Analysis Overview
score
8/10
SHA256
b6dcf2a38cec43f07050e35bbfddcdfb7f849ac511263045f0dd05fd2dca7808
Threat Level: Likely malicious
The file SpyNote3.2.zip was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Modifies file permissions
Executes dropped EXE
Registers COM server for autorun
Loads dropped DLL
Installs/modifies Browser Helper Object
Enumerates connected drives
Blocklisted process makes network request
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies registry class
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:25
Reported
2024-06-03 09:46
Platform
win7-20240221-en
Max time kernel
2238s
Max time network
2661s
Command Line
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SpyNote3.2.zip
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0167-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0174-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0262-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0091-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0350-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0363-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0216-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0272-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0347-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0177-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0386-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0204-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0273-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0003-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0212-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0040-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0133-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0110-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0247-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0370-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0055-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0142-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0347-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0380-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0173-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0261-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0225-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0188-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0167-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0311-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0399-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0090-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0111-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0076-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0261-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0215-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0323-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0381-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0097-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0379-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0397-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0055-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0053-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0200-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0272-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0333-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0309-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre-1.8\bin\server\classes.jsa | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\jce.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jfr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\dom.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\fxplugins.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\lcms.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\j2gss.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\asm.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\accessibility.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\java8path_target_260669761\javaw.exe | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Oracle\Java\javatmp\javaws.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\jfr.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\awt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\t2k.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\management.