Malware Analysis Report

2025-01-18 21:30

Sample ID 240322-dzzg9aab8s
Target JavaSetup8u401.exe
SHA256 936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3
Tags
adware persistence stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

936cee4941ca401e556ece5206dc4d9fc70c3660aaecf27cdb6c4d1ca5252ee3

Threat Level: Shows suspicious behavior

The file JavaSetup8u401.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware persistence stealer

Enumerates connected drives

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Registers COM server for autorun

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-22 03:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-22 03:27

Reported

2024-03-22 03:30

Platform

win7-20240221-en

Max time kernel

135s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\dynalink.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\dt_shmem.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jfxwebkit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\libpng.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\JavaAccessBridge-32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\ext\dnsns.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\accessibility.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jp2native.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\messages.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\javafx.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\splash_11-lic.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\bci.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\glib-lite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\cldr.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\cryptix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\management-agent.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\javafx_font.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\unpack.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\deploy\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\xalan.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\java.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\j2gss.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\dcpr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\ext\sunec.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\relaxngom.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\client\classes.jsa C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\jpeg.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\pkcs11wrapper.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\security\public_suffix_list.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259433874\javaws.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\ext\sunmscapi.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\plugin.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\jsdt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\decora_sse.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\javafx\icu_web.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f767aed.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI811E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7F86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767aef.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f767aea.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7CE0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7D8E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7ED9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7F56.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f767aea.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7C72.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7E4B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI80DE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8228.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7D20.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7DCD.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0232-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0294-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0160-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0242-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0099-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0124-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0131-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0362-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0063-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0095-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0100-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0343-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0135-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0196-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0238-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0254-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0301-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0113-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0114-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0247-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0268-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0077-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0233-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0316-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0140-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0227-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0251-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0348-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0035-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0069-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0256-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0322-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0057-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0183-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0313-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0175-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0315-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0383-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0207-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0243-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0301-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0337-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0388-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0197-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0281-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0123-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0361-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_361" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0348-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0215-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0210-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0153-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0180-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0371-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0221-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0237-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0092-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0335-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0363-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0184-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0202-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0053-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0208-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0166-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0153-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0236-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_236" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0147-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0210-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_210" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0325-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0154-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0178-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_178" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0213-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0140-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0349-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_349" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0409-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_409" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0069-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0165-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0118-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_55" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0103-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0049-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0093-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0191-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0389-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0086-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_86" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0089-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0073-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0086-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0221-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0401-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0109-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0215-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_215" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0099-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_99" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_366" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0085-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0314-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_02" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0298-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0280-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0071-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_71" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0339-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0082-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0268-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_268" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0216-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0127-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_37" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0097-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0402-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0326-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0071-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_127" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0087-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0201-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0271-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0287-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0221-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0395-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0062-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0365-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0084-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0134-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0123-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0203-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_203" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0220-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0337-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0086-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0253-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 2876 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe
PID 3032 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 3032 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 3060 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1688 wrote to memory of 1732 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Java\jre-1.8\installer.exe
PID 1732 wrote to memory of 2748 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1732 wrote to memory of 2748 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1732 wrote to memory of 2748 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1732 wrote to memory of 2748 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
PID 1732 wrote to memory of 2248 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1732 wrote to memory of 2248 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1732 wrote to memory of 2248 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 1732 wrote to memory of 2248 N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2248 wrote to memory of 2268 N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
PID 2916 wrote to memory of 1312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 15BA0E12A58E56D0AA51E1A471A734B1

C:\Program Files (x86)\Java\jre-1.8\installer.exe

"C:\Program Files (x86)\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F32180401F0}

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e69758,0x7fef6e69768,0x7fef6e69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3304 --field-trial-handle=1348,i,13938874596502240306,14409123011531130454,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 104.84.88.195:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\jds259399710.tmp\JavaSetup8u401.exe

MD5 24ca1c45b2830c06a9bd61e0158d9953
SHA1 d18e796dcf31fc4f8a176f80f4140b7e128718ca
SHA256 0e6c46fc45d9a7a8ddd13f67ee05cde85212c8391a09c917aceb375c26adccdf
SHA512 5171c318fb069f82e14c1a73b4e011e846b1dabab5e8b8cbdb1d830e7a98a5c3af25e2bdb9172e512ba560a04fcb8311e10c3c42e17536fdec345a400d4174d9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 db52de066c7c95fdc3dcf30c5585d057
SHA1 66c404913ebc518e2b106c6eac61f9e91c290054
SHA256 d8e72e2d9db918a8db9ce7c07754aecb9aeed5fc40daef9228e36e96ac180751
SHA512 c69d596f3686d0fa9e34b831e370a43c5d8d50ce1c659c8ce6b833ec7b9dff429037ca61fbf22173523a8497a5d08e9ba145e5b75ef1bf24750cd59bdaa0f359

