MD5: 681abfdb247b295ec1ac593db13cb5f6
SHA1: 26ea411c346f30143d2bd9c824ed765462ee52d5
SHA256: 00921c8e0faa408b303bd5d17d777115c4f84b3e319b4421f904f00d418868e6
SSDeep: 49152:swWgbORbl2XLlNqPIYPcG9zn4SLDDQ4J2RCXcl:gRbWLlsPjTnfxYYsl
Size: 2686814 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2017-06-01 18:59:45
Analyzed on: Windows7 SP1 32-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

No specific payload has been found.

Process activity

The Worm creates the following process(es):

filename.exe:2824
filename.exe:312
filename.exe:3172
xcopy.exe:2432
javaw.exe:3740
rundll32.exe:2628
WWWire.exe:1588
Host.exe:3896
%original file name%.exe:452

The Worm injects its code into the following process(es):

IM000.exe:1600
filename.exe:3736
javaw.exe:632
java.exe:2232
java.exe:1604

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process IM000.exe:1600 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Imminent\Logs\28-06-2017 (162 bytes)

The process filename.exe:2824 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JBDOC.jar (484 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWWire.exe (176 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IM000.exe (704 bytes)

The process filename.exe:3736 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PIGPIK.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Skyp\DQARUY.exe (18394 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\bafrjeu (3193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\checkip[1].htm (6513 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut2D95.tmp (1825 bytes)

The Worm deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\bafrjeu (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut2D95.tmp (0 bytes)

The process xcopy.exe:2432 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yekaterinburg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ioser12.dll (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\rt.jar (336534 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tbilisi (469 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Detroit (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\Welcome.html (994 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\CST6 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\instrument.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Kerguelen (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Kentucky\Louisville (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\El_Salvador (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Resolute (529 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Tunis (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Denver (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\UCT (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Bermuda (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tortola (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Funafuti (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Windhoek (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dushanbe (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aden (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aqtau (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Mawson (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmiregistry.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Freetown (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Tripoli (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpinscp.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cayenne (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\net.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\dnsns.jar (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\management.dll (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Midway (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\McMurdo (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveNoDrop32x32.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\kinit.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Noronha (377 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ulaanbaatar (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Tell_City (884 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Luxembourg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Rome (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Winnipeg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Canary (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Casey (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Stockholm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\psfontj2d.properties (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\psfont.properties.ja (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Makassar (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Lindeman (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\jvm.dll (18248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tijuana (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Accra (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Urumqi (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuching (217 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_fr.rtf (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Belize (513 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Puerto_Rico (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Whitehorse (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Iqaluit (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Douala (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Anadyr (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Johnston (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\MST7MDT (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\task.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\EST5 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Godthab (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Nairobi (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\cacerts (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jqsnotify.exe (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\PST8PDT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\DumontDUrville (81 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guayaquil (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npjpi160_18.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ashgabat (269 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Toronto (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Dawson_Creek (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuala_Lumpur (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\fontmanager.dll (2105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jvm.hprof.txt (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 3 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\EST5EDT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\San_Luis (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santarem (305 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\servicetag\registration.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Grand_Turk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Scoresbysund (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_it.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montserrat (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Sakhalin (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\EST5EDT (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Johannesburg (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Palau (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Boa_Vista (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Darwin (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aqtobe (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\task64.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Managua (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 1 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Porto-Novo (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unicows.dll (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Azores (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Melbourne (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_zh_CN.rtf (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\local_policy.jar (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome\content\overlay.xul (173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Faroe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Gambier (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dt_shmem.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Novokuznetsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Zaporozhye (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Maputo (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\MST7MDT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Amman (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\CET (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Baghdad (489 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\South_Georgia (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Macau (393 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bissau (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Saipan (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Vostok (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Vancouver (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Harbin (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Swift_Current (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\logging.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\El_Aaiun (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Lisbon (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Andorra (968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_de.rtf (39 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\EET (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Madrid (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dt_socket.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_it.rtf (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\jmxremote.access (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Noumea (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Baku (976 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montevideo (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Rothera (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santo_Domingo (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_zh_TW.rtf (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Barbados (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Mbabane (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-11 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kampala (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nome (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ceuta (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Stanley (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jkernel.dll (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2iexp.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Johns (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jerusalem (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Algiers (333 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages.properties (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\jqs.conf (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Port-au-Prince (345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Wallis (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tarawa (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Truk (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Reunion (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\java.security (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lagos (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jsse.jar (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\servertool.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\net.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jli.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkNoDrop32x32.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-8 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\im\thaiim.jar (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\j2pkcs11.dll (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nipigon (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Madeira (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Monrovia (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Sofia (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Istanbul (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Malta (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Yellowknife (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Nouakchott (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kolkata (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\lzma.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Rarotonga (285 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-1 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Uzhgorod (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Volgograd (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Panama (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santiago (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\North_Dakota\New_Salem (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\hpi.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-7 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Monterrey (788 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\AST4ADT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Samarkand (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Rangoon (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kathmandu (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_HK.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Campo_Grande (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\nio.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Dublin (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\MET (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kamchatka (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Regina (481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Buenos_Aires (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Boise (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\St_Helena (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpicom.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\hprof.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Monaco (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Singapore (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\classes.jsa (100416 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Galapagos (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Perth (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Chicago (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Manila (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Banjul (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\npdeploytk.dll (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Cairo (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Nauru (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\meta-index (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bangui (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Khartoum (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Yakutat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Harare (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Thimphu (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Brazzaville (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\CST6CDT (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\PYCC.pf (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Costa_Rica (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-12 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-13 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-10 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\regutils.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Abidjan (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-14 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jakarta (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\YST9YDT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.98.bfc (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-9 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tongatapu (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Fakaofo (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\GMT (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\deploy.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-2 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-3 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-4 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-5 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-6 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\WET (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Seoul (165 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bishkek (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ssvagent.exe (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Winamac (932 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_es.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\invalid32x32.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Curacao (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\AST4 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\YST9 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cuiaba (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vienna (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\audio\soundbank.gm (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\plugin.jar (11518 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javaws.exe (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lome (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Minsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\PST8PDT (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dubai (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Halifax (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Oslo (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guyana (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Thunder_Bay (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\snmp.acl.template (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Oral (461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java_crw_demo.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Djibouti (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Gaza (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Norfolk (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmid.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Casablanca (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Apia (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\splash.gif (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\msvcrt.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Marquesas (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Tucuman (565 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Indianapolis (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Thule (852 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_ja.rtf (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jawt.dll (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\im\indicim.jar (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Catamarca (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Simferopol (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Bogota (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ktab.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Sydney (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\MST (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Mogadishu (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Danmarkshavn (341 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Efate (233 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Juneau (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Paris (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Edmonton (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jce.jar (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Chihuahua (816 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npt.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Ponape (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2launcher.exe (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\tnameserv.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Brunei (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\deploytk.dll (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Honolulu (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\zip.dll (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\San_Juan (557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Dominica (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javaw.exe (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\awt.dll (7726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vilnius (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpioji.dll (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npoji610.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\localedata.jar (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Asuncion (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\New_York (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\US_export_policy.jar (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Brisbane (189 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\msvcr71.dll (2105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jdwp.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vaduz (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kigali (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Eucla (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\jmxremote.password.template (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Samara (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Mexico_City (880 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rainy_River (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\sRGB.pf (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\GRAY.pf (632 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy.jar (22350 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Currie (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\verify.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Omsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Easter (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Miquelon (928 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Chisinau (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Mazatlan (840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpiexp.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Qyzylorda (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Maceio (393 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\resources.jar (7547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Gaborone (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 11 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\MST7 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Cape_Verde (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ho_Chi_Minh (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\tzmappings (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\London (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Phoenix (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Malabo (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Muscat (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Vincennes (884 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Blanc-Sablon (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Kentucky\Monticello (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Grenada (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Dawson (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Knox (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\North_Dakota\Center (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java-rmi.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bangkok (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Lucia (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Los_Angeles (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Colombo (129 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\msvcr71.dll (2105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE.rtf (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\eula.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bujumbura (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Vincent (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Porto_Velho (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Warsaw (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Aruba (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Taipei (381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Eirunepe (321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Comoro (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kosrae (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Fiji (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unpack200.exe (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jbroker.exe (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\klist.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Maldives (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Hovd (437 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lusaka (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\wsdetect.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf (4545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Fortaleza (377 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Qatar (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Rio_Gallegos (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Merida (788 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\sound.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cayman (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Pitcairn (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tahiti (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javacpl.exe (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Lord_Howe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Paramaribo (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Sao_Paulo (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\calendars.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Sao_Tome (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unpack.dll (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bahrain (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Auckland (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Wake (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Tallinn (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ndjamena (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Kitts (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nassau (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh87 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\HST (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Copenhagen (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Thomas (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Ushuaia (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Damascus (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Conakry (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\La_Rioja (557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mauritius (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Asmara (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\CST6CDT (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bamako (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\cmm.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Brussels (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\pack200.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Prague (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\EST (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Guadalcanal (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpishare.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ssv.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Addis_Ababa (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\npjp2.dll (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jaas_nt.dll (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Inuvik (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\java.policy (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Helsinki (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kashgar (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\servicetag\jdk_header.png (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Beirut (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\content-types.properties (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\UTC (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jsoundds.dll (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\ZoneInfoMappings (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Palmer (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java.exe (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\mlib_image.dll (4185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Novosibirsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpeg.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Salta (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Riga (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Davis (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2ssv.dll (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Chagos (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ouagadougou (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Adelaide (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Adak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Krasnoyarsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rankin_Inlet (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\meta-index (521 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Reykjavik (577 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\splashscreen.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\axbridge.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\COPYRIGHT (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Amsterdam (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Manaus (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Budapest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management-agent.jar (382 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Hobart (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\policytool.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Recife (377 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\i386\jvm.cfg (671 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Vevay (724 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh88 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh89 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Christmas (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Berlin (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Mendoza (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Chatham (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif (165 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Niamey (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kabul (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuwait (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Martinique (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\HST10 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Antananarivo (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Choibalsan (449 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Almaty (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Atikokan (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\La_Paz (81 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mayotte (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Nicosia (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\flavormap.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Cocos (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jqs.exe (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rio_Branco (305 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Magadan (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Petersburg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 6 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 7 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 4 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 5 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 8 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 9 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome\content\overlay.js (779 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmi.dll (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Luanda (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\blacklist (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kiritimati (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montreal (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Jujuy (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Dar_es_Salaam (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jsound.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Marengo (900 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Anguilla (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\javaws.policy (132 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Caracas (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Tirane (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Belem (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Guam (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\keytool.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Belgrade (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Anchorage (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2native.dll (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Jamaica (233 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_sv.rtf (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tehran (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Hermosillo (189 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Broken_Hill (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Chongqing (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Blantyre (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Havana (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npdeploytk.dll (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\JdbcOdbc.dll (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Kiev (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Niue (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Kaliningrad (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 2 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Maseru (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yerevan (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guadeloupe (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.98.properties.src (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Pago_Pago (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\README.txt (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\sunmscapi.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Pontianak (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\PST8 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_de.properties (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kwajalein (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Irkutsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Moscow (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf (2105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mahe (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Libreville (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Lima (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Menominee (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Moncton (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Port_Moresby (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Shanghai (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dcpr.dll (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Pyongyang (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_es.rtf (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lubumbashi (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Bahia (537 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\javaws.jar (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Port_of_Spain (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\Xusage.txt (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tokyo (125 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Enderbury (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Dakar (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tashkent (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jayapura (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Goose_Bay (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.bfc (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Phnom_Penh (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guatemala (137 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Syowa (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Karachi (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\j2pcsc.dll (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Cordoba (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Gibraltar (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Bucharest (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kinshasa (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Pangnirtung (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\classlist (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\charsets.jar (49738 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dhaka (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\install.rdf (678 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_ko.rtf (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Vientiane (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Athens (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Araguaina (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yakutsk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cambridge_Bay (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome.manifest (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Zurich (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tegucigalpa (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Glace_Bay (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ie\jqs_plugin.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cancun (792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Vladivostok (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\orbd.exe (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Majuro (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\jqsmessages.properties (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 10 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.properties.src (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 12 (27 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\management.properties (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Antigua (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dili (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Hong_Kong (633 bytes)