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\zip.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\glass.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI7263.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICCC7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969d6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6ED3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FCF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI73BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f8969d1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f8969d4.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E36.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f8969ce.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI741B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF36E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6F51.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI704D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI70CA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969d1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF11B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF33E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f8969cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7167.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI71E5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969ce.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969d0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI733E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f8969d4.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0205-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_205" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0058-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0211-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0414-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0085-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0157-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_157" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0163-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0155-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_257" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0043-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0106-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_106" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0072-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0228-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0232-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_232" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0190-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0058-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0142-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_142" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0220-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0151-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_151" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0195-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0045-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_45" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0182-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0117-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_117" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0310-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0156-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0374-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0054-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0222-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_131" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0178-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_178" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0179-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0067-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_67" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0333-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0093-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0186-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0013-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0097-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0059-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0090-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0180-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0339-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0061-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0061-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0361-ABCDEFFEDCBC} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0286-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0311-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_311" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0238-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0323-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0275-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0336-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0154-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0374-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0344-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0402-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_21" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0091-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\JavaPlugin.114112\CLSID\ = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0217-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0144-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0148-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0368-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_71" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0151-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0397-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_15" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0238-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0264-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0393-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0247-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0272-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0207-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0242-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0304-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0308-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0361-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0351-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0365-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0123-ABCDEFFEDCBA} | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0376-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_376" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0383-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_383" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0060-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0390-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_390" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_39" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0341-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0315-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_315" | C:\Program Files\Java\jre-1.8\installer.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\SpyNote3.2\SpyNote.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SpyNote3.2.zip
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x594
C:\Users\Admin\Desktop\SpyNote3.2\SpyNote.exe
"C:\Users\Admin\Desktop\SpyNote3.2\SpyNote.exe"
C:\Windows\system32\cmd.exe
"cmd.exe"
C:\Windows\system32\java.exe
java -version
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\SpyNote3.2\c2NyZWFt.jar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SpyNote3.2\A-Emportant.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b89758,0x7fef5b89768,0x7fef5b89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3684 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2412 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3908 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2272 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4156 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4256 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1224,i,7518953476361540850,7219321929480922410,131072 /prefetch:8
C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u411-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds260656002.tmp\jre-8u411-windows-x64.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 33819FBA6ECFC222F15FBBAAC124E981
C:\Program Files\Java\jre-1.8\installer.exe
"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={77924AE4-039E-4CA4-87B4-2F64180411F0}