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 bcbbe4d4be78727d797d2c7f6b651947
SHA1 ec7cc258dc0bb9e46af4955c01fa839d39439ff7
SHA256 a3e0af6a959a68cec5764d690714ec155eb3e7de0a01e7bf215ab0a9dcf387b9
SHA512 bbb188f21f85c750df2dbd398e5fdde46be085f72779f94c443832efca14d83ee5fdc516c72d46258b2076c0804f8d06cb5ac0ac574a911876c59024ee4bb4e5

memory/3032-185-0x00000000028E0000-0x00000000028E1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\au.msi

MD5 5bfe9f595889b5afdabb0df406872c77
SHA1 036172b29da2954d26d656d2cd1751651d3344d5
SHA256 b4c90197a191d01fcf4c9d5d63f1f35f810a0bcd96dbedbec5a66976423b8fad
SHA512 111c61cca36f653b78bad4d47811ded43766372833a0130281e55ee5326bd7ac16b778a83904bf3a6d19bf3042ef1c06194896ea8792e8e128ecb7fe309a49cf

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi

MD5 5989a8bb7eac9e3313c7bd37a619e601
SHA1 5e52d6aef2775c98bc65c1a0a10d195be9b64c9b
SHA256 7fcbf3df8779335ccb611e0865b4f80b1b82ad1f8118c603fd0bd64dc7e40287
SHA512 d313a578d5c7cb40407e961840c51479f987852d9e423c615c0494f388a4c99c283909fdb5e83d443e659ce4357e5a80c0ea71ffea4af0be76623dc0b1ee5072

\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\LZMA_EXE

MD5 3842c46f2fbc7522ef625f1833530804
SHA1 3615c072ad5bdadba5e5e22e75eefaf7def92312
SHA256 17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA512 9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp

MD5 f68b337ab20af8a00436ecdda4371749
SHA1 ae6bbd8f40af11fbb0ce4495e987f434a408a2f5
SHA256 65cbae74ab253db2464c2718ebe035ae6f0123fa35ebe2ff436ac8e601e3583e
SHA512 135c9b51ef6d488bfbcb0010c494f7ab8e61cea6deeb001d3a2adce224ce3459dc45fcfaa434c681c0f00869545eec681d6e7910002dbf2d582ca183ac5476bf

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\jre1.8.0_401.msi

MD5 ca1f52571d65416d6295e8bdd8823953
SHA1 0d23b0aa7c7b8c42c93788dd0100781bc990ee4d
SHA256 824048a77f4bc261d22b61377ed2499a407103bbafe823d8cafc7d576523f13c
SHA512 4b67ef3dd23eff20d43aad410dc4725c9a8c905d0f19eb13a843da4599f29af0337dc8369bde56ad5326467c7e903b8349a422484cf68e2565b7fc9de8658cf9

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401\msi.tmp

MD5 b51f0e00564a2051021090697358725a
SHA1 3a4ea0ab07d8982d22d0cc0f7eaf871e4a1edbc8
SHA256 68650b44efb47e53d037dbf076df3c21c77fa32f5eb9c870d262a3b3d5ac1ef9
SHA512 e35ee732c843c9d5abc42b9ae02b5c3202202044dbdce06463e97fec8fc7097eb1fb2338f2e2ec112197cb0dcfb2424d24c2aceaaab9f0c28643edf369293ea1

C:\Users\Admin\AppData\Local\Temp\Cab74F3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7516.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

MD5 5510f3e410f3808b5196fd2786b5efa5
SHA1 d76dfc89af973681e7f12711dde066e79363efff
SHA256 cf894752dbec7f78500ef279bde0efc821f2f276fd688441aaf8882c1b9abb70
SHA512 99243b15b39197b543d56ecd758130523748f17e4569eae0c224dab21437ae2c34a3ccdd7abaff21918c1bd3760dfaafe75df51649345454957c4452fb90bb78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

