53e393b13ef9b7783f02482f19ea756c1022580f0d |
memory/1780-2479-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack
| MD5 | 5cfc3a1b269312f7a2d2f1d7c0497819 |
| SHA1 | d048284db9ce7103156f8bbce988b4d9978786b7 |
| SHA256 | 80ba80d2a6c20deef6e2f3973337e15e22eec30508899ae998bf191ba725db26 |
| SHA512 | 8735af7c8bc5b48aac42120326a5dee21f98512ba31c57c77b6fc3906b7b1b98e5f22f57a31f26dc3e16abe63a6f15ef2e115c7fc17bbab35e846dc373da9c6b |
\Program Files\Java\jre1.8.0_51\bin\msvcr100.dll
| MD5 | df3ca8d16bded6a54977b30e66864d33 |
| SHA1 | b7b9349b33230c5b80886f5c1f0a42848661c883 |
| SHA256 | 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36 |
| SHA512 | 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0 |
C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack
| MD5 | 5a83bc9b3e4a7e960fd757f3ad7cd263 |
| SHA1 | f5f308aec7e93accb5d6714c178b8bf0840fb38d |
| SHA256 | 0a95ab97c85e534b72a369b3ee75200f8075cb14e6f226196b18fd43e6ba42f5 |
| SHA512 | b8e554bbf036d0500686e878597ffdefa8bcd091ab6533eae76fa04eda310cec7cac89b71911f1f81012f499c7bec890ac9032685945f7e5e6b68f7ad3f7430c |
C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack
| MD5 | 538777ddaa33641aa2c17b8f71eed307 |
| SHA1 | ac7b5fdba952ce65b5a85578f2a81b37daed0948 |
| SHA256 | 9948b1c18d71a790e7b5a82d773fea95d25ab67109843a3f3888f3f0ac9d1135 |
| SHA512 | 7a5877e0eaef6424ea473a203184fedb902cd9d47df5d95d6f617ca4efa1162f0ffd418e9bc6b7492f938cb33fc6384907237487d6ad4f6d0d2d962402529d8b |
C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
| MD5 | 5b071854133d3eb6848a301a2a75c9b2 |
| SHA1 | ffa1045c55b039760aa2632a227012bb359d764f |
| SHA256 | cc8d67216b1e04d7a41bf62f9c1088cd65a3d21796c5a562851e841b3afa28cf |
| SHA512 | f9858ec0a1bfb7540512ede3756653d094ff9fe258d13a8431599280db945e8d9ea94c57595c6a21aa4fbfcd733eea9b887bfcf87e84279a7e632db55380920c |
C:\Program Files\Java\jre1.8.0_51\lib\rt.pack
| MD5 | f0177701b36068c9a2bb4924dd409fa5 |
| SHA1 | 71e4b32c95e20dd565a6603d3de3819eb4f19d33 |
| SHA256 | 93c1e08034b68e12d78005c2950145595327477c17c1f716248d3e16313b4eec |
| SHA512 | 8e198bf60dbb95f38bf5eca67c9b7cd4fe9920890ba3d569e08de59b38c1b00830a0a37168fd74c874df86b7ff0915c8b69adb1591432b42b5ff35e5885e6641 |
C:\Users\Admin\AppData\Local\Temp\~DF1F6B71DDAC95ECCF.TMP
| MD5 | 3e16b21581d93d9db0ab740d9030fb96 |
| SHA1 | 06a73a5eeb6ae081a6499587e32f9b014f8efc6a |
| SHA256 | 9f35d08a48c743d575cd811a2b14c4998dc8bebe8f6190b8f9aa5ed2e758d768 |
| SHA512 | 38629013ddd1311d71cb650ffe2a1bca8893e51d031e75ca414a15ec5cb87cacc28c037b55285058c43df24d5fe5834bdd59b130644c3bd1b2db9f4d98c52e57 |
C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack
| MD5 | 45288142b863dc4761b634f9de75e5e5 |
| SHA1 | 9d07fca553e08c47e38dd48a9c7824e376e4ce80 |
| SHA256 | 91517ff5c74438654956aae554f2951bf508f561b288661433894e517960c2ac |
| SHA512 | f331cd93f82d2751734eb1a51cb4401969fb6e479b2e19be609e13829454ec27cec864c57bdc116bf029317c98d551e9feafc44386b899a94c242bc0464556d8 |
C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack
| MD5 | 168f72fd2f288a96ee9c4e845339db02 |
| SHA1 | e25b521b0ed663e2b050af2b454d571c5145904f |
| SHA256 | 5552e52e39c0e7ac423d6939eec367a0c15b4ca699a3a1954f2b191d48a034e6 |
| SHA512 | 01cdf3d8d3be0b2458d9c86976cef3f5a21131d13eb2a1c6f816aeb2c384779b67d1b419fa9233aedd3bbd16970ec7c81689bf2e25a8bebadec5de8e9b5a19f1 |
C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack
| MD5 | 2ad7c3462a7494b29edbe3701ebeab4c |
| SHA1 | 7358ab9b0c4771efdc0d28764b90a46aac55e865 |
| SHA256 | 7cdc489fa093e924649e82f4eb9689bc1bc0d28e20e37a0a94060efd5428c2db |
| SHA512 | 8b1f0f5932896f1876e5f8137dc8f74ff79f02b7708220b53ab2146fc742403ee952c68dddff9a92c786d4a534f7a266327934a8fe84a3c979c016cc8c93efdb |
memory/2896-2748-0x0000000000130000-0x0000000000131000-memory.dmp