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 3157F8FC008951D0344EDBA429C4240E M Global\MSI0000
C:\Program Files\Java\jre-1.8\bin\javaw.exe
-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
C:\Program Files\Java\jre-1.8\bin\javaw.exe
-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 994EC0A8ADA52651D0FD27461B2EF5A4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C07215C03C53997D85907686DCA87152 M Global\MSI0000
C:\Users\Admin\Desktop\SpyNote3.2\SpyNote.exe
"C:\Users\Admin\Desktop\SpyNote3.2\SpyNote.exe"
C:\Windows\system32\cmd.exe
"cmd.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\java8path\java.exe
java -version
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\SpyNote3.2\c2NyZWFt.jar"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\SpyNote3.2\bWFlcmNz.jar"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5b4
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Admin\victims_folder\nu.inf
C:\Admin\Builder\aapt.exe
"C:\Admin\Builder\aapt.exe"
C:\Admin\Builder\aapt.exe
"C:\Admin\Builder\aapt.exe"
C:\Windows\system32\cmd.exe
cmd /c ""C:\Admin\Builder\apktool.bat" "
C:\Program Files (x86)\Common Files\Oracle\Java\java8path\java.exe
java -jar "C:\Admin\Builder\\apktool.jar"
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Admin\Builder\\apktool.jar
C:\Windows\system32\cmd.exe
cmd /c ""C:\Admin\Builder\apktool.bat" "
C:\Program Files (x86)\Common Files\Oracle\Java\java8path\java.exe
java -jar "C:\Admin\Builder\\apktool.jar"
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Admin\Builder\\apktool.jar
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Admin\Builder\apktool.bat
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Admin\Builder\signapk.jar"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Admin\Builder\signapk.jar"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Admin\Java\icons\R.j
C:\Windows\System32\InfDefaultInstall.exe
"C:\Windows\System32\InfDefaultInstall.exe" "C:\Admin\victims_folder\nu.inf"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:2222 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.163:443 | www.java.com | tcp |
| NL | 23.62.61.163:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| GB | 104.103.246.175:443 | static.ocecdn.oraclecloud.com | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| US | 8.8.8.8:53 | c.oracleinfinity.io | udp |
| US | 8.8.8.8:53 | dc.oracleinfinity.io | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| NL | 23.62.61.146:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| BE | 23.55.97.240:443 | www.oracle.com | tcp |
| NL | 23.62.61.146:443 | c.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| DK | 18.173.5.45:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| IE | 54.73.32.110:443 | dpm.demdex.net | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| DK | 18.173.5.45:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| DK | 143.204.237.8:443 | consent-pref.trustarc.com | tcp |
| US | 8.8.8.8:53 | oracle.sc.omtrdc.net | udp |
| IE | 66.235.152.221:443 | oracle.sc.omtrdc.net | tcp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| DK | 18.173.5.76:443 | consent-st.trustarc.com | tcp |
| IE | 54.73.32.110:443 | dpm.demdex.net | tcp |
| IE | 66.235.152.221:443 | oracle.sc.omtrdc.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 2.21.16.148:443 | c.go-mpulse.net | tcp |
| IE | 54.73.32.110:443 | dpm.demdex.net | tcp |
| IE | 66.235.152.221:443 | oracle.sc.omtrdc.net | tcp |
| US | 8.8.8.8:53 | 684dd32b.akstat.io | udp |
| US | 8.8.8.8:53 | x5s5cjyxhy62gzs5rnqa-f-02a6f6974-clientnsv4-s.akamaihd.net | udp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| IE | 66.235.152.221:443 | oracle.sc.omtrdc.net | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl.oracle.com | tcp |
| GB | 104.103.251.196:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| SE | 23.72.244.83:443 | sdlc-esd.oracle.com | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 104.103.251.196:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| GB | 104.103.251.196:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 23.62.61.137:443 | www.java.com | tcp |
| US | 8.8.8.8:53 | sjremetrics.java.com | udp |
| IE | 66.235.152.221:443 | sjremetrics.java.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| N/A | 127.0.0.1:2222 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| BE | 23.55.96.141:443 | c.go-mpulse.net | udp |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp | |
| N/A | 127.0.0.1:58392 | tcp |
Files
memory/2324-0-0x000007FEF4553000-0x000007FEF4554000-memory.dmp
memory/2324-1-0x00000000013C0000-0x0000000001D60000-memory.dmp
memory/1416-48-0x0000000000340000-0x0000000000341000-memory.dmp
memory/3036-49-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/3036-50-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\SP\SpyNote.exe_Url_bau0wgzr4mhgseis2zcifzbiesltp0ll\3.2.0.0\user.config
| MD5 | 2839c80383543ba7d554173ca62b6f04 |
| SHA1 | 26e8f47220869ccb35ed0c0c5a22a080ddad87ee |
| SHA256 | d02122039c97c5275ae30260b127959da0e2a06c93ee89f8a8083584a7d1290f |
| SHA512 | c619e7d81ae6a61a4bf6adcf634f0649d9b0caffd4299d41c08c5f7321979fdc4bf4a69f714dd85b3cfde427e1644af52e6d287a1e083f7678218d398cd93029 |
C:\Users\Admin\AppData\Local\SP\SpyNote.exe_Url_bau0wgzr4mhgseis2zcifzbiesltp0ll\3.2.0.0\user.config
| MD5 | 4e77ddd0c63115c383509c28f0987018 |
| SHA1 | 3a320bb8ec586bc337720506e8f37581e4ab25ed |
| SHA256 | 9335db5a2b34e0e7f2a988b30db6804bebc4002d90b245312a621aaa3172815e |
| SHA512 | 2a30b341a63d64f1a041a49fed95712e8999f52404b5a67b0fed79e695f5567820770643edb0fe1f641180665fc8ff262c383b18f7ab3a3e6c78e4e32ae78ef7 |
memory/2324-75-0x000007FEF4553000-0x000007FEF4554000-memory.dmp
memory/292-76-0x0000000000130000-0x0000000000131000-memory.dmp
memory/292-78-0x0000000000130000-0x0000000000131000-memory.dmp
\??\pipe\crashpad_1604_KIUJXHNTSGAFCISE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF030.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea104059b40346fd0915dcc9ec6991f |
| SHA1 | e6a9ee2194c22958fb9dd825e00035b8058e6afc |
| SHA256 | 980da56b5fbe983318104d5dfdf645dfb5abb15e459d596780440893e3e158c9 |
| SHA512 | 46b850a50309c032ff8105f15d4b60f1fa1bd67580c46ab07bf2bec16c8f517fd7b07acb16885d07604142a1d9909e8cf22b8dfb703a5b8e72a7dde0c015d3b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc20b9511d68ae5007f59f2ee9c6eb02 |
| SHA1 | ff92d3d533eb89dfa318ccd5582cc343505ff5ba |
| SHA256 | e1819310196168a98853d5c465c84468b6ad2464e359df683c9b261ec34d3c78 |
| SHA512 | 6763d14bcaf45d9c392ca8959ab37ae411a523790dce419f1cf57f5f909f0f459931eccd946667cc36d3d02d3d16d9c1ac3b3efeb0fc5195dd7c15e732c4737e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 726696785846ea8f4154cfdb78fd7aca |
| SHA1 | f680f60160fe9b1ed81cd4c101a0f9c3206e435d |
| SHA256 | 12ea5008e45ce16510d1d0f617b7a66a6f347dfc7a9f7ea2e5b4717cb8923874 |
| SHA512 | 6c1c77e633eabe4dbca3eaa757b3bca864a23fb875bda447504c2efb9dcb355775a3ee9b7c6303b0cb981bdac711e7e8190335f692964d126748e5567a3d8d30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c49ce41a35bfea15f83bff6cd018b8 |
| SHA1 | b64c1ac8f06fdb55a4641db4c8a8ddd237980e02 |
| SHA256 | 5cb48a88affadedda97c2c6accd899b375e6b5861940e8e52e064fe5951dffc6 |
| SHA512 | 41b81aaa7c70059eb460e190d4d39eba4bbb567f567251c3e1a13367c39aafbc211186dc4fc900ad3bdc33db05981a19079fd8ed2210761641ad0cdd1c97f77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 943bd2875eacc62125c71be963c64262 |
| SHA1 | bf50720cb49b194b0f4b50fee606ce57ea528ae1 |
| SHA256 | f4942264a7c499033d0f9e4603e4caac94b2147af82202e52fee6bad71996cc2 |
| SHA512 | af0284af08faa233fe15850fe13ba4d4c3b7298ad5e91489e746953ca5c7470c0600b74498329e62750526b730afc725068501e4790361dd49b2250d2f947cb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0acd09ed5a5681ab7e823f7fe0bbdfd6 |
| SHA1 | 1df61ca7c2b0a009262fce78e3a820343bc1f13b |
| SHA256 | 83af4e6406d4f86b27a412190812847366a84c5be1e286662c5280f84afab2af |
| SHA512 | 6397258c00906f3c81b09986fe611e45ab2554accedc746036f2ec778eb505b946fd4529faeccd6c5d442d458c8673dda2bc77a525da5103bd6857e7a98353de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c22c298e070d485280f9e41e8afe9c75 |
| SHA1 | 16a9ac71e321c1263ebccdb34718c1068126df59 |
| SHA256 | ebf9210af8a825bd32766ac6bac29e8d18321609fc339a1eff7516cdd47614a8 |
| SHA512 | 67a0ae1a89cebc8624857ddcc8c3bdc09c15f52a2dc2ad6d1a3a86b6419419da7b61e8db25dc14e32499e8e9374e5c774166fb0d3939d7caa028ff9cec800eb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00781dd3653178ca9a64161b7fa16ada |
| SHA1 | 89c624b997f52228afcf902ee5f770df49f13909 |
| SHA256 | e0c0c76257b48ddab38fe71a4a18fe18e8358a62dbc06728136bd48a69f0a20f |
| SHA512 | c7efec6d2b559beb545d0b4a6b473c5f9dc15e463b1d1a5d94a54a01221469cc94db5274ccfaafca60e39481a703e18ecbe53046e11098e527cc362adaf3ee0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3229d50f30dffd63bdf6383f7fe6e61b |