The process javaw.exe:632 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Windows\System32\test.txt (444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive74950821466890621.vbs (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_0.77481841979807037573843867793656786.class (15556 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8641493318753779784.vbs (281 bytes)

The Worm deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive74950821466890621.vbs (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8641493318753779784.vbs (0 bytes)

The process javaw.exe:3740 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1521017512093565183.vbs (276 bytes)
C:\Users\"%CurrentUserName%"\iiXFopcraqb\ID.txt (47 bytes)
C:\Users\"%CurrentUserName%"\iiXFopcraqb\DPlstrLIlai.HdCHnB (62276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_0.59808831145033968918342488066739143.class (15556 bytes)
C:\Windows\System32\test.txt (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\hsperfdata_adm\3740 (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive2273817788890281081.vbs (281 bytes)

The Worm deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1521017512093565183.vbs (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive2273817788890281081.vbs (0 bytes)

The process java.exe:2232 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Windows\System32\test.txt (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1325321892352841394.vbs (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive746698577194291849.vbs (281 bytes)

The Worm deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1325321892352841394.vbs (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive746698577194291849.vbs (0 bytes)

The process java.exe:1604 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Windows\System32\test.txt (189 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8883878510582690503.vbs (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive3542936377548491937.vbs (281 bytes)
C:\Users\"%CurrentUserName%"\fUTkALeaTxM\ID.txt (47 bytes)

The Worm deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8883878510582690503.vbs (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive3542936377548491937.vbs (0 bytes)

The process rundll32.exe:2628 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L3X27RQ8\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZWQQ3VB\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O9AZQ7J0\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VWBAK08C\desktop.ini (67 bytes)

The process WWWire.exe:1588 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\Host.exe (2210 bytes)

The process Host.exe:3896 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\.Identifier (68 bytes)

The process %original file name%.exe:452 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe (18394 bytes)

Registry activity

The process filename.exe:2824 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process filename.exe:312 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

The process filename.exe:3172 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"

The process filename.exe:3736 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\filename_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\filename_RASMANCS]
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\filename_RASAPI32]
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\filename_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process Host.exe:3896 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{T0Y0L2P1-S810-SD62-D3U2-G3M0436KUJ70}]
"StubPath" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\Host.exe"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"NetWire" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\Host.exe"

The process %original file name%.exe:452 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 0.0.0.0
Legal Copyright:
Legal Trademarks:
Original Filename: DOC.exe
Internal Name: DOC.exe
File Version: 0.0.0.0
File Description:
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://ip-score.com/checkip/	95.211.125.236

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET POLICY External IP Lookup ip-score.com