C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe
| MD5 | f49218872d803801934638f44274000d |
| SHA1 | 871d70960ff7db8c6d11fad68d0a325d7fc540f1 |
| SHA256 | bb80d933bf5c60ee911dc22fcc7d715e4461bc72fd2061da1c74d270c1f73528 |
| SHA512 | 94432d6bc93aad68ea99c52a9bcb8350f769f3ac8b823ba298c20ff39e8fa3b533ef31e55afeb12e839fd20cf33c9d74642ce922e2805ca7323c88a4f06d986d |
C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
| MD5 | 5ed6faed0b5fe8a02bb78c93c422f948 |
| SHA1 | 823ed6c635bd7851ccef43cbe23518267327ae9a |
| SHA256 | 60f2898c91ef0f253b61d8325d2d22b2baba1a4a4e1b67d47a40ffac511e95a5 |
| SHA512 | 5a8470567f234d46e88740e4f0b417e616a54b58c95d13c700013988f30044a822acfef216770181314fa83183a12044e9e13e6257df99e7646df9a047244c92 |
C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
| MD5 | cb63e262f0850bd8c3e282d6cd5493db |
| SHA1 | aca74def7a2cd033f18fc938ceb2feef2de8cb8c |
| SHA256 | b3c10bf5498457a76bba3b413d0c54b03a4915e5df72576f976e1ad6d2450012 |
| SHA512 | 8e3ad8c193a5b4ab22292893931dc6c8acd1f255825366fdd7390f3d8b71c5a51793103aeacecfb4c92565b559f37aec25f8b09abb8289b2012a79b0c5e8cb3b |
memory/2852-2833-0x0000000000160000-0x000000000016A000-memory.dmp
memory/2852-2832-0x0000000000160000-0x000000000016A000-memory.dmp
memory/3880-2828-0x0000000000140000-0x0000000000141000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 64eedcc4836c263fb11e6b17ee18148f |
| SHA1 | a2107cd5ce756916f01aead59389c3919c4c6e87 |
| SHA256 | ee0f9fcbe4b25c946e7c61fc5d73dd5a6e5984bbe5fca0e154784905b3f19dcd |
| SHA512 | b4e913070f1af32d8e812dbf6be66c65dacd9c288e1312070ed79bccda915b1e75c38981ca7e34aab253cbb930eace87e81d746469b74902ac037109664c29dc |
memory/2852-2870-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2852-2876-0x0000000000130000-0x0000000000131000-memory.dmp
memory/1644-2881-0x0000000000250000-0x000000000025A000-memory.dmp
memory/2852-2877-0x0000000000130000-0x0000000000131000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 700424268f9cba976072d83467ead04f |
| SHA1 | cd65005e7a0c202980222c05a2585eb892fca0a1 |
| SHA256 | 0f74081fe023a019aafcfa88e7e39965605b7621dc8a85e26c93909fdb46d8cd |
| SHA512 | a78e11a0e3cf9ecb247aca0b7b5e8c67ae56e9e96adfb37884400b136b6662171a3091bb3bb7d527078e617e31cc88922442d53307c0681ba18403fc177bd2b4 |
memory/1644-2918-0x0000000000230000-0x0000000000231000-memory.dmp
C:\Config.Msi\f77ee0b.rbs
| MD5 | a1f020e04cf3d7a6a08df9e19866e50e |
| SHA1 | 791438694855c468e06bab6a4810aa2b1e842f65 |
| SHA256 | ed7e11fd7a0d09fa13d61d1921bf81864aae7d31b6e0e21e1cf50e13edf10f2d |
| SHA512 | 8d45ca43118fbf816bdd8d8205cf15976cee90702aca3d17d99557ce33f2ad12dda98e12e2aa0241c67b66a1a27a7788944ed9ceee2ab29c22360bda30c06ea9 |
memory/1644-2925-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1644-2924-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2924-2972-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2748-2989-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2748-2991-0x0000000000130000-0x0000000000131000-memory.dmp
C:\Windows\Installer\f77ee12.msi
| MD5 | 4afca17a0a4d54c04b8c3af40fb2a775 |
| SHA1 | 96934a0657f09b25640b6ad18f26af6bd928d62f |
| SHA256 | b15d3a450b7b3e5ce3194ab9e518796cc5f164c3e28762ffe36966990dcd2fe8 |
| SHA512 | ee76f5fcfdd9c1202fd5abdc2bbde8fb2543cee83265f6d2fb5458d1a086152ff6bdd4bf62a88150d325ea282bd2ecd66dd5f127bdd847cfa69cdb88985a8305 |
C:\Config.Msi\f77ee11.rbs
| MD5 | 885114703251fd9d6343e967ae0e54d3 |
| SHA1 | 1f917c1621355a8d404d8febf7b74603c091482a |
| SHA256 | 184cb0aed017f4dd0568dc3b9bbddd4ce9e1cdcdf20f6d1aef5c40463f29d4a1 |
| SHA512 | 28120f79bc791b7bba9bc92ed3919a66e5ea802d23f97e090df2b1f41cbacf68439f439adc252b9e055fee664e2523defde5819b8ea9335375a0743ba3ac5111 |