MD5 4284f04ab9c1b20297c98d1c6511573f
SHA1 4f42f3243b2549dfbc36407fb42ecefb477ad5f6
SHA256 e5f8d58fb61c39d20cae98f331b5df45a022cfed4f5e33b4d6a4db38b2a9d7d8
SHA512 1afae4fea299a599e2fbe07dae9e197a2fcc48ce081f037f8513b1bb8c11e24c03aebeecc1e8a708d2f000150ed70057c10e7887893ec3556a2de6f5969e7d3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 388375415f42c8a9d8e7e2e609e6936f
SHA1 ccc770c2b1cb8303968ff03ffcdc61f0328bf76a
SHA256 0b276d29fbbd58ba76101d3c518d5a9cdbd8799a31b2c8e5665253c9908aced7
SHA512 b181ee4fc3d848e625d12b0a7723b25a691791c3f3808b75fe8170768be57d57fc64dbb672988c83be3e58774d4c3bd15506fc20869efac6e6ee1b5e95bc2d6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 c868873aefcae80edf257a9daeaebfb6
SHA1 6906281a0ee4034fe445274d61be94e34c94319f
SHA256 f7bce57247b0a80e6679d408467e75f1df371f57068e7c3d7548ad4a8075947c
SHA512 7eb5ecb931a44a964647ff8ebbdedd63abe1da9e7f8975d763f2809eb35ee11709e6d1a3fc6063bf47c7379341e519cd013ce021b90921ad03bf97b735b7beaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcb512b32c5fe084214580c328828771
SHA1 5c83084e09fc504bec38eeebef1e653ace8399f9
SHA256 7a9dfd4928c3c997e80854f5b925ff350782fc23dcec58f80acf34f1e70ca4e1
SHA512 6193868085576f748a1b89a3fe072394bfbe66923f3f61cfeca167bb3025bc20e51938c9fbdeea3e65b1cfde0f43d16cfe58a306414d7a6db34cbb9720a33fae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 deba738eab8ed20994a6dca565fceaab
SHA1 e5ac7a44d4d7a10594c154dbe156d002868e47f9
SHA256 c257413d50ee11f09f13239b48253d360a6a3cc11d760b8bb133d7d6654cdcbb
SHA512 1377e610eb1e37bedb713fbed994e18a9e0e612bd414752c2b78a95f973de16d911704cbcb15dcd4dc7015b736a1771b1baee0608b1891a8cb4b0d7e31a88277

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 1cd2ffa837d10dfda5bd523fb481ea2c
SHA1 87ef8e0e2e41ad41157a12083405af79eeb17145
SHA256 382c6d946095250e8a68f6d648a7ed1a42019c835d75e1e87e357a780f0a15ed
SHA512 47cf4b51e3bd83d38f375998c1686eda3d1215bbb9c6f87d36e3a9b27ef80721f515b758e90029895d1a9a090e6ae2f66580d0ac30174d21011b3f69f664c1ac

C:\Windows\Installer\MSI7C72.tmp

MD5 8e21251abe795de13e22990264b25187
SHA1 061993009beb9b86548723e1c1dfbe75ec3557bc
SHA256 77a317150fd87826c736d015f9ad2610c6f5c76e955e03002ef349a843cecef3
SHA512 eaae043e22296b00caf8bb38c7a62703bdab611940621fea7e6ef89e981739271762cd50bb4b757f76065bbd76d6c8e09fc9b1a708f4d05f43f63235e9eec017

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 7f2a15067a417da058dbb783190849c3
SHA1 e7e747329fd60a7d856ea59f35cb8efb81d56352
SHA256 8424cc10e49cc2f2e69c2295d5cf17a7769d37ce36f390849082b3ef8eb7a741
SHA512 55b40e0b9cfd4deb7aef7d3614ef46c6b00b4866a4ca6db69a5bf4d14c6644f388d4e761a8ec8e0bd2794168fd0369e0df6b50230659fc5c3f2ca95f73c543f6

C:\Windows\Installer\f767aea.msi

MD5 c9fc1b8ec8d9859dea54977a59fadf54
SHA1 dfcc96d879a6cb2beb198dda1c39662e9f91b075
SHA256 e35896c8aa6356870f7e5d3d91e81e8399919648cfef4f1a86344fe2e9649a9c
SHA512 9b38ff80bc73602c18fab3c767a4cdd7905da6c6a3cfef0a995db4d5c8358a3f405785de458e09726a0d8d52d107d8cf9945cf37ffdd662d69849da8f88eddd7