Traffic

GET /checkip/ HTTP/1.1

User-Agent: AutoIt

Host: ip-score.com

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 27 Jun 2017 23:35:13 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.19
fc3.. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN
" "hXXp://VVV.w3.org/TR/html4/loose.dtd">..<HTML>..<HEAD&g
t;..<meta http-equiv="Content-Type" content="text/html; charset=UTF
-8">..<title>194.242.96.218 Checking custom IP address locati
on, whois, time and blacklist. - FREE-194-242-96-218.pitline.net</t
itle>..<meta name="Description" content="Checking the IP address
 194.242.96.218 showed that the computer is located in the Ukraine in 
Kharkivs'ka Oblast', a city Kharkiv. The domain name assigned to this 
address: FREE-194-242-96-218.pitline.net" />..<meta name="Keywor
ds" content="" />..        <link rel="stylesheet" type="text/css
" href="hXXp://VVV.ip-score.com/css/style_v3.css" />..        <s
cript src="hXXp://VVV.ip-score.com/scripts/jquery.min.js"></scri
pt>..        <script src="hXXp://VVV.ip-score.com/scripts/jquery
-ui.min.js"></script> ..        ..        <script language
="JavaScript" src="hXXp://VVV.ip-score.com/scripts/bls_arr.js"><
/script>..<script language="JavaScript" src="hXXp://VVV.ip-score
.com/scripts/f_custom_v3.js"></script>..<script language="
JavaScript" src="hXXp://VVV.ip-score.com/scripts/jquery.simpletip-1.3.
1.pack.js"></script>.. <script language="JavaScript">..
    function get_client_ip() {..                return "194.242.96.218
";...            }.function MaxMind().{.  document.getElementById('Max
MindTab').className = 'SelectedTab';.  document.getElementById('IP
<<< skipped >>>

The Worm connects to the servers at the folowing location(s):

.text

0`.data

.idata

?u'<.uP

mgM

C:\Users\"%CurrentUserName%"\AppData\Roaming\Logs\

{T0Y0L2P1-S810-SD62-D3U2-G3M0436KUJ70}

%AppData%\Install\Host.exe

185.145.45.222:52493;

ping 192.0.2.2 -n 1 -w %d >nul 2>&1

DEL /s "%s" >nul 2>&1

start /b "" cmd /c del "%%~f0"&exit /b

%c%.8x%s

%s @ %s

%s\%s.exe

%s\%s.%s

%s\%s

%s*.*

"%/28;=#$019:>?

FCONNECT %s:%d HTTP/1.0

Host: %s:%d

%.2d/%.2d/%d %.2d:%.2d:%.2d

%s%s\

shell32.dll

SHFileOperationA

Time: %d

Time:  %d

hXXp://%s%s

GET %s HTTP/1.1

Host: %s

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

psapi.dll

kernel32.dll

%s\system32\cmd.exe

mozcrt19.dll

sqlite3.dll

nspr4.dll

plc4.dll

plds4.dll

nssutil3.dll

nss3.dll

softokn3.dll

SOFTWARE\Mozilla\%s\

SOFTWARE\Mozilla\%s\%s\Main

%s\msvcr100.dll

%s\msvcp100.dll

%s\msvcr120.dll

%s\msvcp120.dll

mozutils.dll

mozglue.dll

mozsqlite3.dll

%s\nss3.dll

Mozilla Firefox

%s\Mozilla\Firefox\profiles.ini

%s\Mozilla\Firefox\%s

Mozilla Thunderbird

%s\Thunderbird\profiles.ini

%s\Thunderbird\%s

%s\signons.sqlite

%s\logins.json

PK11_GetInternalKeySlot

sqlite3_open

sqlite3_close

sqlite3_prepare_v2

sqlite3_step

sqlite3_column_text

select * from moz_logins

encryptedPassword

%s\Opera\Opera\wand.dat

%s\Opera\Opera\profile\wand.dat

%s\.purple\accounts.xml

<password>

advapi32.dll

WindowsLive:name=*

POP3 Password

IMAP Password

HTTP User

HTTP Server

HTTP Password

SMTP User

SMTP Server

SMTP Password

%c%c%S

Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

%S:%S

abe2869f-9b47-4cd9-a358-c22904dba7f7

%s\*.*

index.dat

vaultcli.dll

%s:%s

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%s\Google\Chrome\User Data\Default\Login Data

%s\Chromium\User Data\Default\Login Data

%s\Opera Software\Opera Stable\Login Data

%s\%s.bat

%s /c "%s"

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

.Identifier

-m "%s"

SOFTWARE\Microsoft\Active Setup\Installed Components\%s

%d:%s%s;

%d:%I64u:%s%s;

%c%llu

6%s%.2d-%.2d-%.4d

[Log Started] - [%.2d/%.2d/%d %.2d:%.2d:%.2d]

[%s] - [%.2d/%.2d/%d %.2d:%.2d:%.2d]

[Ctrl %c]

user32.dll

Secur32.dll

0x%.8X (%d)

%c%.8x%s%s

%c%.8x%s\%s

iphlpapi.dll

GetExtendedTcpTable

GetExtendedUdpTable

%s:%u

%s:%d

%s (%s)

2017-06-27 23:35:02

&&&&6666????

""""****

2222::::

$$$$\\\\

00006666

####====

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegEnumKeyExA

RegOpenKeyExA

CreatePipe

PeekNamedPipe

EnumWindows

GetKeyNameTextA

GetKeyState

GetKeyboardState

MapVirtualKeyA

keybd_event

ADVAPI32.DLL

CRYPT32.DLL

GDI32.dll

KERNEL32.dll

msvcrt.dll

SHELL32.DLL

USER32.dll

WS2_32.dll

filename.exe_3736:

`.rsrc

s%j.Zf

8crtsu

:crts

crts

GetProcessWindowStation

operator

This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.

uxtheme.dll

kernel32.dll

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N{name}, \U, or \u

support for \P, \p, and \X has not been compiled

this version of PCRE is not compiled with PCRE_UCP support

ICMP.DLL

advapi32.dll

RegDeleteKeyExW

Error text not found (please report)

zcÁ

GetProcessHeap

CreatePipe

GetWindowsDirectoryW

GetCPInfo

RegDeleteKeyW

RegEnumKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

SetViewportOrgEx

ShellExecuteExW

SHFileOperationW

ShellExecuteW

RegisterHotKey

GetKeyboardLayoutNameW

ExitWindowsEx

EnumThreadWindows

GetAsyncKeyState

SetKeyboardState

GetKeyboardState

GetKeyState

VkKeyScanW

EnumWindows

EnumChildWindows

MapVirtualKeyW

CloseWindowStation

SetProcessWindowStation

OpenWindowStationW

UnregisterHotKey

keybd_event

InternetCrackUrlW

HttpQueryInfoW

HttpOpenRequestW

HttpSendRequestW

FtpOpenFileW

FtpGetFileSize

InternetOpenUrlW

.text

`.rdata

@.data

.rsrc

23$--%"!'

s.ak[

F%pÆ

`.rdn

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

COMDLG32.dll

GDI32.dll

MPR.dll

ole32.dll

OLEAUT32.dll

PSAPI.DLL

SHELL32.dll

USER32.dll

USERENV.dll

VERSION.dll

WININET.dll

WINMM.dll

WSOCK32.dll

mscoree.dll

nKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

>>>AUTOIT NO CMDEXECUTE<<<

CMDLINERAW

CMDLINE

/AutoIt3ExecuteLine

/AutoIt3ExecuteScript

%s (%d) : ==> %s.:

Line %d:

Line %d (File "%s"):

%s (%d) : ==> %s:

AutoIt script files (*.au3, *.a3x)

*.au3;*.a3x

All files (*.*)

#NoAutoIt3Execute

APPSKEY

04090000

%u.%u.%u.%u

0.0.0.0

Mddddd

%s (%d) : ==> %s:

UDPSTARTUP

UDPSHUTDOWN

UDPSEND

UDPRECV

UDPOPEN

UDPCLOSESOCKET

UDPBIND

TRAYGETMSG

TCPSTARTUP

TCPSHUTDOWN

TCPSEND

TCPRECV

TCPNAMETOIP

TCPLISTEN

TCPCONNECT

TCPCLOSESOCKET

TCPACCEPT

SHELLEXECUTEWAIT

SHELLEXECUTE

REGENUMKEY

MSGBOX

ISKEYWORD

HTTPSETUSERAGENT

HTTPSETPROXY

HOTKEYSET

GUIREGISTERMSG

GUIGETMSG

GUICTRLSENDMSG

GUICTRLRECVMSG

FTPSETPROXY

\??\%s

GUI_RUNDEFMSG

SendKeyDelay

SendKeyDownDelay

TCPTimeout

AUTOITCALLVARIABLE%d

255.255.255.255

Keyword

AutoIt.Error

Null Object assignment in FOR..IN loop

Incorrect Object type in FOR..IN loop

HOTKEYPRESSED

AUTOITEXE

WINDOWSDIR

3, 3, 8, 1

HKEY_LOCAL_MACHINE

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_USERS

%d/d/d

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe

bC:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe

AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.

