Analysis
-
max time kernel
153s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25/11/2022, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe
-
Size
119KB
-
MD5
9dd94a3a51d6a413a8dc93f380f83023
-
SHA1
431ba6deb16c4e98dc51ed2f248459e0cff14133
-
SHA256
c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621
-
SHA512
ced5a4f4b7621cdda08dbb16e2f192362f2c2b385ad6c4be83cd74b9f5ea436b56de2e70533e5061a6fabb5e3cccd5668bdaf10e761096c29007531c98d591da
-
SSDEEP
1536:yMGeA/qLrH0lWqPr03CJJpxwFuEYmHai/Bvyx4JO1eX+gWu39/OBVJWpjVrs2ryq:uoiWqwSbpxuY+Fe1eX+JGOBCHs2qxnC
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 62 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\README.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\Welcome.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\Office16\OSPP.HTM c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\jtlnctqk.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bklnbknw.exe c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe -
Modifies registry class 38 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "vzkvrhswzjkbhwks" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "rjllrettsjwjjrzl" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\ = "zrehrbklkejbrvsq" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59919D63-B317-8C42-19DB-F1F188E6C914}\ = "sbjlqnhqsbbnbsjn" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\bklnbknw.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\ = "rwtjkqenwccletkj" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "hzhcttntbthjxvqx" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "elwbnshscjbchtlw" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59919D63-B317-8C42-19DB-F1F188E6C914} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59919D63-B317-8C42-19DB-F1F188E6C914}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59919D63-B317-8C42-19DB-F1F188E6C914}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "zhjwjelbesnwwtcb" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "lchqwwrqwljnsesk" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "xerltlnbksxkbveb" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "hwnlhrjhnjslneeh" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32 c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\jtlnctqk.exe" c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892} c1bb064997c9879750b6d4a72fed7b9e1a009b611924d148c5f8c0d12989d621.exe