memory/1724-3059-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1116-3069-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3103-0x0000000001CB0000-0x0000000001CBA000-memory.dmp
memory/1116-3102-0x0000000001CB0000-0x0000000001CBA000-memory.dmp
memory/1116-3104-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3118-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3142-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\appConfig.json
| MD5 | a9bd1871a6a69e12bb017e1375b0a659 |
| SHA1 | 0cc4c515fea150c982d02fa73acf73cfa68810e7 |
| SHA256 | f725e50dc4377a28b06589b028cd3cff58845d5ed882b22b17129c4413f8b9b3 |
| SHA512 | 0595d54b19805f57a1b09a492c90c4c9f655d6a501179966b1a282b0aec90b27eeba634ee4a54fb9982f80ae046e6feb2b3e2097f14a0a3e051e80c162a83bd6 |
memory/1116-3162-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\dependencies.json
| MD5 | 24817047786540dd5d8cbfb94132c84d |
| SHA1 | ff45f1ae7748fab985e0580c5746b0327a4b59ac |
| SHA256 | a5584b00241e6aa455dce9c0d584d61f8350a7bc07a4137e9289e23f46878721 |
| SHA512 | 6e048803859517d052d88d8c96c382d481620c1d930e219051264cb2c4d096b5b68d8e8e66ba2244ef7343df99f120600f8763f67bcf060c3132743eca7934ef |
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\2.923\resources.json
| MD5 | 8ab0113596cd48af76657e53d5d93e70 |
| SHA1 | 3ab4244668932e0396022372d8f311c62ce1b89b |
| SHA256 | b0a6157bb0f4da765f93d13ca167017144c5eb15955015b0b42f7d7c0b70599d |
| SHA512 | 55fb4d7ed644ae5e47ee376b00323199788baf596b493b4959ec4c88bdb37295ee59e34d3a7d4310fc9e35d776e1ae19fcead53c09d3a440dcfec8dc6736b170 |
C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.fastrepo.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json
| MD5 | e2cbea0a8a22b79e63558273dded5e6c |
| SHA1 | bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61 |
| SHA256 | 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007 |
| SHA512 | a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a |
memory/1116-3199-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3206-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3207-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3210-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3214-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3212-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3211-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3220-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1116-3234-0x0000000000240000-0x0000000000241000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:20
Reported
2024-06-02 23:23
Platform
macos-20240410-en
Max time kernel
141s
Max time network
148s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 450522A7-5D07-46FB-AE93-1F2DFEC08613 -post-exec 4 | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 6DDF0340-55F6-4590-B38E-B64C44E16D35 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 450522A7-5D07-46FB-AE93-1F2DFEC08613 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 | N/A | N/A |
| N/A | /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 6DDF0340-55F6-4590-B38E-B64C44E16D35 -post-exec 4 | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist | N/A | N/A |
| N/A | /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist | N/A | N/A |
| N/A | /bin/launchctl stop com.google.keystone.user.agent | N/A | N/A |
| N/A | /bin/launchctl stop com.google.keystone.user.xpcservice | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist | N/A | N/A |
| N/A | /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice | N/A | N/A |
| N/A | /bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/TLauncher-Installer-1.4.2.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/TLauncher-Installer-1.4.2.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/TLauncher-Installer-1.4.2.exe]
/bin/zsh