Missing operator in expression."Unbalanced brackets in expression.

Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.

Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.

Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.

3This keyword cannot be used after a "Then" keyword.

>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.

HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.

String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

IM000.exe_1600_rwx_003E0000_0000B000:

%8XC=

€D=

%8xD=

n=

%8x~=

java.exe_1604:

.text

`.rdata

@.data

.rsrc

/Xusage.txt

-Djava.class.path=%s

Unable to locate JRE meeting specification "%s"

1.6.0_18-b07

JRE-Version = %s, JRE-Restrict-Search = %s Selected = %s

Syntax error in version specification "%s"

Invalid or corrupt jarfile %s

Unable to access jarfile %s

-Djava.awt.headless=

-Djava.awt.headless=true

option[-] = '%s'

ignoreUnrecognized is %s,

sun.jnu.encoding

isSupported

-Dsun.java.command=

-Dsun.java.launcher=SUN_STANDARD

A %c separated list of directories, JAR archives,

load Java programming language agent, see java.lang.instrument

The default VM is %s%s

is a synonym for the "%s" VM [deprecated]

to select the "%s" VM

Usage: %s [-options] class [args...]

(to execute a class)

or %s [-options] -jar jarfile [args...]

(to execute a jar file)

Can't open %s

Could not find the main class: %s. Program will exit.

Failed to load Main Class: %s

Could not find the main class: %s. Program will exit.

argv[-] = '%s'

Apps' argc is %d

Main-Class is '%s'

Warning: %s VM not supported; %s VM will be used

Error: %s VM not supported

Error: Unable to resolve VM alias %s

Error: Corrupt jvm.cfg file; cycle in alias list.

Default VM: %s

%s requires class path specification

%s full version "%s"

Warning: %s option is no longer supported.

-Xrunhprof:cpu=old,file=java.prof

-Xrunhprof:cpu=old,file=%s

%ld micro seconds to parse jvm.cfg

name: %s vmType: %s alias: %s

name: %s vmType: %s server_class: %s

jvm.cfg[%d] = ->%s<-

Warning: unknown VM type on line %d of `%s'

Warning: missing server class VM on line %d of `%s'

Warning: missing VM alias on line %d of `%s'

Warning: missing VM type on line %d of `%s'

Warning: no leading - on line %d of `%s'

Error: could not open `%s'

\jvm.cfg

\bin\splashscreen.dll

%s\jvm.dll

%s\bin\%s\jvm.dll

Version major.minor.micro = %s.%s

Failed reading value of registry key:

Software\JavaSoft\Java Runtime Environment\%s\JavaHome

Error opening registry key 'Software\JavaSoft\Java Runtime Environment\%s'

Registry key 'Software\JavaSoft\Java Runtime Environment\CurrentVersion'

has value '%s', but '1.6' is required.

Error opening registry key 'Software\JavaSoft\Java Runtime Environment'

-Dsun.java2d.opengl

-Dsun.java2d.d3d

-Dsun.java2d.noddraw

-Dsun.awt.warmup

Unable to resolve path to current %s executable: %s

CreateProcess(%s, ...) failed: %s

ReExec Args: %s

ReExec Command: %s (%s)

ExecJRE: new: %s

ExecJRE: old: %s

Error: could not find java.dll

JRE path is %s

%s\jre\bin\java.dll

%s\bin\java.dll

Error loading: %s

CRT path is %s

\bin\msvcr71.dll

EnsureJreInstallation:%s:load failed

\bin\jkernel.dll

EnsureJreInstallation:<%s>:not found

EnsureJreInstallation:unsupported platform

Error: can't find JNI interfaces in: %s

JVM path is %s

\bin\awt.dll

\bin\java.dll

\bin\verify.dll

Error: no `%s' JVM at `%s'.

Error: no known VMs. (check for corrupt jvm.cfg file)

before: "%s"

after : "%s"

META-INF/MANIFEST.MF

1.1.3

inflate 1.1.3 Copyright 1995-1998 Mark Adler

mscoree.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

kernel32.dll

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

user32.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

C:\BUILD_~1\jdk6_18\control\build\WINDOW~1\tmp\java\java\obj\java.pdb

RegCloseKey

RegOpenKeyExA

RegEnumKeyA

ADVAPI32.dll

GetCPInfo

KERNEL32.dll

%Program Files%\Java\jre6\bin\java.exe

<assemblyIdentity version="6.0.180.7"

name="java.exe"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel

3333333333330

333333333307

PP%d(jjjjj

6.0.180.7

java.exe

conhost.exe_4056:

.text

`.data

.rsrc

@.reloc

GDI32.dll

USER32.dll

msvcrt.dll

ntdll.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

KERNEL32.dll

IMM32.dll

ole32.dll

OLEAUT32.dll

PutInputInBuffer: EventsWritten != 1 (0x%x), 1 expected

Invalid message 0x%x

InitExtendedEditKeys: Unsupported version number(%d)

Console init failed with status 0x%x

CreateWindowsWindow failed with status 0x%x, gle = 0x%x

InitWindowsStuff failed with status 0x%x (gle = 0x%x)

InitSideBySide failed create an activation context. Error: %d

GetModuleFileNameW requires more than ScratchBufferSize(%d) - 1.

GetModuleFileNameW failed %d.

Invalid EventType: 0x%x

Dup handle failed for %d of %d (Status = 0x%x)

Couldn't grow input buffer, Status == 0x%x

InitializeScrollBuffer failed, Status = 0x%x

CreateWindow failed with gle = 0x%x

Opening Font file failed with error 0x%x

\ega.cpi

NtReplyWaitReceivePort failed with Status 0x%x

ConsoleOpenWaitEvent failed with Status 0x%x

NtCreatePort failed with Status 0x%x

GetCharWidth32 failed with error 0x%x

GetTextMetricsW failed with error 0x%x

GetSystemEUDCRangeW: RegOpenKeyExW(%ws) failed, error = 0x%x

RtlStringCchCopy failed with Status 0x%x

Cannot allocate 0n%d bytes

|%SWj

O.fBf;

ReCreateDbcsScreenBuffer failed. Restoring to CP=%d

Invalid Parameter: 0x%x, 0x%x, 0x%x

ConsoleKeyInfo buffer is full

Invalid screen buffer size (0x%x, 0x%x)

SetROMFontCodePage: failed to memory allocation %d bytes

FONT.NT

Failed to set font image. wc=x, sz=(%x,%x)

Failed to set font image. wc=x sz=(%x, %x).