C:\Program Files (x86)\Java\jre-1.8\installer.exe

MD5 305776bbafe105f7ebfaff5eab237a5f
SHA1 87827cf3f4af1352c7910c2ffe94023fa30e8bde
SHA256 50e7021340dc4906fa473fbdccf225bd4aa2044b3f8c1ae2e40819498d47cf7e
SHA512 01fe9e0f8231b148372e7bef8e7bc5e00d5ae406d81fb7cc91812357b0b20ef0f769a37ab98d5ada38514950f6ce15992f9c65e55092712e0b3a95f688da57d5

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e6646ceefe24468017cc2b883bce351e
SHA1 5ab183cbd077d0697ea53746412e2c9d6f3dc660
SHA256 42f0095d46e871f5b6fbc4be65aa406092b1c140cb88919a0bf826e3588805b3
SHA512 611aadd329a07ea36f9d0287f6cb038763d6814047bafc8e5deb40df7a8718745e523132482c53a9fd76a81958243291311da93250a24ab3db5e106271754aa2

C:\Windows\Installer\f767aef.msi

MD5 414a1d951b1855d190fb5b7115d690b3
SHA1 542265e87b07239d5bc4c9e265dfc42568e13876
SHA256 b31be39a0dabc3977ba70ebd259573eb2dfc18a6ba0da1766d5fedd508f62521
SHA512 37cf392e52cea947c2aa06800d4eb55585a17035a4d2c73048249ea6bf6778d4b428a6f7f57646988cb4efc3ec8df09a39da41d9b56306d81387d011a9a62bd0

C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar

MD5 bb2f76b44abf8e68da78e47d005edc4f
SHA1 4601665303f17293bd7356215f5a908dabbc8b83
SHA256 974ecb74b9c16f79f90663957f235b1115e9466344ea2397d4dfff71d4745767
SHA512 3807095c822684b06110fe277308d3df7fcdfbd86a19eff2d7212a55a32ebbbd4d31ce06a356ef59f365302068ac518ef5ba733463606a213cb57091621f70ac

\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

MD5 068c7ef03cec255b4e879775c3756e6d
SHA1 e5651b9f2b1f392e39d5352578e15bb35a9dc39f
SHA256 fc9471d147617096169a554bc57b8453f31ef29a365754f73440174d6a668e44
SHA512 2613fc77407b7fe36945502ab09287f26968b59a56c64446f3cd793d8ddef736388e8708ee4fd4cc285dd6946ae8394033b52f6cbf39b08d24e5d9aa2c6a1d42

\Program Files (x86)\Java\jre-1.8\bin\java.dll

MD5 b27b6b80c294025d74a3a2601d51022c
SHA1 19f0881e9c1acba57618f8e44c7742bb02d2ce81
SHA256 6d25986ad2337eb1ab87d69015513016b4d07bc3fd72c357c0df770686cd1d98
SHA512 6ff9d2bc8a063a540a02bf8aa498ceb04eb136675475d611b8ca0b065dbbd39b5fd6fb4fb82f251c11d2a3f393d8c4bb76de04cbd92351a0f4d58d8ed88c896a

C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 4da67feefeb86b58a20b3482b93285b3
SHA1 6cd7f344d7ca70cf983caddb88ff6baa40385ef1
SHA256 3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d
SHA512 b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 3979437d6817cdf82da474c8a1eefb0d
SHA1 5e96fe40993acbc7c2e9a104d51a728950ad872e
SHA256 3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10
SHA512 4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

\Program Files (x86)\Java\jre-1.8\bin\ucrtbase.dll

MD5 126fb99e7037b6a56a14d701fd27178b
SHA1 0969f27c4a0d8270c34edb342510de4f388752cd
SHA256 10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa
SHA512 d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 047c779f39ebb4f57020cd5b6fb2d083
SHA1 440077fc83d1c756fe24f9fb5eae67c5e4abd709
SHA256 078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc
SHA512 95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

\Program Files (x86)\Java\jre-1.8\bin\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll

MD5 8b644baae269e2516afceb3ffb167ca8
SHA1 cb6712b88bd8fe8318afe79acabbbb573f99a949
SHA256 ced61209193fb4347a5e36b160b635efcbee47be35effd1340d77e469d04c2fd
SHA512 bf370fa1490ef42d29e4faaaafd4c2b1ada1d52aadbbe189b08c0d5b3226252a6263379a3dccee9976fcaba1d3f5c4354725d23cea5f354456a80bc0979602c4