[/bin/zsh -c /Users/run/TLauncher-Installer-1.4.2.exe]
/Users/run/TLauncher-Installer-1.4.2.exe
[/Users/run/TLauncher-Installer-1.4.2.exe]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.google.Chrome.3056]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]
/usr/libexec/xpcproxy
[xpcproxy com.google.keystone.system.xpcservice]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]
/usr/libexec/xpcproxy
[xpcproxy com.google.keystone.daemon]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=15]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=15]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=15]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=314896489 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=58]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=314982305 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=58]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=317295222 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=74]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=317447747 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=84]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=317938720 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=75]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=318316834 --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=75]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=100]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=107]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=108]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=114]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=80]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/usr/bin/hdiutil
[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.IOQklCM0Bk/com.google.Keystone.dmg -plist]
/usr/bin/hdiutil
[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.IOQklCM0Bk/com.google.Keystone.dmg -plist]
/usr/bin/hdiutil
[/usr/bin/hdiutil imageinfo /tmp/KSDownloadAction.IOQklCM0Bk/com.google.Keystone.dmg -plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.hdiejectd]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 6DDF0340-55F6-4590-B38E-B64C44E16D35]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 6DDF0340-55F6-4590-B38E-B64C44E16D35 -post-exec 4]
/usr/bin/hdiutil
[/usr/bin/hdiutil attach /tmp/KSDownloadAction.IOQklCM0Bk/com.google.Keystone.dmg -plist -readonly -noverify -nobrowse -mountpoint /tmp/KSInstallAction.rQVaPoGSem/m]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 450522A7-5D07-46FB-AE93-1F2DFEC08613]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 450522A7-5D07-46FB-AE93-1F2DFEC08613 -post-exec 4]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]
/sbin/mount
[/sbin/mount -t hfs -o -u=99,-g=99,-m=755,nodev,noowners,nosuid,rdonly,nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.rQVaPoGSem/m]
/sbin/mount_hfs
[/sbin/mount_hfs -u 99 -g 99 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.rQVaPoGSem/m]
/tmp/KSInstallAction.rQVaPoGSem/m/.keystone_install
[/tmp/KSInstallAction.rQVaPoGSem/m/.keystone_install /tmp/KSInstallAction.rQVaPoGSem/m]
/usr/bin/env
[env]
/tmp/KSInstallAction.rQVaPoGSem/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/tmp/KSInstallAction.rQVaPoGSem/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --install --system --enable-logging --vmodule=*/chrome/updater/*=2]
/private/tmp/KSInstallAction.rQVaPoGSem/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/private/tmp/KSInstallAction.rQVaPoGSem/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 --handshake-fd=5]
/bin/launchctl
[/bin/launchctl bootout system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]
/bin/launchctl