Failed to set font image. wc=x sz=(%x,%x)

FullscreenControlSetColors failed - Status = 0x%x

FullscreenControlSetPalette failed - Status = 0x%x

WriteCharsFromInput failed 0x%x

WriteCharsFromInput failed %x

RtlStringCchCopyW failed with Status 0x%x

CreateFontCache failed with Status 0x%x

FTPh

\>.Sj

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanW

GetKeyboardState

UnhookWindowsHookEx

SetWindowsHookExW

GetKeyState

ActivateKeyboardLayout

GetKeyboardLayoutNameA

GetKeyboardLayoutNameW

_amsg_exit

_acmdln

ShipAssert

NtReplyWaitReceivePort

NtCreatePort

NtEnumerateValueKey

NtQueryValueKey

NtOpenKey

NtAcceptConnectPort

NtReplyPort

SetProcessShutdownParameters

GetCPInfo

conhost.pdb

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

version="5.1.0.0"

name="Microsoft.Windows.ConsoleHost"

<requestedExecutionLevel

name="Microsoft.Windows.ConsoleHost.SystemDefault"

publicKeyToken="6595b64144ccf1df"

name="Microsoft.Windows.SystemCompatible"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

< =$>:>@>

2%2X2

%SystemRoot%

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\FullScreen

WindowSize

ColorTableu

ExtendedEditkeyCustom

ExtendedEditKey

Software\Microsoft\Windows\CurrentVersion

\ !:=/.<>;|&

%d/%d

cmd.exe

desktop.ini

\console.dll

%d/%d

6.1.7601.17641 (win7sp1_gdr.110623-1503)

CONHOST.EXE

Windows

Operating System

6.1.7601.17641

filename.exe_3736_rwx_00400000_000C6000:

`.rsrc

s%j.Zf

8crtsu

:crts

crts

GetProcessWindowStation

operator

This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.

uxtheme.dll

kernel32.dll

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N{name}, \U, or \u

support for \P, \p, and \X has not been compiled

this version of PCRE is not compiled with PCRE_UCP support

ICMP.DLL

advapi32.dll

RegDeleteKeyExW

Error text not found (please report)

zcÁ

GetProcessHeap

CreatePipe

GetWindowsDirectoryW

GetCPInfo

RegDeleteKeyW

RegEnumKeyExW

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

SetViewportOrgEx

ShellExecuteExW

SHFileOperationW

ShellExecuteW

RegisterHotKey

GetKeyboardLayoutNameW

ExitWindowsEx

EnumThreadWindows

GetAsyncKeyState

SetKeyboardState

GetKeyboardState

GetKeyState

VkKeyScanW

EnumWindows

EnumChildWindows

MapVirtualKeyW

CloseWindowStation

SetProcessWindowStation

OpenWindowStationW

UnregisterHotKey

keybd_event

InternetCrackUrlW

HttpQueryInfoW

HttpOpenRequestW

HttpSendRequestW

FtpOpenFileW

FtpGetFileSize

InternetOpenUrlW

.text

`.rdata

@.data

.rsrc

23$--%"!'

s.ak[

F%pÆ

`.rdn

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

COMDLG32.dll

GDI32.dll

MPR.dll

ole32.dll

OLEAUT32.dll

PSAPI.DLL

SHELL32.dll

USER32.dll

USERENV.dll

VERSION.dll

WININET.dll

WINMM.dll

WSOCK32.dll

mscoree.dll

nKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

>>>AUTOIT NO CMDEXECUTE<<<

CMDLINERAW

CMDLINE

/AutoIt3ExecuteLine

/AutoIt3ExecuteScript

%s (%d) : ==> %s.:

Line %d:

Line %d (File "%s"):

%s (%d) : ==> %s:

AutoIt script files (*.au3, *.a3x)

*.au3;*.a3x

All files (*.*)

#NoAutoIt3Execute

APPSKEY

04090000

%u.%u.%u.%u

0.0.0.0

Mddddd

%s (%d) : ==> %s:

UDPSTARTUP

UDPSHUTDOWN

UDPSEND

UDPRECV

UDPOPEN

UDPCLOSESOCKET

UDPBIND

TRAYGETMSG

TCPSTARTUP

TCPSHUTDOWN

TCPSEND

TCPRECV

TCPNAMETOIP

TCPLISTEN

TCPCONNECT

TCPCLOSESOCKET

TCPACCEPT

SHELLEXECUTEWAIT

SHELLEXECUTE

REGENUMKEY

MSGBOX

ISKEYWORD

HTTPSETUSERAGENT

HTTPSETPROXY

HOTKEYSET

GUIREGISTERMSG

GUIGETMSG

GUICTRLSENDMSG

GUICTRLRECVMSG

FTPSETPROXY

\??\%s

GUI_RUNDEFMSG

SendKeyDelay

SendKeyDownDelay

TCPTimeout

AUTOITCALLVARIABLE%d

255.255.255.255

Keyword

AutoIt.Error

Null Object assignment in FOR..IN loop

Incorrect Object type in FOR..IN loop

HOTKEYPRESSED

AUTOITEXE

WINDOWSDIR

3, 3, 8, 1

HKEY_LOCAL_MACHINE

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_USERS

%d/d/d

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe

bC:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe

AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.

Missing operator in expression."Unbalanced brackets in expression.

Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.

Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.

Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.

3This keyword cannot be used after a "Then" keyword.

>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.

HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.

String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

SearchProtocolHost.exe_3296:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

</MSG></TRC>

<MSG>

<ERR> 0xx=

<LOC> %s(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<LOC> %S(%d) </LOC>

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

javaw.exe_632:

.text

`.rdata

@.data

.rsrc

/Xusage.txt

-Djava.class.path=%s

Unable to locate JRE meeting specification "%s"

1.6.0_18-b07

JRE-Version = %s, JRE-Restrict-Search = %s Selected = %s

Syntax error in version specification "%s"

Invalid or corrupt jarfile %s

Unable to access jarfile %s

-Djava.awt.headless=

-Djava.awt.headless=true

option[-] = '%s'

ignoreUnrecognized is %s,

sun.jnu.encoding

isSupported

-Dsun.java.command=

-Dsun.java.launcher=SUN_STANDARD

A %c separated list of directories, JAR archives,

load Java programming language agent, see java.lang.instrument

The default VM is %s%s

is a synonym for the "%s" VM [deprecated]

to select the "%s" VM

Usage: %s [-options] class [args...]

(to execute a class)

or %s [-options] -jar jarfile [args...]

(to execute a jar file)

Can't open %s

Could not find the main class: %s. Program will exit.

Failed to load Main Class: %s

Could not find the main class: %s. Program will exit.

argv[-] = '%s'

Apps' argc is %d

Main-Class is '%s'

Warning: %s VM not supported; %s VM will be used

Error: %s VM not supported

Error: Unable to resolve VM alias %s

Error: Corrupt jvm.cfg file; cycle in alias list.

Default VM: %s

%s requires class path specification

%s full version "%s"

Warning: %s option is no longer supported.

-Xrunhprof:cpu=old,file=java.prof

-Xrunhprof:cpu=old,file=%s

%ld micro seconds to parse jvm.cfg

name: %s vmType: %s alias: %s

name: %s vmType: %s server_class: %s

jvm.cfg[%d] = ->%s<-

Warning: unknown VM type on line %d of `%s'

Warning: missing server class VM on line %d of `%s'

Warning: missing VM alias on line %d of `%s'

Warning: missing VM type on line %d of `%s'

Warning: no leading - on line %d of `%s'

Error: could not open `%s'

\jvm.cfg

\bin\splashscreen.dll

%s\jvm.dll

%s\bin\%s\jvm.dll

Version major.minor.micro = %s.%s

Failed reading value of registry key:

Software\JavaSoft\Java Runtime Environment\%s\JavaHome

Error opening registry key 'Software\JavaSoft\Java Runtime Environment\%s'

Registry key 'Software\JavaSoft\Java Runtime Environment\CurrentVersion'

has value '%s', but '1.6' is required.

Error opening registry key 'Software\JavaSoft\Java Runtime Environment'

-Dsun.java2d.opengl

-Dsun.java2d.d3d

-Dsun.java2d.noddraw

-Dsun.awt.warmup

Unable to resolve path to current %s executable: %s

CreateProcess(%s, ...) failed: %s

ReExec Args: %s

ReExec Command: %s (%s)

ExecJRE: new: %s

ExecJRE: old: %s

Error: could not find java.dll

JRE path is %s

%s\jre\bin\java.dll

%s\bin\java.dll

Error loading: %s

CRT path is %s

\bin\msvcr71.dll

EnsureJreInstallation:%s:load failed

\bin\jkernel.dll

EnsureJreInstallation:<%s>:not found

EnsureJreInstallation:unsupported platform

Error: can't find JNI interfaces in: %s

JVM path is %s

\bin\awt.dll

\bin\java.dll

\bin\verify.dll

Error: no `%s' JVM at `%s'.