C:\Program Files (x86)\Java\jre-1.8\lib\i386\jvm.cfg

MD5 9aef14a90600cd453c4e472ba83c441f
SHA1 10c53c9fe9970d41a84cb45c883ea6c386482199
SHA256 9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1
SHA512 481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

memory/2748-819-0x0000000002410000-0x0000000004410000-memory.dmp

memory/2748-823-0x00000000001E0000-0x00000000001E1000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 7e825dd3d87ec6b1c50f104299bcb5f3
SHA1 730166045454c2b000c6a6dd15a69d181a1d244b
SHA256 751b4c7e4840e6a19d0b5ce00a1988fe1b8dbed6b7aeba0dbe4afd829a410e4c
SHA512 27da5b40161286d8c621a5b59ab00218a059f52cd28f5e8d88e6432e74fd7321957c670e95b10dc539fbf53e13d32a8676e00c06ad118f6bd0620092453fdaab

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 64a340bbad2f9ce90f8ab2fdb2ef62fa
SHA1 4681841549531121667fba84f2bf59d59f4803bc
SHA256 8238413052fc85c62f25bfb01e14a18b43d93dc1dd269c95538e209c22fb795d
SHA512 1c5a1e101287569db207dcfbfd5a0d479aba7fc7e0c03647fcc80249480972340cbf0c059ccdf889d2c1402117639a1b265bd1650d3228fdd96c963739510e89

memory/3032-983-0x00000000028E0000-0x00000000028E1000-memory.dmp

memory/2268-992-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-995-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-999-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1014-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1015-0x00000000002B0000-0x00000000002B1000-memory.dmp

memory/2268-1018-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1025-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1029-0x00000000002B0000-0x00000000002B1000-memory.dmp

memory/2268-1031-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1032-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1033-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1034-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1035-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1036-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1037-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1038-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1039-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1040-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1041-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1042-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1043-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1044-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1045-0x0000000002A30000-0x0000000004A30000-memory.dmp

memory/2268-1046-0x0000000002A30000-0x0000000004A30000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/2268-1089-0x00000000002B0000-0x00000000002B1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-22 03:27

Reported

2024-03-22 03:30

Platform

win10v2004-20231215-en

Max time kernel

88s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\JavaSetup8u401.exe"

C:\Users\Admin\AppData\Local\Temp\jds240604140.tmp\JavaSetup8u401.exe

"C:\Users\Admin\AppData\Local\Temp\jds240604140.tmp\JavaSetup8u401.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 104.84.88.195:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 195.88.84.104.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 javadl.oracle.com udp
GB 104.103.251.196:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 8.8.8.8:53 196.251.103.104.in-addr.arpa udp
GB 23.44.232.84:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 84.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 552cf4e633511c0f22b5749db08025a0
SHA1 f67ead38d06ad1448adcb9a2df57130e9ec02047
SHA256 46ab12242b97bca4f30ac87a3ad5c9259526eb469c0ca65cbcce0f6e8d803cb0
SHA512 9aea530a7151e7a1f83af7bca3cd69810895f330df4fcdebaeee39a169fcea52b3781a735444837857251a2a54d4c85d3d9d0e9d4b4058e26c0697981054c6ca

C:\Users\Admin\AppData\Local\Temp\jds240604140.tmp\JavaSetup8u401.exe

MD5 24ca1c45b2830c06a9bd61e0158d9953
SHA1 d18e796dcf31fc4f8a176f80f4140b7e128718ca
SHA256 0e6c46fc45d9a7a8ddd13f67ee05cde85212c8391a09c917aceb375c26adccdf
SHA512 5171c318fb069f82e14c1a73b4e011e846b1dabab5e8b8cbdb1d830e7a98a5c3af25e2bdb9172e512ba560a04fcb8311e10c3c42e17536fdec345a400d4174d9

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 72c0b09a42ff05ed63b7f423c2ab3e32
SHA1 06a1ddceac1091ccb6fc655f58a7997c3947153a
SHA256 30f88f5386619d0a1d5204476d3cf2bf2021acbaf3abc90c4ed8f79b02ab1945
SHA512 96b3151191368ca80086a5d8ed9a1d7d9ae6bc8e7c297649bf30a396ed704fb79cebf33f658ec81c0aff715ace9607b841be5f42f1b8d30de68c73fad4a19ed5