[/bin/launchctl bootstrap system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/launcher --internal]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update-internal --system]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 --handshake-fd=5]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall --uninstall]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]
/bin/launchctl
[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]
/bin/launchctl
[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent]
/bin/launchctl
[/bin/launchctl stop com.google.keystone.user.agent]
/bin/launchctl
[/bin/launchctl error 3]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice]
/bin/launchctl
[/bin/launchctl stop com.google.keystone.user.xpcservice]
/bin/launchctl
[/bin/launchctl error 3]
/bin/launchctl
[/bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.Keystone]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.UninstallKeystone]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.NukeKeystone]
/usr/bin/sudo
[/usr/bin/sudo -n -u #502 -- /usr/bin/defaults delete com.google.Keystone.Agent]
/usr/bin/defaults
[/usr/bin/defaults delete com.google.Keystone.Agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=33]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=32]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=36]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=36]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,1374371508648835734,14026779093091859655,131072 --seatbelt-client=35]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.67.6:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.73.27:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 172.217.169.46:443 | tools.google.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | fcb4024c6dc53a5b72c492fd960762d7 |
| SHA1 | 82c43024d9e274bf2b8a5d1e505d65cf3873fb92 |
| SHA256 | 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6 |
| SHA512 | 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b |
/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes/settings.dat
| MD5 | a30a3013aaafaa0d534dd31655d3c741 |
| SHA1 | 5afd87ea28558f6970f1c17d5305f640ec649b06 |
| SHA256 | 3c3b1523ecf2d67b99ab0d14ab60ff783c4a5fafa5cd8b9facba8ad7356a4a21 |
| SHA512 | 412b333c4a24672dd6592e3d6005cf522ca256e6406daca8e87c56b9e000c393ba5b022354dc78c1230fff9238f4a6b13a678b94d143bd75724ffc346df0dd62 |
/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 6487e04972ecffd0aabf7b61bdda8119 |
| SHA1 | 26f0b11a2529a35f6970a914deadfcf2e2d23286 |
| SHA256 | 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172 |
| SHA512 | 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae |
/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb
| MD5 | 61a867b6e4a24cfcfd32ddef25ac3229 |
| SHA1 | 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd |
| SHA256 | 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5 |
| SHA512 | 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc |
/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | b5db1f091948de93d7fc96e14aef6da3 |
| SHA1 | 74745f991e3dfe45037366e55c2e6df47d8e6593 |
| SHA256 | b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e |
| SHA512 | d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | b47a44bdd1b765b6af56b347447fd1b7 |
| SHA1 | 8599a1870656af91e432bb35e3497863e34ddfbb |
| SHA256 | 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06 |
| SHA512 | bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | e0f65ad85a40a32fa91e551005e193ce |
| SHA1 | a145766d5df23ae5fcd23dbb6937606f280f3502 |
| SHA256 | 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8 |
| SHA512 | bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.CuuUly
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.32.0/Ruleset Data