| SHA1 | 258ac28252315be53ff730a205af21f9316aff1a |
| SHA256 | 6ea00fc649613520719ac8c54bdb40cf37df106525a5f9a6294c5bae10e8468c |
| SHA512 | bff6002b30d0623eb2948ba78e39a11eecfcedd795685672bf6e67b1a68a1da2743ede9c7b3cc1bba1e07bb9d6d0e85453f5a531521870aa260ace824ab9fd9c |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 9fc528fd7598559c971b77a3c6ebc468 |
| SHA1 | 55353ca1718f3fefc91052a84bd40b5957caf56c |
| SHA256 | 7c8ab7f5b70e9f2849e1813453c2723f8d192a8d4a79de12e4f7a90ed6efc406 |
| SHA512 | 9ca24dd8c9e2be78c5df8d4ce0cffb6004baed2644ac9f2fe510f261e3d321cc3bb37c0e170fa36e22c0f0db42c8c9025442a8d21df94a7efba7f95328cf2314 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 1d08bd98e6f86867cb476576e8e05a91 |
| SHA1 | a03e3be4eec1d7c743b24c5762532b2d657cc431 |
| SHA256 | 84aaa978dddd31c32d060e9ef9a4ef964ea6512b59d6f5c2f8a65240a1997aef |
| SHA512 | 3c848845e2fc0093e4ef0fd4b38f11276bd353e480200fcfd34ac7847ae241da4027b62264852907f8d453524304e24da53f87c3d826b13a5fea01c260fb0a25 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 78e2948d1c756cf77dc18900f9b343c4 |
| SHA1 | 7a24ac51e3f23a1df8ef67559a63c238fef45af1 |
| SHA256 | 4e1a026a8e034f7bc46e1c93482afffcd68e116e19c4ab1d1e96385f2e8ae2a1 |
| SHA512 | e2160cf398508ab0761f2f854de00d355ac1b82d6234fe0105a042620343e0e99fbc3827e2eff2157fcf9e89813921d90a63095ce000e093dad530455f648925 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afad5499a5b5b85a351b0e86d6e349d3 |
| SHA1 | 0f1af6dce802a019979e18e53860931b41574e4a |
| SHA256 | ed50ae5a82e2a23d7b91a22442504a947545a030f54fa40ca30f38773abe3ba7 |
| SHA512 | 8b024122661b4fe6e4b2a897684894a47433940c191a5e19fa73882bc3140f652f01cc5b4564dd01c5934790578fe2362d10bfb8ce370c61b1d3fe53b5e246d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf14fe68014ce735b0b2340ac5d39682 |
| SHA1 | eda896e3e9ad7342401a3d69df3c9dfb588d9562 |
| SHA256 | 5ce453bf360bdaecdb265ac34a38b4fe64c71d245d20081856f7817ea6464492 |
| SHA512 | 85872f8b048153b7f456c02533b1a5eb4b41701c3922da1ceb010e29638a40196d3e95f7c55c58aed80c70ee69ea4591c9c96858e8b7a26d24f828ceb1c0770f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aba511c762c40caa6a3174ef3b9951b3 |
| SHA1 | 2263f40c74a5d7574a1255ea30bda72d4a757512 |
| SHA256 | f3d41ac78771237e2266ceb52bb204cfb33ed388a77cb61329d1791ef8dabf77 |
| SHA512 | 482450f2e8723b0e643531b73ecd888bce964a754dc7021e7ff8fbdbfe2f010614214255b16f9cb8c06ef295a395415107f4dbcd55b877a521f5b0935c9916e8 |
C:\Windows\Installer\MSI6E36.tmp
| MD5 | 1b5e31057ba3666cc2a5dd9117ef7758 |
| SHA1 | 96707393a6ba7841190aee876c774524263b5205 |
| SHA256 | 2ed8f2150e57bef05350211d09198275f14b492ad8cdc8ae255a955acde90eea |
| SHA512 | 2d2cf65536656b8ce4deee5508415ab4cdbb854f16c27cff3e11113b41eb751ee7a850ec6b55e595da33830b1484d2ba686c8520e5cdd262790612f2595f9e45 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | eef7e8b7c657d1f17cf98c1afe019259 |
| SHA1 | 95e88ae9fa44fae54abe7bc314660a383f0a170a |
| SHA256 | 5d24f206c15618e92d8ddb25f28354cb6ee7801d656a6204447bf0b6c43bc3ac |
| SHA512 | 7cbf8e982e0ea9903f0b03c680c836d7233516f778656d9b3d98d8349727dea591a232086a77abb93deb7aef0511665d4158707987c35115cfcec60823b8ce23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c7f18f9c79eb8d644ab62e489080d490 |
| SHA1 | c177d5a64d826f94b810c88620dd879ce58e15f7 |
| SHA256 | 8c64a06aaeac2538d3d379aabd4e53ab52d41dde0b5aaf2b989180d31cac6315 |
| SHA512 | 5c77c0dfe8154d6e72b719a31297e401c4e3f55a83170ddc83816b7776600b7982357cdac5f3f487127b2a349d841e53ca6b85ef45b9a0dedebaa6c0e3b57369 |
\Program Files\Java\jre-1.8\installer.exe
| MD5 | 6bdda77f36c217dca3b728b0ce32465f |
| SHA1 | f7d7d3607000ce9df85913a99523aac537b1ea95 |
| SHA256 | ed2855145bd76ede7fe3a69ca2c78432ffce798c2b6e952a143d823e55dbed98 |
| SHA512 | 5294cfd41f72e5c05f8a241904c66ff8069a5c90e31fe5c562c4c08e6cd9c8336dffaad2f7c266ebb8129def2ac5b5175da0b4f93a6547aa24f17c4ab1b6453e |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 215dc74ba0d6ba387b034ee3bff2b9e2 |
| SHA1 | f08327d8769262f313241e5bc1fdfc6152d252fb |
| SHA256 | ed6f5b1214ea34ea220d06e3906edfe736221c5092f3a94dbb6b9d2bccd28d79 |
| SHA512 | 4eb274ee7d71d763be53434b39459f2e849001b6fac6db25d84e8b0204e5a91e5ecf492d08668c139f846b29733dbbfe4ed7bce9f5da7b10e4b422d04c752dc8 |
\Program Files\Java\jre-1.8\bin\java.dll
| MD5 | 5ea8a46debaa47a8c7a0c979dc96605d |
| SHA1 | d37f572050b167ed710ab346f9bcc2baa5d70917 |
| SHA256 | 67e64ec57e4304fd9c99a9e2aab4f145fa097c1e5239ea77dffb3064a6c793f1 |