Error: no known VMs. (check for corrupt jvm.cfg file)

before: "%s"

after : "%s"

META-INF/MANIFEST.MF

1.1.3

inflate 1.1.3 Copyright 1995-1998 Mark Adler

mscoree.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

kernel32.dll

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

user32.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

C:\BUILD_~1\jdk6_18\control\build\WINDOW~1\tmp\java\javaw\obj\javaw.pdb

RegCloseKey

RegOpenKeyExA

RegEnumKeyA

ADVAPI32.dll

USER32.dll

GetCPInfo

KERNEL32.dll

C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javaw.exe

<assemblyIdentity version="6.0.180.7"

name="javaw.exe"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel

3333333333330

333333333307

PP%d(jjjjj

6.0.180.7

javaw.exe

java.exe_2232:

.text

`.rdata

@.data

.rsrc

/Xusage.txt

-Djava.class.path=%s

Unable to locate JRE meeting specification "%s"

1.6.0_18-b07

JRE-Version = %s, JRE-Restrict-Search = %s Selected = %s

Syntax error in version specification "%s"

Invalid or corrupt jarfile %s

Unable to access jarfile %s

-Djava.awt.headless=

-Djava.awt.headless=true

option[-] = '%s'

ignoreUnrecognized is %s,

sun.jnu.encoding

isSupported

-Dsun.java.command=

-Dsun.java.launcher=SUN_STANDARD

A %c separated list of directories, JAR archives,

load Java programming language agent, see java.lang.instrument

The default VM is %s%s

is a synonym for the "%s" VM [deprecated]

to select the "%s" VM

Usage: %s [-options] class [args...]

(to execute a class)

or %s [-options] -jar jarfile [args...]

(to execute a jar file)

Can't open %s

Could not find the main class: %s. Program will exit.

Failed to load Main Class: %s

Could not find the main class: %s. Program will exit.

argv[-] = '%s'

Apps' argc is %d

Main-Class is '%s'

Warning: %s VM not supported; %s VM will be used

Error: %s VM not supported

Error: Unable to resolve VM alias %s

Error: Corrupt jvm.cfg file; cycle in alias list.

Default VM: %s

%s requires class path specification

%s full version "%s"

Warning: %s option is no longer supported.

-Xrunhprof:cpu=old,file=java.prof

-Xrunhprof:cpu=old,file=%s

%ld micro seconds to parse jvm.cfg

name: %s vmType: %s alias: %s

name: %s vmType: %s server_class: %s

jvm.cfg[%d] = ->%s<-

Warning: unknown VM type on line %d of `%s'

Warning: missing server class VM on line %d of `%s'

Warning: missing VM alias on line %d of `%s'

Warning: missing VM type on line %d of `%s'

Warning: no leading - on line %d of `%s'

Error: could not open `%s'

\jvm.cfg

\bin\splashscreen.dll

%s\jvm.dll

%s\bin\%s\jvm.dll

Version major.minor.micro = %s.%s

Failed reading value of registry key:

Software\JavaSoft\Java Runtime Environment\%s\JavaHome

Error opening registry key 'Software\JavaSoft\Java Runtime Environment\%s'

Registry key 'Software\JavaSoft\Java Runtime Environment\CurrentVersion'

has value '%s', but '1.6' is required.

Error opening registry key 'Software\JavaSoft\Java Runtime Environment'

-Dsun.java2d.opengl

-Dsun.java2d.d3d

-Dsun.java2d.noddraw

-Dsun.awt.warmup

Unable to resolve path to current %s executable: %s

CreateProcess(%s, ...) failed: %s

ReExec Args: %s

ReExec Command: %s (%s)

ExecJRE: new: %s

ExecJRE: old: %s

Error: could not find java.dll

JRE path is %s

%s\jre\bin\java.dll

%s\bin\java.dll

Error loading: %s

CRT path is %s

\bin\msvcr71.dll

EnsureJreInstallation:%s:load failed

\bin\jkernel.dll

EnsureJreInstallation:<%s>:not found

EnsureJreInstallation:unsupported platform

Error: can't find JNI interfaces in: %s

JVM path is %s

\bin\awt.dll

\bin\java.dll

\bin\verify.dll

Error: no `%s' JVM at `%s'.

Error: no known VMs. (check for corrupt jvm.cfg file)

before: "%s"

after : "%s"

META-INF/MANIFEST.MF

1.1.3

inflate 1.1.3 Copyright 1995-1998 Mark Adler

mscoree.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

kernel32.dll

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

user32.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

C:\BUILD_~1\jdk6_18\control\build\WINDOW~1\tmp\java\java\obj\java.pdb

RegCloseKey

RegOpenKeyExA

RegEnumKeyA

ADVAPI32.dll

GetCPInfo

KERNEL32.dll

C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java.exe

<assemblyIdentity version="6.0.180.7"

name="java.exe"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel

3333333333330

333333333307

PP%d(jjjjj

6.0.180.7

java.exe

conhost.exe_2844:

.text

`.data

.rsrc

@.reloc

GDI32.dll

USER32.dll

msvcrt.dll

ntdll.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

KERNEL32.dll

IMM32.dll

ole32.dll

OLEAUT32.dll

PutInputInBuffer: EventsWritten != 1 (0x%x), 1 expected

Invalid message 0x%x

InitExtendedEditKeys: Unsupported version number(%d)

Console init failed with status 0x%x

CreateWindowsWindow failed with status 0x%x, gle = 0x%x

InitWindowsStuff failed with status 0x%x (gle = 0x%x)

InitSideBySide failed create an activation context. Error: %d

GetModuleFileNameW requires more than ScratchBufferSize(%d) - 1.

GetModuleFileNameW failed %d.

Invalid EventType: 0x%x

Dup handle failed for %d of %d (Status = 0x%x)

Couldn't grow input buffer, Status == 0x%x

InitializeScrollBuffer failed, Status = 0x%x

CreateWindow failed with gle = 0x%x

Opening Font file failed with error 0x%x

\ega.cpi

NtReplyWaitReceivePort failed with Status 0x%x

ConsoleOpenWaitEvent failed with Status 0x%x

NtCreatePort failed with Status 0x%x

GetCharWidth32 failed with error 0x%x

GetTextMetricsW failed with error 0x%x

GetSystemEUDCRangeW: RegOpenKeyExW(%ws) failed, error = 0x%x

RtlStringCchCopy failed with Status 0x%x

Cannot allocate 0n%d bytes

|%SWj

O.fBf;

ReCreateDbcsScreenBuffer failed. Restoring to CP=%d

Invalid Parameter: 0x%x, 0x%x, 0x%x

ConsoleKeyInfo buffer is full

Invalid screen buffer size (0x%x, 0x%x)

SetROMFontCodePage: failed to memory allocation %d bytes

FONT.NT

Failed to set font image. wc=x, sz=(%x,%x)

Failed to set font image. wc=x sz=(%x, %x).