| MD5 | 132df2b999906be7b21cc21bc247b068 |
| SHA1 | 0665be201a96e717410a4e61a263bb879b3f08d4 |
| SHA256 | fed1557c8b4e40813114db3b546c043105892dd0895c4d7c02d45a8be351173a |
| SHA512 | 6764c8a425cd010a67a4636f812d43e63bb0815943e9839cf9fa35f3e5f9ba52309ed842306dcffe32a72e7019cb0c28e1d402dfc22dca0603a0cd48d6a26451 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirzppnzS/CRX_INSTALL/manifest.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirzppnzS/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirzppnzS/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/Users/run/Library/Application Support/Google/Chrome/Default/Storage/ext/gfdkimpbcpahaombhbimeihdjnejgicl/def/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/tmp/KSOutOfProcessFetcher.LcKJzinWKs/download
| MD5 | d69808684ef1c8be0903caff727e527f |
| SHA1 | 19dac7f0ed80eef9b397207793ceb34f62102198 |
| SHA256 | d98aaacf2563db8e01d81e2fec07db6934cffeaa7ee93125099660baeae1cb87 |
| SHA512 | 666e1397db20fd6cc1bfaf3a0cee7279fe15222f66ab32bb8c8524f9f6f81bcfa799bc543837482b45925b95aa6ca3ee94b4ac7faf20f7bc4c9b7d99026c0724 |
/var/log/fsck_hfs.log
| MD5 | a96e6afb03eb97047b51aed64f889000 |
| SHA1 | a0bddbaf9b382ec57979366c22f5e421eadb2c5e |
| SHA256 | cb801e36422bea9c038d61b5e2af5bcd9885d803a6e1891893505b31f8ebd7d5 |
| SHA512 | 5350bc8568e7f73f084021748fce9db99efa0e3bdad71976d501793bb975f3013367253fbdc0df593b45ef2b5a24b5be7f0cf99063f62fa1699771e3f16e2d16 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Info.plist
| MD5 | 61dc8ca2defa60bcdd65b896da227b0c |
| SHA1 | 843b1b1456b43ba9b7a2acfbc5a50ff0d5c6683f |
| SHA256 | c26663a0ee680704a727c13fd376f23beedb7973576b057d3e336d82a84dca31 |
| SHA512 | 1b1bb25d25bc8bda13e5fb792be7aa1984cecec6a54cfa8ded4e447800492b8d9ff48b14570aaacba4c56a0918e74fceb96bbae08b3805edd7086235dcae95da |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
| MD5 | e285aef0b1526282847e4a119f06a30b |
| SHA1 | a77471c8e351270d6f663c0ad7bb0e0e253d28cc |
| SHA256 | 520c90fead23647016d99c0e6f283023717cc935e01159a23cbad2156ddf2819 |
| SHA512 | 4e8e09296c145a305369828e60c90d87e2d39cc608e323e23f56e69f3c9c577062c40fa5511636377b41d10c8f53432b8045c6677e1a94f43abf2096d1567701 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/launcher
| MD5 | c4a96c80cec490bcaa76667589f20b17 |
| SHA1 | 53eee2ea2823d2d0d475e5606b601c2bb20a4961 |
| SHA256 | 95c39242e5139a0f2ccb5b7ec7e8ac15f6185cac493f04b2bbee475cd30d5ba1 |
| SHA512 | 322753cd15e2e79ac3ad47a8861a1a8f73ba1de63f0ff74c86dca81b635413672a542ab76afbe0e3e193837bc229cbdabc0ae03de8944f80d6850c2b266f8c6d |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/CodeResources
| MD5 | 5174e313530cbab2bf9b4d77e06426d7 |
| SHA1 | 9cdea134ac95db8becaf323e0a269eefc34d5e91 |
| SHA256 | e3f8f1051a559f67716f8d5d43e0654ef84417c17cfe316815c2545205bf5e59 |
| SHA512 | 04a8e6a7b6be18c095949c25c7e18f2dff0ce1df70a47f6dfc6a6d0568fc2c362b466acdf6d4163cb15d97e86cf832a4922fedd41a6520a62e892b972eb3ea4f |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/_CodeSignature/CodeResources
| MD5 | b3599175cc6c9e8d4c3bd5b89ef6a60a |
| SHA1 | bd6ae8c4e9acc596c0b0b9b1c892a08e578125ea |
| SHA256 | f902e21fa78454d59cf140e88b01eaeb11c50023c89407799072e8ea0b533b8d |
| SHA512 | 5457c9853e3a944fe977363e2034cab5a144627a52042dbb918c13488c73d8603f7e94acc59442e182f24d94ca71787d6bd1d299a2571596e38905c85d9231f3 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Info.plist
| MD5 | e46f9a1729b25b6eb0307ea2ad11624e |
| SHA1 | c65491186ff8f472207025ef15b9aea5962c76a4 |
| SHA256 | d649de3e7adc7c26c2144a109c5fff1a055f3063faaebb75ac9bb05a1ec81616 |
| SHA512 | 97bfc0ecca8381aa3a604774f7965dc5f6e208ab0fecc63399f2d8ba895e03f1ac88a16a269262f959e75c1538a50f5abf3dea060756e0344143935b087093c6 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdate
| MD5 | c5f7e5dd2230a2b8f706d2621a7b31f5 |
| SHA1 | f82beb6be57af4f61034af5a04ee4ee6bc8c0dda |
| SHA256 | 6750e554c251b1782fcd3f81180f5f44412ae141afe8ab61317767ce4b491e54 |
| SHA512 | 566cfd84951980f31ac6f3ee6efbac0f79abed1bed2c1a91f60b77f4f61eefec733e9f5733fe792558eb0bcfe2a34c578d42fb5c34f144ae385b3f1c391d1fcb |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/_CodeSignature/CodeResources
| MD5 | 2a9b1fc6c070c8d8a2215e8e59dbbe82 |
| SHA1 | e1bb087f92bc703ef21d2a5aa201155c149361f9 |
| SHA256 | 9b4fb3a1bdff02d0385db8d56e9cae16a6d6077d0f08634fd97ef441b1e5304a |
| SHA512 | 575db8414a4de37b9884479fe59f1ee83886314fdcc99adcd0659fca7d255f0d4b5b729c7b622ed40d490d40399f603d02ddff3019c57698717de9cd0117c7c9 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/_CodeSignature/CodeResources
| MD5 | c48c1d9c6cf982c32580a9c58b0cce51 |
| SHA1 | 630a08873072069616cdcc31f55e6d7423086d78 |
| SHA256 | 6686de10a28a2fe11b36cbb86dcbacc827cfc4ea116b4dabf1845e5aee629e9b |
| SHA512 | 27f6256579e03e319af66d7fa316935b4e2d5c126429a8b961424a466cab907ceab5d068fb87d763bc3d819a791492c17ab1d1b54f5530cb34224b582d00c013 |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
| MD5 | ce7e28889be6e825195fbfa19cc99ad7 |
| SHA1 | c1a4e107a2062d0abc68e5dcbb679d64a24e3c37 |
| SHA256 | 1c045814f29a566283de155786a153e7e3d0fb6a99253133ab6937c39e3868e1 |
| SHA512 | 1944a71d98c74e1d367c44bd042b39b3d3fed356c751289fec52d7573eaaf5af0f6eb548a378878c024ea51a0431f3a867613090ea953c615e42f2911281e35b |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Info.plist
| MD5 | 44802a32230ecffbc1dfcffe92d25eba |
| SHA1 | cdd290e6b31adaf0e027d64ff9bb4ca33fe96d9b |
| SHA256 | 7bb7472bd36148b228b390eeadc169cfef9263875e7c2d14f716be913cd22909 |
| SHA512 | 8ec32d77030b645eecf8c80c79298ff36afc3bc9d326b639e7a1175a2ff67937826070393f2c92efc9688a0dcd1ef10e3603dfe725f6c070f55d083aae4f52db |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall
| MD5 | 1cf38f60887d82e2f7a0a8778f8cc6c5 |
| SHA1 | 43ab8e1e5a008dddfe9a3ef97e9dc85fc9022c48 |
| SHA256 | 5f174f0394384a832ae972777b6cc006cb3f31ee71af80fb8b8589d6b42619d1 |
| SHA512 | e26433297f9df26e92666547aca519c5602f59e95229b7f59504429c7b0dcacdfd960e1f0a6637757c677321746930ca1c56e9da12d57fed4a277669dc134f3d |
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
| MD5 | 8c120f5aa52632404b5f44c6a750021c |
| SHA1 | 35826874e078d4a4395af5dd159bc599c693a2ef |
| SHA256 | ede8572c5de70bfc347a9da9871b6f9aa2bcab1199a5a39d19d7bcf4a41ba3d3 |
| SHA512 | ac13896f373d2f173e760b65aff9e9c04c43f2a29d9da27f390f2d4268413786de761b727c389f3976c5a69cef4d7e42b1308ee06824186bc17a23203af4ed3a |
/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
| MD5 | 0971e4051a0fc3d3ed9ff1e51408c5af |
| SHA1 | 03e56c7ccab1cb79628b3fae501a3d1e27dd28db |
| SHA256 | fc5e74285d9060afa97575b73336bbf7a7588ced2a85bb38a0b0a991612c23d0 |
| SHA512 | 37dacef53621a75505ecab05de2ec2af94cbbc353e41ffb5356fbdb198250ec9373826d8d3e2b537320cab4d6643211f928d83822528066879b1e2447c54098c |
/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
| MD5 | 6c34ecb18647fe621caabc7e3aa34464 |
| SHA1 | ba70a5c003ec4b373b506024ac9d2a4c732e8eb2 |
| SHA256 | 8abe775fc3426b2326bd53115ca423451c256ffeeca995c761d41ef11e2e3e55 |
| SHA512 | a65180911209def55525401bcb71e8c2314b2acdab72b761e9c38cbbe67a61434457cce45303ce87bb03fd92e57276d4f07d90d1c28bd3c9a37e9e6cc5bfaf05 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.THT5gX/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.URMwAj/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.p2x6tw/efniojlnjndmcbiieegkicadnoecjjef_970_all_aczcuqcl2ufmpkanh27edlkvkyba.crx3
| MD5 | c99714dc8700651a80078f5eb8fb9ba7 |
| SHA1 | 7c9f7dac182d17f2d99f36a04c1f6ebf39d0e192 |