| SHA512 | 8477be3667a4458ed1ac6ce2cdf1a463ad9a614350b13b0f176335e866baa995d965e84e4bab3828af2df1fe6864b0cab434b91b35065fe57bb85404fd1b5174 |
\Program Files\Java\jre-1.8\bin\javaw.exe
| MD5 | e03060aa547e479c45ba83a47a914270 |
| SHA1 | 8fbb0634a0ab4441abc9b86b06e112e485d9bb7f |
| SHA256 | 594e48b16b57f867ee19c230a1b49c4a480b11245f587699598ccc06bc841cd7 |
| SHA512 | d05524a8a21808796079e3ca4ddf63c07dfd60f8dc7e839e272e465283630920914cd12c150c2231957c85b92a1864588ab2580450d8c878997971a3a82ce734 |
memory/1792-1544-0x0000000000430000-0x0000000000431000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
| MD5 | 6684bd30905590fb5053b97bfce355bc |
| SHA1 | 41f6b2b3d719bc36743037ae2896c3d5674e8af7 |
| SHA256 | aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20 |
| SHA512 | 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
| MD5 | 625bd85c8b8661c2d42626fc892ee663 |
| SHA1 | 86c29abb8b229f2d982df62119a23976a15996d9 |
| SHA256 | 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a |
| SHA512 | 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk
| MD5 | b5e1de7d05841796c6d96dfe5b8b338c |
| SHA1 | c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547 |
| SHA256 | 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d |
| SHA512 | 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fea41769-9a7e-4ad6-8913-80ab14e65f3e.tmp
| MD5 | 668cf25e799bf5dcd97a8935a1608303 |
| SHA1 | 2cecd6152ea56a447884b8ed130751dc1a4089a3 |
| SHA256 | 361fce148f67d4ca1b2cd64be63404e7f0c707ce67afb3ecec98425aee048a14 |
| SHA512 | 0aa979ea3830a8087d4dcdc2927ba5e9d690e5831e50223a188a49a4efc7fc4d2a31a7daa339a57d494398b30fe22122fca0c76b195aa88d81f320197939f721 |
memory/2496-1749-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2496-1764-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2496-1771-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2496-1782-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2496-1796-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2112-1806-0x0000000000140000-0x0000000000141000-memory.dmp
memory/2112-1819-0x0000000000140000-0x0000000000141000-memory.dmp
memory/2112-1822-0x0000000000140000-0x0000000000141000-memory.dmp
memory/2112-1846-0x0000000000140000-0x0000000000141000-memory.dmp
C:\Config.Msi\f8969cf.rbs
| MD5 | cb9f2ebdccf2c382aca7f1458a925a77 |
| SHA1 | ec3334bdaaea38b72c4fd1d30d63f7a04b1f6f2b |
| SHA256 | e49241b567dbe1c1a0c99b6e67268f579ea3f9735da4a444ea87344ca06348e8 |
| SHA512 | 5175785315d2c528405027ea2a73624f8f658a455b06b08cb7562c5dd7aa9605a572dec5c95a13d3dddeaeb5dd6042a09f95472db12e6763cc09fc74d05f9656 |
memory/1984-1912-0x000007FFFFF70000-0x000007FFFFF80000-memory.dmp
memory/568-2025-0x0000000000330000-0x0000000000331000-memory.dmp
memory/692-2038-0x0000000000330000-0x0000000000331000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\runtime[1]
| MD5 | 0935b5761ecd6784de439e80ba9cd9c8 |
| SHA1 | e4e563094abbb9411439e598a2cf50746bbc99ab |
| SHA256 | f68d13e9dfb62943ae7ba8c6ee8ba4453d611d6448440f4377a8dca35ab9fa3e |
| SHA512 | b1e513cb442be4ccd3666f6ea6130a77bccf79176d4d2f56366d74220fc1b041aceab56570595b209375f5d7bcfb965a15a50c600228951f4b7d572d0ad90f47 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\host[1]
| MD5 | a752a4469ac0d91dd2cb1b766ba157de |
| SHA1 | 724ae6b6d6063306cc53b6ad07be6f88eaffbab3 |
| SHA256 | 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3 |
| SHA512 | abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\l10n[1]
| MD5 | 1fd5111b757493a27e697d57b351bb56 |
| SHA1 | 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711 |
| SHA256 | 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f |
| SHA512 | 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\layout[1]
| MD5 | cc86b13a186fa96dfc6480a8024d2275 |
| SHA1 | d892a7f06dc12a0f2996cc094e0730fe14caf51a |
| SHA256 | fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058 |
| SHA512 | 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\rtutils[1]
| MD5 | c0a4cebb2c15be8262bf11de37606e07 |
| SHA1 | cafc2ccb797df31eecd3ae7abd396567de8e736d |
| SHA256 | 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1 |
| SHA512 | cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\common[1]
| MD5 | f5bb484d82e7842a602337e34d11a8f6 |
| SHA1 | 09ea1dee4b7c969771e97991c8f5826de637716f |
| SHA256 | 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a |
| SHA512 | a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\masthead_fill[1]