Failed to set font image. wc=x sz=(%x,%x)

FullscreenControlSetColors failed - Status = 0x%x

FullscreenControlSetPalette failed - Status = 0x%x

WriteCharsFromInput failed 0x%x

WriteCharsFromInput failed %x

RtlStringCchCopyW failed with Status 0x%x

CreateFontCache failed with Status 0x%x

FTPh

\>.Sj

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanW

GetKeyboardState

UnhookWindowsHookEx

SetWindowsHookExW

GetKeyState

ActivateKeyboardLayout

GetKeyboardLayoutNameA

GetKeyboardLayoutNameW

_amsg_exit

_acmdln

ShipAssert

NtReplyWaitReceivePort

NtCreatePort

NtEnumerateValueKey

NtQueryValueKey

NtOpenKey

NtAcceptConnectPort

NtReplyPort

SetProcessShutdownParameters

GetCPInfo

conhost.pdb

%$%a%b%V%U%c%Q%W%]%\%[%

%<%^%_%Z%T%i%f%`%P%l%g%h%d%e%Y%X%R%S%k%j%

version="5.1.0.0"

name="Microsoft.Windows.ConsoleHost"

<requestedExecutionLevel

name="Microsoft.Windows.ConsoleHost.SystemDefault"

publicKeyToken="6595b64144ccf1df"

name="Microsoft.Windows.SystemCompatible"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

< =$>:>@>

2%2X2

%SystemRoot%

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console\FullScreen

WindowSize

ColorTableu

ExtendedEditkeyCustom

ExtendedEditKey

Software\Microsoft\Windows\CurrentVersion

\ !:=/.<>;|&

%d/%d

cmd.exe

desktop.ini

\console.dll

%d/%d

6.1.7601.17641 (win7sp1_gdr.110623-1503)

CONHOST.EXE

Windows

Operating System

6.1.7601.17641

SearchFilterHost.exe_2632:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

IMM32.dll

MSSHooks.dll

mscoree.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

SearchFilterHost.pdb

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

<requestedExecutionLevel

3 3(30383|3

kernel32.dll

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

tquery.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<ERR> 0xx=

<LOC> %S(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%S"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%S"

</MSG></TRC>

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s

winhttp.dll

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

Windows

7.00.7601.17610

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   filename.exe:2824
   filename.exe:312
   filename.exe:3172
   xcopy.exe:2432
   javaw.exe:3740
   rundll32.exe:2628
   WWWire.exe:1588
   Host.exe:3896
   %original file name%.exe:452