| SHA256 | ff0e88cc4f10c87e09be229b861a5ce2909b22d830b3634c51e29b150342eee0 |
| SHA512 | bccb8af5771720d9710840c3fded6c14442e643f4f7b4dc86b0dbf8005d0302ca9a3d0e029353c413bc534d646d9ce5e66a681608ebbcd8130728875b8df1673 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.zCziGs/jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3
| MD5 | b173dbd5ca315b732be8248161124804 |
| SHA1 | 0083e57ea026113275009cb9cd111bd211578e17 |
| SHA256 | 888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada |
| SHA512 | d4cb2a881e157a6d71fd5afc0c1fe0cb343de0ff019ab8778bfcbcd731a2fb8e28336986c603a3e354d9889e2adb68ba6a40fe7df0cc1fa5832bc000ef1624e5 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.mE6DGE/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.jYcXZY/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.6Rqf23/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.6Rqf23/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | ae0533bc75dfb86ca0dd80b1e61bd786 |
| SHA1 | bea3854f0efb9cb812b9da0d737684d5eef3643b |
| SHA256 | d3fda248f4310788eafacd33aa80e29aa09cad0677e1f67a79831e940ee4595d |
| SHA512 | 61d607c9745c3f793f7923f270e8b22eac09594e6a7ed6d417047f8e7c319da9253af6ecefff4edcabc18beb4646270289e12907731e6b199e4dbfe9185bca5e |
/Users/run/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.a7IaWn/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.oeQMgp/obedbbhbpmojnkanicioggnmelmoomoc_20240404.625479014.14_all_ENGB500000_incvymraubxlb6ke6cnqmodupm.crx3
| MD5 | e2c281ae14ad2d32ce83029ba21887c9 |
| SHA1 | 8bf02cf7f5b19f8412ee2d736cb8db733941899c |
| SHA256 | f0682b4237a8e14c53c5d54f83d1e49697793125ad1f1f6955bb3e8cd750d8c4 |
| SHA512 | ac8eca3f3170495ff572fa1f410faca483275f97d1914bdda190b044eb78fcdc43609888d756f70c628f6f2e74aaefddc6d0d548b9bfa40890700f31443be883 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Sk18vG/hfnkpimlhhgieaddgfemjhofmfblmnib_8810_all_acymblg6nf6oxkmfsoe5te2bzteq.crx3
| MD5 | 86749e7c9832b8a81d6581f7d6349c9d |
| SHA1 | d9a139d027f2074a885d3896d2c4bf18eff1cbcb |
| SHA256 | 3392b2d6627586e5d4d7df79e9be3a7c6f31273b672a67324edc962ef585e482 |
| SHA512 | 2d4e75c1015e88f78b01dea3d732c772efdd31266972fe18c10dbcf0d43a31eccd8254f4ed0cb031b33f748de793936e90c7a1a61b83a5c5739a51e43c257056 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.N7ZkVQ/khaoiebndkojlmppeemjhbpbandiljpe_65_mac_dzlxuetwsybdv7gfmhikquhdj4.crx3
| MD5 | f5ed8ad664370de2d16265ac99085dbc |
| SHA1 | 52deeff97bc4c2777b70b7d79bedeae161183150 |
| SHA256 | 9fe1922c50cef6ab1c62d9b37a37e0a7d6e82639217b4b7fb1537183ae0dbf55 |
| SHA512 | d0ee804f80dbb6a6a9a5e6165829f840761526782933997b73e22fcda452be6a2b4025c51e22c7980d5a49b985d26b70a2d1f4e5d40f5863712103c1c50e67c7 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.9NHJf9/lmelglejhemejginpboagddgdfbepgmp_449_all_ZZ_gyquc4lvsd3lincjw6kblirobq.crx3
| MD5 | 556134b3869539491e28c6eecb84cbe4 |
| SHA1 | 19e9ebc5a6778a01dd75fad5738a20ecfeca08ab |
| SHA256 | 3e6a99367b6b37be5ad828dac3f4612241ac241264ca3955b108ff8b9333b5d3 |
| SHA512 | c2cf30bef68fb6077dd30f7c66afac49a7efabc39330c5c33f7c29a5abdbfa5c2253d94a506168de95aaea7b9df7b28cc6854626347a5991b159b59b7e8811f7 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.uQELW1/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.RwvnAP/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.jT7NBB/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.05.29.00_all_ad636qw3xvmwpayulzffifzo4djq.crx3
| MD5 | 3b6170d9155907f6642ef55a08aa5206 |
| SHA1 | 582efa86bf87ebfd1970c90b04879c95aee1ad63 |
| SHA256 | e73a7fe8092191e16e2807ea7f48e54261b783aa2525152082ca6a0d59274dbd |
| SHA512 | a0f899d31e9b0e7412f83d4cac37e877065e4f848d827f522f4ef352cf3c618e3f1aacbd3a301e23447a292f718a05d7ff491cbb6edfa3871ae51b62415f5f53 |