| MD5 | 91a7b390315635f033459904671c196d |
| SHA1 | b996e96492a01e1b26eb62c17212e19f22b865f3 |
| SHA256 | 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00 |
| SHA512 | b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\masthead_left[1]
| MD5 | b663555027df2f807752987f002e52e7 |
| SHA1 | aef83d89f9c712a1cbf6f1cd98869822b73d08a6 |
| SHA256 | 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879 |
| SHA512 | b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451 |
C:\Windows\Installer\f8969d1.msi
| MD5 | cccd2ea5e7d0865ce06c86e91304cb2f |
| SHA1 | 75e3026d4acc6513f6f629e497799612d59b3793 |
| SHA256 | 4e26be8c53409ac2e5ca87b78a3ac458ffd4a31047bfa4bfac8f61608a82c7c5 |
| SHA512 | a86ceb4db4b36d2d0e5ff3f99b50c133207226e005be68cc5620c7baa9bd1a4e2bd1fa67192e74d8ab387b0e139497117220c19711aa5127f45b51b8ff1fab38 |
C:\Config.Msi\f8969d5.rbs
| MD5 | 0ede0874a8408b6a9c075a968a7f3154 |
| SHA1 | 6c52ea77d60d1c48927ab7abeb76d55138b81a7d |
| SHA256 | 9ebe4b79c53024c1a059cfa16e015231fb0a49d23975239239f78421434403ca |
| SHA512 | 8491e5ae9a249263fb8ade2695efa17f918a1eeb1440f0cd6625567f5d42ecc11651a393ac6fa7521466f6de2d4036cb3f8d7a53e16271549505b7d064e24f4c |
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | 77209921406b83a3fbf6447b3204ca19 |
| SHA1 | 2398b9f88bb86749eaaf80d2e3cae0e99cb6aae0 |
| SHA256 | 4b1831c558a1bd72d231669d1e242c6cd83347ae4a0f5f5599496e82d0868a7b |
| SHA512 | d41b7dd19fa62111624017d6b65c9b0c711051cb86e7bad4af72fc1951c448decf5fa7669db1452eadb1e3144119101d1af8a7e35bbce8d71987aecddc31b23d |
memory/1012-2166-0x0000000000350000-0x0000000000351000-memory.dmp
memory/2252-2204-0x0000000000340000-0x0000000000341000-memory.dmp
memory/1884-2208-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2252-2209-0x0000000000340000-0x0000000000341000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9c4c998153d45a3ce2f2eb1ad7bf7657 |
| SHA1 | e1c3635efc2e03dc06c312d1ae43f67c3e921065 |
| SHA256 | b53a817470f8e0a611863dc90a2fc95f67e9a2cddeb4fec5360cdea31b4fe15d |
| SHA512 | 7a31ef7dfce573eec8a65ad6eb04dcc8890c4051adc0e8fd5ed01e6ef2cfd210024823f1ff50ebc7bd09fda04e69985b9b84f77dce330a689ceff38b08169165 |
memory/3040-2221-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/2928-2222-0x0000000000400000-0x00000000004D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
| MD5 | 048d3bf1e82e28eb1e742aae0239b6d6 |
| SHA1 | a838f08c8d5de9d75b287bbfc843a824c4470c69 |
| SHA256 | 46fe128f95dc5a6a45201e701243a067ca167da6f9b1faa35682332c5cc3172e |
| SHA512 | 88d5d46417cc08248ab6d9c341ba7efb7014e1476d83c3455c561c2bf9b9a9ae8d5eab05fc6204f57828f081c0342df7869a2ed16320cc196c1b6634ccb4695f |
memory/2376-2251-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2504-2281-0x0000000000350000-0x0000000000351000-memory.dmp
memory/2580-2293-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2160-2303-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/2160-2300-0x0000000054910000-0x0000000054A10000-memory.dmp
memory/2160-2299-0x00000000547F0000-0x00000000548F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 172f52650a48cfec60df1a338699f956 |
| SHA1 | 6eabaf7375cd101ca82998cbefe4a13f85ba121d |
| SHA256 | f03cdba0f553f82611d685ebfa8b45427ebf5bf4fd8603d752bfda287e0c5cca |
| SHA512 | e0edacec000b12439c3fba84638266208bb386a6e68fc132725bd5be85709b64243514bff5734e52e419c548562601895683e64d97dc12dd08602a26fc473de9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8d931e1ffc66b6749466c46f0cc8d877 |
| SHA1 | 5bf04fd3b4e29a536759946cc05cdf2db27766c5 |
| SHA256 | 08a5a8dc150f8a63cfb474f7ef3b12b1115d4e607a94ac22570b9fd8f9d45f73 |
| SHA512 | 3e65f3add753384c14efc779682a51e78078f7aef574776810d82b4c969ee715b96630c549fa8928d383e6662233583c34f0b44874bfb6f9c2649f3c0c5f4cf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 14a7da79a96e66fde9ec7ba259fea7dd |
| SHA1 | bf46da26b1909dc24ea965cd0d8090d61ebd06e5 |
| SHA256 | abe106e94abe6ff3887ac2cd33b38f8dd8cace119f4b90622c3d5801f6385e20 |
| SHA512 | 774592dc84773604b96c28c72bb42e81441de9f6fbb0a8b3efdcbb3507b54733230c685d2b7cccc453dada50971144ee55f1dd8d4ea1864c614145a9b30305fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9339c068cc8e3167362b98495a03b711 |
| SHA1 | e502124adc8641ae4d79290a2f1ec17a6adac2db |
| SHA256 | 65a7010260125624b2d4316e2dc4290976f0dfafba08a366fc3d6b3e97a98dc7 |
| SHA512 | b26fa706d6810f935b6c07cded66ff821f097eeb849872bcf45af3c223adb22b9db90b3b1a16999f3bde5c77970321648cfa9951b0bc4845b7f9f6c8c9b04e23 |