2. Delete the original Worm file.
   
3. Delete or disinfect the following files created/modified by the Worm:
   

   C:\Users\"%CurrentUserName%"\AppData\Roaming\Imminent\Logs\28-06-2017 (162 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JBDOC.jar (484 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WWWire.exe (176 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IM000.exe (704 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PIGPIK.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Skyp\DQARUY.exe (18394 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\bafrjeu (3193 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\checkip[1].htm (6513 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut2D95.tmp (1825 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yekaterinburg (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ioser12.dll (12 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\rt.jar (336534 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tbilisi (469 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Detroit (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\Welcome.html (994 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\CST6 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\instrument.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Kerguelen (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Kentucky\Louisville (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\El_Salvador (105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Resolute (529 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Tunis (812 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Denver (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\UCT (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Bermuda (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tortola (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Funafuti (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Windhoek (824 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dushanbe (261 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aden (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aqtau (453 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Mawson (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmiregistry.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Freetown (313 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Tripoli (293 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpinscp.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cayenne (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\net.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\dnsns.jar (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\management.dll (18 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Midway (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\McMurdo (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveNoDrop32x32.gif (153 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\kinit.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Noronha (377 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ulaanbaatar (437 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Tell_City (884 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Luxembourg (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Rome (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Winnipeg (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Canary (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Casey (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Stockholm (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\psfontj2d.properties (10 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\psfont.properties.ja (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Makassar (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Lindeman (221 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\jvm.dll (18248 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tijuana (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Accra (181 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Urumqi (181 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuching (217 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_fr.rtf (37 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Belize (513 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Puerto_Rico (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Whitehorse (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Iqaluit (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Douala (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Anadyr (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Johnston (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\MST7MDT (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\task.xml (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\EST5 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Godthab (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Nairobi (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\cacerts (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jqsnotify.exe (55 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\PST8PDT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\DumontDUrville (81 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guayaquil (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npjpi160_18.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ashgabat (269 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Toronto (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Dawson_Creek (509 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuala_Lumpur (145 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\fontmanager.dll (2105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jvm.hprof.txt (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 3 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\EST5EDT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\San_Luis (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santarem (305 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\servicetag\registration.xml (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Grand_Turk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Scoresbysund (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_it.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montserrat (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Sakhalin (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\EST5EDT (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Johannesburg (105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Palau (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Boa_Vista (329 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Darwin (125 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Aqtobe (453 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\task64.xml (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Managua (185 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 1 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Porto-Novo (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unicows.dll (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Azores (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Melbourne (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_zh_CN.rtf (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\local_policy.jar (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome\content\overlay.xul (173 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Faroe (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Gambier (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dt_shmem.dll (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Novokuznetsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Zaporozhye (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Maputo (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\MST7MDT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Amman (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\CET (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Baghdad (489 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\South_Georgia (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Macau (393 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bissau (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Saipan (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Vostok (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Vancouver (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Harbin (205 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Swift_Current (241 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\logging.properties (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\El_Aaiun (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Lisbon (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties (6 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Andorra (968 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_de.rtf (39 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\EET (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Madrid (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dt_socket.dll (13 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_it.rtf (25 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\jmxremote.access (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Noumea (121 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Baku (976 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montevideo (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Rothera (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santo_Domingo (201 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_zh_TW.rtf (29 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Barbados (137 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Mbabane (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-11 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kampala (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nome (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ceuta (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Stanley (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jkernel.dll (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2iexp.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Johns (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jerusalem (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Algiers (333 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages.properties (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\jqs.conf (41 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Port-au-Prince (345 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Wallis (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tarawa (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Truk (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Reunion (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\java.security (9 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lagos (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jsse.jar (3361 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\servertool.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\net.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jli.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkNoDrop32x32.gif (153 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-8 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\im\thaiim.jar (7 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\j2pkcs11.dll (41 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nipigon (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Madeira (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Monrovia (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Sofia (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Istanbul (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Malta (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Yellowknife (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Nouakchott (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kolkata (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\lzma.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Rarotonga (285 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Uzhgorod (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Volgograd (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif (147 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Panama (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Santiago (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\North_Dakota\New_Salem (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\hpi.dll (15 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-7 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Monterrey (788 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\AST4ADT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Samarkand (261 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Rangoon (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kathmandu (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_HK.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Campo_Grande (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\nio.dll (20 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Dublin (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\MET (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kamchatka (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Regina (481 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif (168 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Buenos_Aires (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Boise (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\St_Helena (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpicom.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\hprof.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Monaco (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Singapore (133 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\classes.jsa (100416 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Galapagos (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Perth (205 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Chicago (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Manila (125 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Banjul (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\npdeploytk.dll (2321 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Cairo (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Nauru (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\meta-index (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bangui (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Khartoum (337 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Yakutat (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Harare (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Thimphu (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Brazzaville (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\CST6CDT (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\PYCC.pf (1425 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Costa_Rica (137 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-12 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-13 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-10 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\regutils.dll (1425 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Abidjan (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-14 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jakarta (129 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\YST9YDT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.98.bfc (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-9 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tongatapu (133 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Fakaofo (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\GMT (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\deploy.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-2 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-3 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-4 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-5 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT-6 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\WET (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Seoul (165 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bishkek (485 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ssvagent.exe (30 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Winamac (932 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_es.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\invalid32x32.gif (153 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Curacao (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cuiaba (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vienna (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\audio\soundbank.gm (3073 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\plugin.jar (11518 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javaws.exe (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lome (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Minsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\PST8PDT (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dubai (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Halifax (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Oslo (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guyana (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Thunder_Bay (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\snmp.acl.template (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Oral (461 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java_crw_demo.dll (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Djibouti (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Gaza (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Norfolk (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmid.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Casablanca (245 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Apia (105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\splash.gif (7 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\msvcrt.dll (1425 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Marquesas (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Tucuman (565 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Indianapolis (868 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Thule (852 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_ja.rtf (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jawt.dll (5 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\im\indicim.jar (10 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Catamarca (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Simferopol (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Bogota (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ktab.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Sydney (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Mogadishu (73 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Danmarkshavn (341 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Efate (233 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Juneau (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Paris (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Edmonton (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\jce.jar (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Chihuahua (816 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npt.dll (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Ponape (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2launcher.exe (23 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\tnameserv.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Brunei (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\deploytk.dll (2321 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Honolulu (117 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\zip.dll (47 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\San_Juan (557 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Dominica (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javaw.exe (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\awt.dll (7726 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vilnius (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpioji.dll (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npoji610.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\localedata.jar (5873 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Asuncion (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\New_York (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\US_export_policy.jar (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Brisbane (189 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\msvcr71.dll (2105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jdwp.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Vaduz (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kigali (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Eucla (205 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\jmxremote.password.template (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Samara (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Mexico_City (880 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rainy_River (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\sRGB.pf (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\GRAY.pf (632 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy.jar (22350 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Currie (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\verify.dll (31 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Omsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Easter (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Miquelon (928 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Chisinau (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Mazatlan (840 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpiexp.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Qyzylorda (465 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Maceio (393 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\resources.jar (7547 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Gaborone (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 11 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Cape_Verde (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Ho_Chi_Minh (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\tzmappings (7 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\London (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Phoenix (141 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Malabo (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Muscat (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Vincennes (884 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Blanc-Sablon (93 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Kentucky\Monticello (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Grenada (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Knox (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\North_Dakota\Center (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java-rmi.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bangkok (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Lucia (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Los_Angeles (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Colombo (129 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\msvcr71.dll (2105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE.rtf (13 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\eula.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bujumbura (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Vincent (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Porto_Velho (297 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Warsaw (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Aruba (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Taipei (381 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Eirunepe (321 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Comoro (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kosrae (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Fiji (121 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unpack200.exe (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jbroker.exe (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\klist.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Maldives (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Hovd (437 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lusaka (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\wsdetect.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf (4545 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Fortaleza (377 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Qatar (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Rio_Gallegos (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Merida (788 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\sound.properties (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cayman (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Pitcairn (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Tahiti (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\javacpl.exe (59 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Lord_Howe (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Paramaribo (101 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Sao_Paulo (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\calendars.properties (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Sao_Tome (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\unpack.dll (61 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Bahrain (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Auckland (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Wake (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Tallinn (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ndjamena (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Kitts (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Nassau (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh87 (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\HST (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Copenhagen (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\St_Thomas (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Ushuaia (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Damascus (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Conakry (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll (24 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\La_Rioja (557 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mauritius (105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Asmara (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\CST6CDT (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Bamako (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\cmm.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Brussels (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\pack200.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Prague (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Guadalcanal (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpishare.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\ssv.dll (1425 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Addis_Ababa (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\new_plugin\npjp2.dll (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jaas_nt.dll (10 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Inuvik (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\java.policy (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Helsinki (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kashgar (193 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\servicetag\jdk_header.png (19 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Beirut (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\content-types.properties (5 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\UTC (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jsoundds.dll (18 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\ZoneInfoMappings (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Palmer (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\java.exe (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\mlib_image.dll (4185 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Novosibirsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jpeg.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Salta (533 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Riga (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Davis (93 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2ssv.dll (41 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Chagos (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Ouagadougou (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Adelaide (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Adak (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Krasnoyarsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rankin_Inlet (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\meta-index (521 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Atlantic\Reykjavik (577 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\splashscreen.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\axbridge.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf (1425 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\COPYRIGHT (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Amsterdam (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Manaus (313 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Budapest (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management-agent.jar (382 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Hobart (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\policytool.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Recife (377 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\i386\jvm.cfg (671 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Vevay (724 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh88 (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Riyadh89 (4 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Christmas (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Berlin (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Mendoza (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Chatham (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif (165 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Niamey (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kabul (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Kuwait (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Martinique (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\SystemV\HST10 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Antananarivo (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Choibalsan (449 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Almaty (453 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Atikokan (93 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\La_Paz (81 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mayotte (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Nicosia (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\flavormap.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Cocos (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jqs.exe (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Rio_Branco (305 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Magadan (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Petersburg (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 6 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 7 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 4 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 5 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 8 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 9 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome\content\overlay.js (779 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\rmi.dll (5 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Luanda (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\blacklist (92 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kiritimati (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Montreal (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Jujuy (533 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Dar_es_Salaam (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jsound.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Indiana\Marengo (900 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Anguilla (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\security\javaws.policy (132 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Caracas (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Tirane (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Belem (297 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Guam (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\keytool.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Belgrade (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Anchorage (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\jp2native.dll (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Jamaica (233 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_sv.rtf (45 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tehran (892 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Hermosillo (189 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Australia\Broken_Hill (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Chongqing (181 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Blantyre (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Havana (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\npdeploytk.dll (2321 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\JdbcOdbc.dll (36 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Kiev (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Niue (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Kaliningrad (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 2 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Maseru (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yerevan (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guadeloupe (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.98.properties.src (7 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Pago_Pago (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\README.txt (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\sunmscapi.dll (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Pontianak (125 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_de.properties (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Kwajalein (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Irkutsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Moscow (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf (2105 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Indian\Mahe (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Libreville (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Lima (185 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Menominee (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Moncton (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Port_Moresby (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Shanghai (201 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\dcpr.dll (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Pyongyang (101 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf (51 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_es.rtf (26 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Lubumbashi (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Bahia (537 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\javaws.jar (5873 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Port_of_Spain (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\client\Xusage.txt (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties (5 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tokyo (125 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif (153 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Enderbury (89 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Dakar (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Tashkent (261 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Jayapura (85 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Goose_Bay (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.bfc (3 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Phnom_Penh (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Guatemala (137 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Antarctica\Syowa (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Karachi (628 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\j2pcsc.dll (7 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Argentina\Cordoba (549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Gibraltar (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Bucharest (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Africa\Kinshasa (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Pangnirtung (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\classlist (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar (1281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\charsets.jar (49738 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dhaka (113 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\install.rdf (678 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\LICENSE_ko.rtf (44 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Vientiane (97 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Athens (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Araguaina (457 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Yakutsk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cambridge_Bay (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ff\chrome.manifest (108 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Europe\Zurich (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Tegucigalpa (121 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Glace_Bay (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\ie\jqs_plugin.dll (601 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar (673 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Cancun (792 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Vladivostok (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\bin\orbd.exe (33 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Pacific\Majuro (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\deploy\jqs\jqsmessages.properties (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 10 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\fontconfig.properties.src (9 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Etc\GMT 12 (27 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\management\management.properties (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\America\Antigua (77 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Dili (93 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Oracle\lib\zi\Asia\Hong_Kong (633 bytes)
   C:\Windows\System32\test.txt (444 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive74950821466890621.vbs (276 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_0.77481841979807037573843867793656786.class (15556 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8641493318753779784.vbs (281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1521017512093565183.vbs (276 bytes)
   C:\Users\"%CurrentUserName%"\iiXFopcraqb\ID.txt (47 bytes)
   C:\Users\"%CurrentUserName%"\iiXFopcraqb\DPlstrLIlai.HdCHnB (62276 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_0.59808831145033968918342488066739143.class (15556 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\hsperfdata_adm\3740 (65 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive2273817788890281081.vbs (281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive1325321892352841394.vbs (276 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive746698577194291849.vbs (281 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive8883878510582690503.vbs (276 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Retrive3542936377548491937.vbs (281 bytes)
   C:\Users\"%CurrentUserName%"\fUTkALeaTxM\ID.txt (47 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L3X27RQ8\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZWQQ3VB\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O9AZQ7J0\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VWBAK08C\desktop.ini (67 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\Host.exe (2210 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\.Identifier (68 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe (18394 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"
   
   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Update" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.exe"
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "NetWire" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Install\Host.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.